build(deps): bump the cargo group across 1 directory with 11 updates

[dependabot]

Bumps the cargo group with 10 updates in the / directory:

Package	From	To
anyhow	1.0.99	1.0.100
clap	4.5.47	4.5.50
regex	1.11.2	1.12.2
reqwest	0.12.23	0.12.24
serde	1.0.224	1.0.228
tokio	1.47.1	1.47.2
tempfile	3.22.0	3.23.0
pyo3	0.26.0	0.27.1
napi	3.3.0	3.4.0
napi-derive	3.2.5	3.3.0

Updates anyhow from 1.0.99 to 1.0.100

Release notes

Sourced from anyhow's releases.

1.0.100

• Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)

Commits

• 18c2598 Release 1.0.100
• f271988 Merge pull request #426 from dtolnay/clippyfmt
• 52f2115 Mark macros with clippy::format_args
• da5fd9d Raise minimum tested compiler to rust 1.76
• 211e409 Opt in to generate-macro-expansion when building on docs.rs
• b48fc02 Enforce trybuild >= 1.0.108
• d5f59fb Update ui test suite to nightly-2025-09-07
• 238415d Update ui test suite to nightly-2025-08-24
• 3bab070 Update actions/checkout@v4 -> v5
• 4249254 Order cap-lints flag in the same order as thiserror build script
• See full diff in compare view

Updates clap from 4.5.47 to 4.5.50

Release notes

Sourced from clap's releases.

v4.5.50

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

v4.5.48

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

Changelog

Sourced from clap's changelog.

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

[4.5.49] - 2025-10-13

Fixes

• (help) Correctly wrap when ANSI escape codes are present

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

Commits

• d8acd47 chore: Release
• 7c2b8d9 docs: Update changelog
• e69a2ea Merge pull request #5987 from mernen/fix-bash-comp-words-loop
• e03cc2e Merge pull request #5988 from cordx56/fix-builder-custom-version-docs
• 5ab2579 fix: Minor fix for builder docs about version
• 2f66432 fix(complete): Only parse arguments before current
• 4d9d210 test(complete): Illustrate current behavior in Bash
• 6abe2f8 chore: Release
• d5c7454 docs: Update changelog
• 5b2e960 Merge pull request #5985 from mernen/bash-cur
• Additional commits viewable in compare view

Updates regex from 1.11.2 to 1.12.2

Changelog

Sourced from regex's changelog.

1.12.2 (2025-10-13)

This release fixes a cargo doc breakage on nightly when --cfg docsrs is enabled. This caused documentation to fail to build on docs.rs.

Bug fixes:

• [BUG #1305](rust-lang/regex#1305): Switches the doc_auto_cfg feature to doc_cfg on nightly for docs.rs builds.

1.12.1 (2025-10-10)

This release makes a bug fix in the new regex::Captures::get_match API introduced in 1.12.0. There was an oversight with the lifetime parameter for the Match returned. This is technically a breaking change, but given that it was caught almost immediately and I've yanked the 1.12.0 release, I think this is fine.

1.12.0 (2025-10-10)

This release contains a smattering of bug fixes, a fix for excessive memory consumption in some cases and a new regex::Captures::get_match API.

Improvements:

• [FEATURE #1146](rust-lang/regex#1146): Add Capture::get_match for returning the overall match without unwrap().

Bug fixes:

• [BUG #1083](rust-lang/regex#1083): Fixes a panic in the lazy DFA (can only occur for especially large regexes).
• [BUG #1116](rust-lang/regex#1116): Fixes a memory usage regression for large regexes (introduced in regex 1.9).
• [BUG #1195](rust-lang/regex#1195): Fix universal start states in sparse DFA.
• [BUG #1295](rust-lang/regex#1295): Fixes a panic when deserializing a corrupted dense DFA.
• BUG 8f5d9479: Make regex_automata::meta::Regex::find consistently return None when WhichCaptures::None is used.

1.11.3 (2025-09-25)

This is a small patch release with an improvement in memory usage in some cases.

... (truncated)

Commits

• 5ea3eb1 1.12.2
• ab0b071 regex-automata-0.4.13
• 691d514 regex-syntax-0.8.8
• 1dd9077 docs: swap doc_auto_cfg with doc_cfg
• 0089034 regex-cli-0.2.3
• 140f894 regex-lite-0.1.8
• 27d6d65 1.12.1
• 85398ad changelog: 1.12.1
• 764efbd api: tweak the lifetime of Captures::get_match
• ee6aa55 rure-0.2.4
• Additional commits viewable in compare view

Updates reqwest from 0.12.23 to 0.12.24

Release notes

Sourced from reqwest's releases.

v0.12.24

Highlights

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

What's Changed

• build(deps): silence unused deps in WASM build by @​0x676e67 in seanmonstar/reqwest#2799
• perf(util): avoid extra copy when base64 encoding by @​0x676e67 in seanmonstar/reqwest#2805
• docs: fix method name in changelog entry by @​johannespfrang in seanmonstar/reqwest#2807
• chore: Align the name usage of TotalTimeout by @​Xuanwo in seanmonstar/reqwest#2657
• refactor(cookie): add CookieService by @​linyihai in seanmonstar/reqwest#2787
• Fixes typo in retry max_retries_per_request doc comment re 2813 by @​dmackinn in seanmonstar/reqwest#2824
• test(multipart): fix build failure with no-default-features by @​0x676e67 in seanmonstar/reqwest#2801
• refactor(cookie): avoid duplicate cookie insertion by @​0x676e67 in seanmonstar/reqwest#2834

New Contributors

• @​johannespfrang made their first contribution in seanmonstar/reqwest#2807
• @​dmackinn made their first contribution in seanmonstar/reqwest#2824

Full Changelog: seanmonstar/reqwest@v0.12.23...v0.12.24

Changelog

Sourced from reqwest's changelog.

v0.12.24

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

Commits

• b126ca4 v0.12.24
• 4023493 refactor: change fast_random from xorshift to siphash a counter
• fd61bc9 refactor(cookie): avoid duplicate cookie insertion (#2834)
• 0bfa526 test(multipart): fix build failure with no-default-features (#2801)
• 994b8a0 docs: typo in retry max_retries_per_request (#2824)
• da0702b refactor(cookie): de-duplicate cookie support as CookieService middleware (...
• 7ebddea chore: align internal name usage of TotalTimeout (#2657)
• b540a4e chore(readme): use correct CI status badge
• e4550c4 docs: fix method name in changelog entry (#2807)
• f4694a2 perf(util): avoid extra copy when base64 encoding (#2805)
• Additional commits viewable in compare view

Updates serde from 1.0.224 to 1.0.228

Release notes

Sourced from serde's releases.

v1.0.228

• Allow building documentation with RUSTDOCFLAGS='--cfg=docsrs' set for the whole dependency graph (#2995)

v1.0.227

• Documentation improvements (#2991)

v1.0.226

• Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (#2935, thanks @​Mingun)

v1.0.225

• Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains its own deprecations (#2879, thanks @​rcrisanti)

Commits

• a866b33 Release 1.0.228
• 5adc9e8 Merge pull request #2995 from dtolnay/rustdocflags
• ab58178 Workaround for RUSTDOCFLAGS='--cfg=docsrs'
• 415d9fc Release 1.0.227
• 7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc
• 9d3410e Merge pull request #2992 from dtolnay/inplaceseed
• 2fb6748 Remove InPlaceSeed public re-export
• f8137c7 Inline serde_core into serde in docsrs mode
• b7dbf7e Merge pull request #2990 from dtolnay/integer128
• 7c83691 No longer macro_use integer128 module
• Additional commits viewable in compare view

Updates tokio from 1.47.1 to 1.47.2

Commits

• 3762a6a chore: prepare Tokio v1.47.2 (#7681)
• 07f6cc7 macros: fix the hygiene issue of join! and try_join! (#7638)
• 308e3e6 ci: add lockfile for LTS branch
• 5a1879c Merge 'tokio-1.43.3' into 'tokio-1.47.x'
• de6ef21 chore: prepare Tokio v1.43.3
• 90551d2 deps: bump the locked slap to 0.4.11
• bd4c3dd deps: bump the locked tracing-subscriber to 0.3.20
• 49b3318 process: fix error when runtime is shut down on nightly-2025-10-12 (#7672)
• da292df sync: close the broadcast::Sender in broadcast::Sender::new() (#7629)
• b9feac8 runtime: use release in wake_by_ref() even if already woken (#7622)
• Additional commits viewable in compare view

Updates tempfile from 3.22.0 to 3.23.0

Changelog

Sourced from tempfile's changelog.

3.23.0

• Remove need for the "nightly" feature to compile with "wasip2".

Commits

• fe9f4a3 chore: release v3.23.0 (#381)
• 006c3fd fix: use std::os::fd instead of std::os::wasi (#380)
• b0e6309 doc: Update COPYRIGHT link (#377)
• 2d6fc3f Fix formatting in Builder::disable_cleanup documentation (#375)
• See full diff in compare view

Updates pyo3 from 0.26.0 to 0.27.1

Release notes

Sourced from pyo3's releases.

PyO3 0.27.1

This release fixes a clippy lint regression in PyO3 0.27.0, and exposes the PySendResult type (the return value from Bound<PyIterator>::send).

Thank you to the following contributors for the improvements:

@​alex @​davidhewitt @​reaperhulk @​tpoliaw

PyO3 0.27.0

This release is the first PyO3 release to be tested against Python 3.14.0 final. There are no significant changes to 3.14 support since PyO3 0.26 which was tested against the 3.14 release candidates.

Support for PyPy 3.9 and PyPy 3.10 (both no longer supported upstream) has been dropped.

The FromPyObject trait has been reworked in a similar fashion to the IntoPyObject trait introduced in PyO3 0.23. This has established a performant and flexible implementation of both these traits and no further changes to the traits are anticipated in the future. Thank you for the patience upgrading through these incremental improvements at the core of PyO3.

The .downcast() family of functions are now deprecated in favour of the .cast() family of functions, which are an incremental improvement to API usability and to error messages on failed conversions.

Operations on the PyCapsule type have been changed without deprecation to fix some issues with lifetimes of return values (in .name() and .reference() specifically). The capsule API now also encourages checking of capsule names, which is one of the few defences available to protect the validity of casting data read by the capsule API.

There are also many other incremental improvements, bug fixes and smaller features.

Please consult the migration guide for help upgrading.

Thank you to everyone who contributed code, documentation, design ideas, bug reports, and feedback. The following contributors' commits are included in this release:

@​alex @​altendky @​bazaah @​bschoenmaeckers @​crepererum @​davidhewitt @​dependabot[bot] @​elbaro @​Icxolu @​jqnatividad @​mbrobbel @​NilsIrl @​rvben @​sanders41 @​tdyas @​Tpt @​vvsagar

Changelog

Sourced from pyo3's changelog.

[0.27.1] - 2025-10-21

Fixed

• Fix clippy:declare_interior_mutable_const warning from #[pyfunction]. #5538
• Expose pyo3::types::PySendResult in public API. #5539

[0.27.0] - 2025-10-19

Packaging

• Extend range of supported versions of hashbrown optional dependency to include version 0.16. #5428
• Bump optional num-bigint dependency minimum version to 0.4.4. #5471
• Test against Python 3.14 final release. #5499
• Drop support for PyPy 3.9 and 3.10. #5516
• Provide a better error message when building an outdated PyO3 for a too-new Python version. #5519

Added

• Add FromPyObjectOwned as convenient trait bound for FromPyObject when the data is not borrowed from Python. #4390
• Add Borrowed::extract, same as PyAnyMethods::extract, but does not restrict the lifetime by deref. #4390
• experimental-inspect: basic support for #[derive(IntoPyObject)] (no struct fields support yet). #5365
• experimental-inspect: support #[pyo3(get, set)] and #[pyclass(get_all, set_all)]. #5370
• Add PyTypeCheck::classinfo_object that returns an object that can be used as parameter in isinstance or issubclass. #5387
• Implement PyTypeInfo on datetime.* types even when the limited API is enabled. #5388
• Implement PyTypeInfo on PyIterator, PyMapping and PySequence. #5402
• Implement PyTypeInfo on PyCode when using the stable ABI. #5403
• Implement PyTypeInfo on PyWeakrefReference when using the stable ABI. #5404
• Add pyo3::sync::RwLockExt trait, analogous to pyo3::sync::MutexExt for readwrite locks. #5435
• Add PyString::from_bytes. #5437
• Implement AsRef<[u8]> for PyBytes. #5445
• Add CastError and CastIntoError. #5468
• Add PyCapsuleMethods::pointer_checked and PyCapsuleMethods::is_valid_checked. #5474
• Add Borrowed::cast, Borrowed::cast_exact and Borrowed::cast_unchecked. #5475
• Add conversions for jiff::civil::ISOWeekDate. #5478
• Add conversions for &Cstr, Cstring and Cow<Cstr>. #5482
• add #[pyclass(skip_from_py_object)] option, to opt-out of the FromPyObject: PyClass + Clone blanket impl. #5488
• Add PyErr::add_note. #5489
• Add FromPyObject impl for Cow<Path> & Cow<OsStr>. #5497
• Add #[pyclass(from_py_object)] pyclass option, to opt-in to the extraction of pyclasses by value (requires Clone). #5506

Changed

• Rework FromPyObject trait for flexibility and performance: #4390
  • Add a second lifetime to FromPyObject, to allow borrowing data from Python objects (e.g. &str from Python str).
  • Replace extract_bound with extract, which takes Borrowed<'a, 'py, PyAny>.
• Optimize FromPyObject implementations for Vec<u8> and [u8; N] from bytes and bytearray. #5244
• Deprecate #[pyfn] attribute. #5384
• Fetch type name dynamically on cast errors instead of using PyTypeCheck::NAME. #5387
• Deprecate PyTypeCheck::NAME in favour of PyTypeCheck::classinfo_object which provides the type information at runtime. #5387

... (truncated)

Commits

• 9fbcf7c release: 0.27.1
• fdfddc8 Expose types::iterator::PySendResult in types module (#5539)
• a09540b update MSRV shields.io badge (#5540)
• 1e6db53 fixes #5537 -- silence a clippy warning on rust 1.83 (#5538)
• 7525512 release: 0.27.0 (#5520)
• b392013 ci: install lychee stable using install-action (#5528)
• f32ed83 fix PyPyModule_ExecDef, PyPyModule_FromDefAndSpec2 definitions (#5529)
• 02b54eb make warning name distinct in warnings tests (#5532)
• 999ee8a ci: enable more tests on 3.14t (#5524)
• 8f669e7 attempt to improve unsupported Python version error (#5519)
• Additional commits viewable in compare view

Updates napi from 3.3.0 to 3.4.0

Release notes

Sourced from napi's releases.

napi-v3.4.0

Added

• (napi) add on_abort for AbortSignal (#2942)
• (cli) add support for loongarch64-unknown-linux-gnu (#2887)

Fixed

• (napi) stop ref error object in wasm targets (#2975)
• (deps) update rust crate ctor to v0.6.0 (#2951)
• (napi) cleanup memory issues (#2949)
• (napi) node_api_create_external_string_utf16 on wasm (#2912)

Other

• (napi) bump rust-version (#2966)

Commits

• 0db7ceb chore: release (#2913)
• d9498f5 fix(napi): stop ref error object in wasm targets (#2975)
• 2389a73 chore(release): publish
• 657aab3 chore(deps): update vitest monorepo to v4 (major) (#2971)
• 13cb9dc feat(cli): resolve command from args (#2973)
• 4c5bf78 test: re-enable worker_threads tests on Windows (#2974)
• 01485ff fix(napi): do not invoke process.report on Windows (#2972)
• 694db41 feat(napi-derive): add discriminant_case to allow changing case of discrimi...
• 42eb087 chore(deps): update dependency vite to v7.1.11 [security] (#2967)
• b453673 fix(cli): correct OpenHarmony SDK path detection logic (#2963)
• Additional commits viewable in compare view

Updates napi-derive from 3.2.5 to 3.3.0

Release notes

Sourced from napi-derive's releases.

napi-derive-v3.3.0

Added

• (napi-derive) add discriminant_case to allow changing case of discriminant (#2960)

Fixed

• (deps) update rust crate ctor to v0.6.0 (#2951)

Other

• (napi) bump rust-version (#2966)

Commits

• 0db7ceb chore: release (#2913)
• d9498f5 fix(napi): stop ref error object in wasm targets (#2975)
• 2389a73 chore(release): publish
• 657aab3 chore(deps): update vitest monorepo to v4 (major) (#2971)
• 13cb9dc feat(cli): resolve command from args (#2973)
• 4c5bf78 test: re-enable worker_threads tests on Windows (#2974)
• 01485ff fix(napi): do not invoke process.report on Windows (#2972)
• 694db41 feat(napi-derive): add discriminant_case to allow changing case of discrimi...
• 42eb087 chore(deps): update dependency vite to v7.1.11 [security] (#2967)
• b453673 fix(cli): correct OpenHarmony SDK path detection logic (#2963)
• Additional commits viewable in compare view

Updates napi-build from 2.2.3 to 2.2.4

Release notes

Sourced from napi-build's releases.

napi-build-v2.2.4

Fixed

• (build) export emnapi_thread_crashed (#2920)

Other

• (napi) bump rust-version (#2966)

Commits

• 0db7ceb chore: release (#2913)
• d9498f5 fix(napi): stop ref error object in wasm targets (#2975)
• 2389a73 chore(release): publish
• 657aab3 chore(deps): update vitest monorepo to v4 (major) (#2971)
• 13cb9dc feat(cli): resolve command from args (#2973)
• 4c5bf78 test: re-enable worker_threads tests on Windows (#2974)
• 01485ff fix(napi): do not invoke process.report on Windows (#2972)
• 694db41 feat(napi-derive): add discriminant_case to allow changing case of discrimi...
• 42eb087 chore(deps): update dependency vite to v7.1.11 [security] (#2967)
• b453673 fix(cli): correct OpenHarmony SDK path detection logic (#2963)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.87%. Comparing base (1e24cbc) to head (8960a25).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #202   +/-   ##
=======================================
  Coverage   96.87%   96.87%           
=======================================
  Files          14       14           
  Lines        3131     3131           
=======================================
  Hits         3033     3033           
  Misses         98       98           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.