Bump the cargo group across 1 directory with 3 updates

[dependabot]

Bumps the cargo group with 3 updates in the / directory: tracing-forest, zip and cc.

Updates tracing-forest from 0.1.6 to 0.2.0

Commits

• See full diff in compare view

Updates zip from 4.5.0 to 4.6.0

Release notes

Sourced from zip's releases.

v4.6.0

🚀 Features

• Allow to read zip files with unsupported extended timestamps (#400)

🐛 Bug Fixes

• enable clamp_opt for ppmd and xz (#401)

Changelog

Sourced from zip's changelog.

4.6.0 - 2025-08-30

🚀 Features

• Allow to read zip files with unsupported extended timestamps (#400)

🐛 Bug Fixes

• enable clamp_opt for ppmd and xz (#401)

Commits

• 54c634b chore: release v4.6.0 (#403)
• 5373800 fix: enable clamp_opt for ppmd and xz (#401)
• 4f42faf feat: Allow to read zip files with unsupported extended timestamps (#400)
• 1e8a408 chore(deps): update nt-time requirement from 0.10.6 to 0.12.1 (#387)
• See full diff in compare view

Updates cc from 1.2.34 to 1.2.35

Changelog

Sourced from cc's changelog.

1.2.35 - 2025-09-01

Fixed

• fix building for aarch64-apple-visionos-sim on nightly (#1534)
• fix tests apple_sdkroot_wrong (#1530)

Other

• Regenerate target info (#1536)
• Optimize Tool::to_command (#1535)
• Extract find-msvc-tools (#1531)
• Add prefer_clang_cl_over_msvc (#1516)

Commits

• 9b4389c chore(cc): release v1.2.35 (#1533)
• 36948ab Fix semver-checks: Add back functino windows_registry::find (#1539)
• 0a1c2a3 ci: fix crates-io trusted publishing in publish.yml (#1538)
• 6a4c4f4 ci: use trusted publishing in publish.yml (#1537)
• 0c9e396 Regenerate target info (#1536)
• 2b26463 Optimize Tool::to_command (#1535)
• 1a9c4ca fix building for aarch64-apple-visionos-sim on nightly (#1534)
• 409b35c Refactor: Extract windows-find-tools (#1531)
• 5781d3e fix tests apple_sdkroot_wrong (#1530)
• d264a7c Add prefer_clang_cl_over_msvc (#1516)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[EliahKagan]

Just like #2149, which this supersedes, this PR doesn't actually bump dependencies on tracing-forest. This lists tracing-forest as among the dependencies updated, but no change in this PR updates any tracing-forest dependency.

I don't know why it doesn't update the dependency in gitoxide itself on tracing-forest:

C:\Users\ek\source\repos\gitoxide [dependabot/cargo/cargo-f19b0f46bb ≡]> cargo update --verbose
    Updating crates.io index
     Locking 0 packages to latest compatible versions
   Unchanged getrandom v0.2.16 (available: v0.3.3)
   Unchanged imara-diff v0.1.8 (available: v0.2.0)
   Unchanged tracing-forest v0.1.6 (available: v0.2.0)

C:\Users\ek\source\repos\gitoxide [dependabot/cargo/cargo-f19b0f46bb ≡]> cargo tree --invert --package [email protected]
tracing-forest v0.1.6
└── gitoxide v0.45.0 (C:\Users\ek\source\repos\gitoxide)

But it kind of works out for now that it doesn't, since going to 0.2.0 with it would make it a good idea to checking that direct dependency to see if we have to adapt to it to preserve current behavior and/or cause the gitoxide changelog to note changing behavior. I wouldn't necessarily get to that immediately. Thus, for now, I think we can merge this.