Skip to content

Bump the major group with 3 updates #1285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the major group with 3 updates #1285

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 23, 2025
edited
Loading

Bumps the major group with 3 updates: colored_json, oauth2 and pulldown-cmark-to-cmark.

Updates colored_json from 4.1.0 to 5.0.0

Release notes

Sourced from colored_json's releases.

v5.0.0

What's Changed

New Contributors

Full Changelog: ctron/colored_json@v4.1.0...v5.0.0

Commits
  • 962ed17 chore: uptick version to 5.0.0
  • 292c730 ci: update github action
  • bda186f refactor: align nil values with jq
  • baaecc3 feat: support NO_COLOR env-var
  • 22a3936 chore: remove one more enable_support_call in the tests
  • ce753a5 feat: bump yansi to 1, remove enable_ansi_support
  • See full diff in compare view

Updates oauth2 from 4.4.2 to 5.0.0

Release notes

Sourced from oauth2's releases.

5.0.0

Refer to the Upgrade Guide for tips on how to upgrade from 4.x.

Changes since 5.0.0-rc.1

Bug Fixes

  • Improve HttpClientError::Reqwest error message (9a2b746)

Full Changelog: ramosbugs/oauth2-rs@5.0.0-rc.1...5.0.0

Summary of changes since 4.4.2

Breaking Changes

  • Replace TokenResponse generic with associated type (30ced325da24312c4e6b9d802adcb36a88594353)
  • Return impl Future instead of Pin<Box<dyn Future>> to fix Send/Sync bounds (6e583bd03203e42ef712fc90edb57cf5a389f9b7)
  • Bump http to 1.0 and reqwest to 0.12 (408ecab500158145bf249e78a73a8010933bb0e2)
  • Add conditional typestates (replacing Boolean typestates from 5.0.0-alpha.1) (85ea4700e1ad8a3efef7aa78660fd0056d9b46e6)
  • Consolidate HTTP client errors into oauth2::HttpClientError and flatten exports (e.g., oauth2::reqwest instead of oauth2::reqwest::reqwest) (4391eed01c26c3e9e9fd5a14d90f111a02636a4c)
  • reqwest: Migrate to shared Error type and use thiserror's From impl by @​MarijnS95 (#238)
  • Bump MSRV to 1.65 and institute a policy supporting Rust releases going back at least 6 months (same policy as openidconnect crate) (576f8096914c7da82a5cd8c2253d47541697aa6a)
  • Improve Display output of RequestTokenError::ServerResponse (96c6f9b17b5fdea98a6a7b84bec8e420671342eb)
  • Track Client endpoints statically via typestates (1d1f4d17ecdf2a3feb565eb1789cc8649cac7705)
  • Refactor crate into smaller private modules and make devicecode and revocation modules private (9d8f11addf819134f15c6d7f03276adb3d32e80b)
  • Add reqwest-blocking feature (da7d1c51ccfac95b25af67d2e725ae510d185f5b)
  • Rename URI/URL getters and setters (4d55c26ad6e233d8f23b4514fe743d365a5a432f)
  • Add AsyncHttpClient and SyncHttpClient traits (23b952b23e6069525bc7e4c4f2c4924b8d28ce3a)

New Features

  • Implement SecretType::into_secret (#272)
  • Add timing-resistant-secret-traits feature for PartialEq/Hash by @​kate-shine (ramosbugs/oauth2-rs#232)
  • Derive Eq for types that already derive PartialEq (b19ad89262af501f53c1b82015046506834c98e9)
  • Implement From instead of Into for newtypes (d9402c42767b35a4c05bc4db3780b1df115b7b24)
  • Implement Display trait for URL types (8bd0ff1e0339c0945871552210b300c05e89c519)

Bug Fixes

  • Improve HttpClientError::Reqwest error message (9a2b746)
  • Accept null device code interval (#278)
  • Ignore async token revocation response body (#282)
  • Derive Clone and Debug for EndpointState types (#263)

Other Changes

  • Inline format args (#270)
  • Update dev dependencies (#285)
  • Remove defunct sponsorship from README
  • Remove client secret from implicit flow example (#286)
  • Use --locked on MSRV build in CI
  • Allow base64 0.21 or 0.22 (#261)
  • Bump base64 to 0.21 (db0ea44657bd6c1130b83ce135ac2691ba091fad)
  • Set minimum version of chrono to 0.4.31 (7b667fc29b52392f4c47c07f0923c88847951b50)
  • Mention openidconnect crate in README (7b667fc29b52392f4c47c07f0923c88847951b50)

... (truncated)

Upgrade guide

Sourced from oauth2's upgrade guide.

Upgrade Guide

Upgrading from 4.x to 5.x

The 5.0 release includes breaking changes to address several long-standing API issues, along with a few minor improvements. Consider following the tips below to help ensure a smooth upgrade process.

Upgrade Rust to 1.65 or newer

The minimum supported Rust version (MSRV) is now 1.65. Going forward, this crate will maintain a policy of supporting Rust releases going back at least 6 months. Changes that break compatibility with Rust releases older than 6 months will no longer be considered SemVer breaking changes and will not result in a new major version number for this crate. MSRV changes will coincide with minor version updates and will not happen in patch releases.

Add typestate generic types to Client

Each auth flow depends on one or more server endpoints. For example, the authorization code flow depends on both an authorization endpoint and a token endpoint, while the client credentials flow only depends on a token endpoint. Previously, it was possible to instantiate a Client without a token endpoint and then attempt to use an auth flow that required a token endpoint, leading to errors at runtime. Also, the authorization endpoint was always required, even for auth flows that do not use it.

In the 5.0 release, all endpoints are optional. Typestates are used to statically track, at compile time, which endpoints' setters (e.g., set_auth_uri()) have been called. Auth flows that depend on an endpoint cannot be used without first calling the corresponding setter, which is enforced by the compiler's type checker. This guarantees that certain errors will not arise at runtime.

In addition to unconditional setters (e.g., set_auth_uri()), each endpoint has a corresponding conditional setter (e.g., set_auth_uri_option()) that sets a conditional typestate (EndpointMaybeSet). When the conditional typestate is set, endpoints can be used via fallible methods that return Err(ConfigurationError::MissingUrl(_)) if an endpoint has not been set. This is useful in dynamic scenarios such as OpenID Connect Discovery, in which it cannot be determined until runtime whether an endpoint is configured.

There are three possible typestates, each implementing the EndpointState trait:

  • EndpointNotSet: the corresponding endpoint has not been set and cannot be used.
  • EndpointSet: the corresponding endpoint has been set and is ready to be used.
  • EndpointMaybeSet: the corresponding endpoint may have been set and can be used via fallible methods that return Result<_, ConfigurationError>.

The following code changes are required to support the new interface:

  1. Update calls to Client::new() to use the single-argument constructor (which accepts only a ClientId). Use the set_auth_uri(), set_token_uri(), and set_client_secret() methods to set the authorization endpoint,

... (truncated)

Commits
  • f3424b4 Update Cargo-1.65.lock
  • 61ec227 Bump version to 5.0.0
  • 9a2b746 Improve HttpClientError::Reqwest error message
  • 2492d69 Bump version to 5.0.0-rc.1
  • c599c12 Use --locked on MSRV build in CI
  • 03cb079 Remove client secret from implicit flow example
  • 9c41286 Update dev dependencies (#285)
  • c74aec9 Remove sponsorship from README
  • 459811d Accept null device code interval
  • 5b2ab88 Ignore token revocation response body
  • Additional commits viewable in compare view

Updates pulldown-cmark-to-cmark from 11.2.0 to 21.0.0

Release notes

Sourced from pulldown-cmark-to-cmark's releases.

v21.0.0

The breaking release is to avoid side-effects with different pulldown-cmark versions. This crate now comes with version 13.

Other

  • Adjust wording + typos

Refactor

  • Add helper to factor out newline + padding pattern When writing a newline into the generated Markdown content to start a new line of output, it is (almost) always necessary to output the "padding" characters used to indent the content at the current location in the document, based on the hierarchy of block-level elements the output cursor is "inside" of.

    Since writing a newline and writing the current padding are always paired, factoring them out into a function should help with readability and consistency in performing this minor two-step dance correctly.

Commit Statistics

  • 8 commits contributed to the release.
  • 6 days passed between releases.
  • 2 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Update changelog prior to release (475478a)
    • Bump version to 21 for pulldown-cmark 13 (ed16be5)
    • Merge pull request #99 from danieleades/cmark-13 (fb9bbd6)
    • Merge pull request #98 from ConnorGray/connorgray/refactor-1 (b47d6c9)
    • Update doc-string so State::padding is shown conventionally (e10010f)
    • Update to pulldown-cmark 13 (efbdd3a)
    • Adjust wording + typos (05e247e)
    • Add helper to factor out newline + padding pattern (2252ba1)

v20.0.1

Bug Fixes

  • definition list block indentation now works correctly.

... (truncated)

Changelog

Sourced from pulldown-cmark-to-cmark's changelog.

21.0.0 (2025-02-18)

The breaking release is to avoid side-effects with different pulldown-cmark versions. This crate now comes with version 13.

Other

  • Adjust wording + typos

Refactor

  • Add helper to factor out newline + padding pattern When writing a newline into the generated Markdown content to start a new line of output, it is (almost) always necessary to output the "padding" characters used to indent the content at the current location in the document, based on the hierarchy of block-level elements the output cursor is "inside" of.

    Since writing a newline and writing the current padding are always paired, factoring them out into a function should help with readability and consistency in performing this minor two-step dance correctly.

Commit Statistics

  • 8 commits contributed to the release.
  • 6 days passed between releases.
  • 2 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Update changelog prior to release (475478a)
    • Bump version to 21 for pulldown-cmark 13 (ed16be5)
    • Merge pull request #99 from danieleades/cmark-13 (fb9bbd6)
    • Merge pull request #98 from ConnorGray/connorgray/refactor-1 (b47d6c9)
    • Update doc-string so State::padding is shown conventionally (e10010f)
    • Update to pulldown-cmark 13 (efbdd3a)
    • Adjust wording + typos (05e247e)
    • Add helper to factor out newline + padding pattern (2252ba1)

... (truncated)

Commits
  • c1347d1 Release pulldown-cmark-to-cmark v21.0.0
  • 475478a update changelog prior to release
  • ed16be5 bump version to 21 for pulldown-cmark 13
  • fb9bbd6 Merge pull request #99 from danieleades/cmark-13
  • b47d6c9 Merge pull request #98 from ConnorGray/connorgray/refactor-1
  • e10010f Update doc-string so State::padding is shown conventionally
  • efbdd3a update to pulldown-cmark 13
  • 05e247e fixup: Adjust wording + typos
  • 2252ba1 refactor: Add helper to factor out newline + padding pattern
  • 80f82f4 Release pulldown-cmark-to-cmark v20.0.1
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot requested review from adamchalmers and jessfraz June 23, 2025 12:24
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 23, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 23, 2025

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

@dependabot dependabot bot added the rust Pull requests that update Rust code label Jun 23, 2025
@dependabot dependabot bot force-pushed the dependabot/cargo/major-089927ba77 branch from 7436ccc to 6f921d2 Compare July 7, 2025 10:22
@dependabot dependabot bot force-pushed the dependabot/cargo/major-089927ba77 branch 3 times, most recently from a1cfedc to 7943231 Compare July 15, 2025 19:55
@dependabot dependabot bot force-pushed the dependabot/cargo/major-089927ba77 branch from 7943231 to 4bf8c2d Compare July 21, 2025 11:12
@dependabot dependabot bot force-pushed the dependabot/cargo/major-089927ba77 branch from 4bf8c2d to c7cc6b0 Compare July 28, 2025 17:49
@dependabot
Bump the major group with 3 updates
be27410 
Bumps the major group with 3 updates: [colored_json](https://github.com/ctron/colored_json), [oauth2](https://github.com/ramosbugs/oauth2-rs) and [pulldown-cmark-to-cmark](https://github.com/Byron/pulldown-cmark-to-cmark).


Updates `colored_json` from 4.1.0 to 5.0.0
- [Release notes](https://github.com/ctron/colored_json/releases)
- [Commits](ctron/colored_json@v4.1.0...v5.0.0)

Updates `oauth2` from 4.4.2 to 5.0.0
- [Release notes](https://github.com/ramosbugs/oauth2-rs/releases)
- [Upgrade guide](https://github.com/ramosbugs/oauth2-rs/blob/main/UPGRADE.md)
- [Commits](ramosbugs/oauth2-rs@4.4.2...5.0.0)

Updates `pulldown-cmark-to-cmark` from 11.2.0 to 21.0.0
- [Release notes](https://github.com/Byron/pulldown-cmark-to-cmark/releases)
- [Changelog](https://github.com/Byron/pulldown-cmark-to-cmark/blob/main/CHANGELOG.md)
- [Commits](Byron/pulldown-cmark-to-cmark@v11.2.0...v21.0.0)

---
updated-dependencies:
- dependency-name: colored_json
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: oauth2
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: pulldown-cmark-to-cmark
  dependency-version: 21.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/cargo/major-089927ba77 branch from c7cc6b0 to be27410 Compare August 4, 2025 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamchalmers adamchalmers Awaiting requested review from adamchalmers adamchalmers is a code owner

@jessfraz jessfraz Awaiting requested review from jessfraz jessfraz is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants