Bump the cargo group across 1 directory with 4 updates
Type: Pull Request
State: Open
![dependabot[bot]](https://github.com/dependabot.png)
Association: Contributor
Comments: 0
(27 days ago)
(27 days ago)
🤖 dependabot
Bumps the cargo group with 4 updates in the / directory: clap, config, tracing-subscriber and insta.
Updates clap
from 4.5.46 to 4.5.47
Release notes
Sourced from clap's releases.
v4.5.47
[4.5.47] - 2025-09-02
Features
- Added
impl FromArgMatches for ()
- Added
impl Args for ()
- Added
impl Subcommand for ()
- Added
impl FromArgMatches for Infallible
- Added
impl Subcommand for Infallible
Fixes
- (derive) Update runtime error text to match
clap
Changelog
Sourced from clap's changelog.
[4.5.47] - 2025-09-02
Features
- Added
impl FromArgMatches for ()
- Added
impl Args for ()
- Added
impl Subcommand for ()
- Added
impl FromArgMatches for Infallible
- Added
impl Subcommand for Infallible
Fixes
- (derive) Update runtime error text to match
clap
Commits
f046ca6
chore: Release436949d
docs: Update changelog1ddab84
Merge pull request #5954 from epage/tests8a66dbf
test(complete): Add more native cases76465cf
test(complete): Make things more consistent232cedb
test(complete): Remove redundant index02244a6
Merge pull request #5949 from krobelus/option-name-completions-after-positionals2e13847
fix(complete): Missing options in multi-val arg74388d7
test(complete): Multi-valued, unbounded positional5b3d45f
refactor(complete): Extract function for options- Additional commits viewable in compare view
Updates config
from 0.15.14 to 0.15.15
Changelog
Sourced from config's changelog.
[0.15.15] - 2025-08-29
Fixes
- (json5) Correctly deserialize
null
(regressed in 0.15.14)
Commits
3931f4c
chore: Release config version 0.15.151e85483
docs: Update changelog63ef7c7
fix(format): Correctly deserialize json5 (#690)ea823c1
fix(format): Correctly deserialize json5b4bc68f
test(format): Verify null where supported35bafb9
refactor(file): Minor clean up to file discovery (#688)e6e3fcf
fix(file): Switch error to user-facing termsdaf02c8
refactor(file): Clarify we are dealing with a path, not a namefd28355
refactor(format): Simplify extension mappingb154785
refactor(file): Pull out extension lookup- Additional commits viewable in compare view
Updates tracing-subscriber
from 0.3.19 to 0.3.20
Release notes
Sourced from tracing-subscriber's releases.
tracing-subscriber 0.3.20
Security Fix: ANSI Escape Sequence Injection (CVE-TBD)
Impact
Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:
- Manipulate terminal title bars
- Clear screens or modify terminal display
- Potentially mislead users through terminal manipulation
In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.
Solution
Version 0.3.20 fixes this vulnerability by escaping ANSI control characters in when writing events to destinations that may be printed to the terminal.
Affected Versions
All versions of tracing-subscriber prior to 0.3.20 are affected by this vulnerability.
Recommendations
Immediate Action Required: We recommend upgrading to tracing-subscriber 0.3.20 immediately, especially if your application:
- Logs user-provided input (form data, HTTP headers, query parameters, etc.)
- Runs in environments where terminal output is displayed to users
Migration
This is a patch release with no breaking API changes. Simply update your Cargo.toml:
[dependencies] tracing-subscriber = "0.3.20"
Acknowledgments
We would like to thank zefr0x who responsibly reported the issue at
security@tokio.rs
.If you believe you have found a security vulnerability in any tokio-rs project, please email us at
security@tokio.rs
.
Commits
4c52ca5
fmt: fix ANSI escape sequence injection vulnerability (#3368)f71cebe
subscriber: impl Clone for EnvFilter (#3360)3a1f571
Fix CI (#3361)e63ef57
chore: prepare tracing-attributes 0.1.30 (#3316)6e59a13
attributes: fix tracing::instrument regression around shadowing (#3311)e4df761
tracing: update core to 0.1.34 and attributes to 0.1.29 (#3305)643f392
chore: prepare tracing-attributes 0.1.29 (#3304)d08e7a6
chore: prepare tracing-core 0.1.34 (#3302)6e70c57
tracing-subscriber: count numbers of enters inTimings
(#2944)c01d4fd
fix docs and enable CI onmain
branch (#3295)- Additional commits viewable in compare view
Updates insta
from 1.43.1 to 1.43.2
Release notes
Sourced from insta's releases.
1.43.2
Release Notes
- Fix panics when
cargo metadata
fails to execute or parse (e.g., when cargo is not in PATH or returns invalid output). Now falls back to using the manifest directory as the workspace root. #798 (@​adriangb
)- Fix clippy
uninlined_format_args
lint warnings. #801- Changed diff line numbers to 1-based indexing. #799
- Preserve snapshot names with
INSTA_GLOB_FILTER
. #786- Bumped
libc
crate to0.2.174
, fixing building on musl targets, and increasing the MSRV ofinsta
to1.64.0
(released Sept 2022). #784- Fix clippy 1.88 errors. #783
- Fix source path in snapshots for non-child workspaces. #778
- Add lifetime to Selector in redaction iterator. #779
Install cargo-insta 1.43.2
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.43.2/cargo-insta-installer.sh | sh
Install prebuilt binaries via powershell script
powershell -ExecutionPolicy ByPass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.43.2/cargo-insta-installer.ps1 | iex"
Download cargo-insta 1.43.2
File Platform Checksum cargo-insta-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum cargo-insta-x86_64-apple-darwin.tar.xz Intel macOS checksum cargo-insta-x86_64-pc-windows-msvc.zip x64 Windows checksum cargo-insta-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum cargo-insta-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum
Changelog
Sourced from insta's changelog.
1.43.2
- Fix panics when
cargo metadata
fails to execute or parse (e.g., when cargo is not in PATH or returns invalid output). Now falls back to using the manifest directory as the workspace root. #798 (@​adriangb
)- Fix clippy
uninlined_format_args
lint warnings. #801- Changed diff line numbers to 1-based indexing. #799
- Preserve snapshot names with
INSTA_GLOB_FILTER
. #786- Bumped
libc
crate to0.2.174
, fixing building on musl targets, and increasing the MSRV ofinsta
to1.64.0
(released Sept 2022). #784- Fix clippy 1.88 errors. #783
- Fix source path in snapshots for non-child workspaces. #778
- Add lifetime to Selector in redaction iterator. #779
Commits
01fc57f
Fix Windows runner configuration for releases88c9a2f
Prepare CHANGELOG for 1.43.2 release (#802)d03c2a6
Improve error handling for cargo workspace detection (#800)55987ac
Fix clippy uninlined_format_args lint warnings (#801)ae26e81
Change diff line numbers to 1-based indexing (#799)26efb60
Release insta 1.43.2 (#791)7793782
Preserve snapshot names with INSTA_GLOB_FILTER (#786)1d6e0c7
chore: bump libc crate (#784)1a17ea9
chore: fix clippy 1.88 errors (#783)7d0de48
Fix source path in snapshots for non-child workspaces (#778)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions
Pull Request Statistics
1
1
+24
-80
Package Dependencies
Technical Details
ID: | 7005386 |
UUID: | 2801636474 |
Node ID: | PR_kwDONZLcv86m_ZR6 |
Host: | GitHub |
Repository: | joshuadavidthomas/django-language-server |
Merge State: | Unknown |