chore(deps): bump serde_json from 1.0.145 to 1.0.148 #55
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.145 to 1.0.148. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@v1.0.145...v1.0.148) --- updated-dependencies: - dependency-name: serde_json dependency-version: 1.0.148 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
doublegate
added a commit
that referenced
this pull request
Jan 10, 2026
This PR consolidates updates from multiple open dependency PRs: ## Cargo Dependency Updates Applied: - criterion: 0.5.1 -> 0.8.1 (major version, benchmark framework) - ratatui: 0.29.0 -> 0.30.0 (TUI framework with breaking changes) - serde_json: 1.0.145 -> 1.0.148 - rustls-pki-types: 1.0 -> 1.13.2 - tracing: 0.1.43 -> 0.1.44 - tracing-subscriber: 0.3.20 -> 0.3.22 - clap: 4.5.48 -> 4.5.53 - open: 5.0 -> 5.3.3 - regex: 1.12 -> 1.12.1 ## GitHub Actions Updates Applied: - actions/cache: v4 -> v5 - actions/upload-artifact: v5 -> v6 - actions/download-artifact: v6 -> v7 ## Breaking Changes Resolved: - ratatui 0.30: Added `clear_region` method and `Error` type to Backend trait - Fixed clippy warnings in auth.rs (Zeroize derive pattern) - Fixed clippy unnecessary_unwrap in GUI button component ## Excluded from Consolidation: - iced 0.14.0 (PR #45): Extensive breaking changes requiring major GUI refactor - Would require changes to: scrollable API, application API, Style structs, text_input::Status enum, spacing types, and more - Recommended as separate PR for dedicated migration effort ## PRs Already Merged (content in main): - PR #27, #32: Phase 4 scripting documentation already present ## Verification: - Zero compilation errors - Zero clippy warnings (with -D warnings) - 60 unit tests passing - 49 doctests passing - Release build successful Closes #24, #46, #47, #48, #49, #50, #51, #52, #53, #54, #55, #56 Related: #27, #32 (already merged) Excluded: #45 (iced 0.14.0 - breaking changes too extensive) Co-Authored-By: Claude Opus 4.5 <[email protected]>
doublegate
added a commit
that referenced
this pull request
Jan 10, 2026
…grades (closes #24, #46-56) (#59) * chore(deps): Consolidate dependency updates and GitHub Actions upgrades This PR consolidates updates from multiple open dependency PRs: ## Cargo Dependency Updates Applied: - criterion: 0.5.1 -> 0.8.1 (major version, benchmark framework) - ratatui: 0.29.0 -> 0.30.0 (TUI framework with breaking changes) - serde_json: 1.0.145 -> 1.0.148 - rustls-pki-types: 1.0 -> 1.13.2 - tracing: 0.1.43 -> 0.1.44 - tracing-subscriber: 0.3.20 -> 0.3.22 - clap: 4.5.48 -> 4.5.53 - open: 5.0 -> 5.3.3 - regex: 1.12 -> 1.12.1 ## GitHub Actions Updates Applied: - actions/cache: v4 -> v5 - actions/upload-artifact: v5 -> v6 - actions/download-artifact: v6 -> v7 ## Breaking Changes Resolved: - ratatui 0.30: Added `clear_region` method and `Error` type to Backend trait - Fixed clippy warnings in auth.rs (Zeroize derive pattern) - Fixed clippy unnecessary_unwrap in GUI button component ## Excluded from Consolidation: - iced 0.14.0 (PR #45): Extensive breaking changes requiring major GUI refactor - Would require changes to: scrollable API, application API, Style structs, text_input::Status enum, spacing types, and more - Recommended as separate PR for dedicated migration effort ## PRs Already Merged (content in main): - PR #27, #32: Phase 4 scripting documentation already present ## Verification: - Zero compilation errors - Zero clippy warnings (with -D warnings) - 60 unit tests passing - 49 doctests passing - Release build successful Closes #24, #46, #47, #48, #49, #50, #51, #52, #53, #54, #55, #56 Related: #27, #32 (already merged) Excluded: #45 (iced 0.14.0 - breaking changes too extensive) Co-Authored-By: Claude Opus 4.5 <[email protected]> * refactor(auth): Replace module-level lint suppression with field-level attributes and add zeroization tests (#60) * Initial plan * refactor(auth): Move lint suppression from module-level to field-level for targeted scope Co-authored-by: doublegate <[email protected]> * test(auth): Add comprehensive zeroization test coverage for security-critical fields Co-authored-by: doublegate <[email protected]> --------- Co-authored-by: copilot-swe-agent[bot] <[email protected]> Co-authored-by: doublegate <[email protected]> * fix(ci): Resolve all failing CI checks for PR #59 - Fix auth.rs formatting: Remove trailing whitespace and format unsafe blocks properly according to rustfmt rules - Fix dependency-review-config.yml: Remove conflicting deny-licenses (cannot have both allow-licenses and deny-licenses), use proper purl format for package specifications (pkg:cargo/package-name) - Fix Windows cargo-nextest timeout: Replace cargo install with taiki-e/install-action pre-built binaries to avoid 10+ minute compilation time that caused timeouts Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ci): Expand allowed licenses for Dependency Review check Add comprehensive license list for Rust ecosystem compatibility: - Unicode licenses: Unicode-DFS-2016, Unicode-3.0 - Compression: Zlib, zlib-acknowledgement - Mozilla: MPL-2.0 - Boost: BSL-1.0 - LLVM: Apache-2.0 WITH LLVM-exception - OpenSSL, BlueOak-1.0.0, CC-BY-3.0/4.0, WTFPL, Ring, MIT-0, NCSA Add package allowlist for crates with special license definitions: - Unicode crates (unicode-ident, unicode-normalization, etc.) - Cryptography crates (ring, webpki, rustls-webpki) - OpenSSL bindings - lab crate (low OpenSSF scorecard but essential) Remove openssl-sys from deny-packages list. Fixes Dependency Review check failure on PR #59. Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ci): Remove invalid 'Ring' from allow-licenses list Ring is not a valid SPDX license identifier. The ring crate uses ISC license, which is already in the allow list. The ring package is also in the allow-dependencies-licenses list to ensure it passes checks. Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ci): add unicode-properties to allow-dependencies-licenses The [email protected] crate uses "MIT/Apache-2.0" as its license string, which is not valid SPDX format (should be "MIT OR Apache-2.0"). GitHub's dependency-review-action cannot validate non-SPDX license strings. Adding the package to allow-dependencies-licenses bypasses the SPDX validation while still allowing the dependency since both MIT and Apache-2.0 are approved licenses. Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: doublegate <[email protected]>
Contributor
Author
|
Looks like serde_json is up-to-date now, so this is no longer needed. |
doublegate
added a commit
that referenced
this pull request
Jan 10, 2026
…ity fix (#64) * chore(deps): Consolidate dependency updates and GitHub Actions upgrades This PR consolidates updates from multiple open dependency PRs: ## Cargo Dependency Updates Applied: - criterion: 0.5.1 -> 0.8.1 (major version, benchmark framework) - ratatui: 0.29.0 -> 0.30.0 (TUI framework with breaking changes) - serde_json: 1.0.145 -> 1.0.148 - rustls-pki-types: 1.0 -> 1.13.2 - tracing: 0.1.43 -> 0.1.44 - tracing-subscriber: 0.3.20 -> 0.3.22 - clap: 4.5.48 -> 4.5.53 - open: 5.0 -> 5.3.3 - regex: 1.12 -> 1.12.1 ## GitHub Actions Updates Applied: - actions/cache: v4 -> v5 - actions/upload-artifact: v5 -> v6 - actions/download-artifact: v6 -> v7 ## Breaking Changes Resolved: - ratatui 0.30: Added `clear_region` method and `Error` type to Backend trait - Fixed clippy warnings in auth.rs (Zeroize derive pattern) - Fixed clippy unnecessary_unwrap in GUI button component ## Excluded from Consolidation: - iced 0.14.0 (PR #45): Extensive breaking changes requiring major GUI refactor - Would require changes to: scrollable API, application API, Style structs, text_input::Status enum, spacing types, and more - Recommended as separate PR for dedicated migration effort ## PRs Already Merged (content in main): - PR #27, #32: Phase 4 scripting documentation already present ## Verification: - Zero compilation errors - Zero clippy warnings (with -D warnings) - 60 unit tests passing - 49 doctests passing - Release build successful Closes #24, #46, #47, #48, #49, #50, #51, #52, #53, #54, #55, #56 Related: #27, #32 (already merged) Excluded: #45 (iced 0.14.0 - breaking changes too extensive) Co-Authored-By: Claude Opus 4.5 <[email protected]> * refactor(auth): Replace module-level lint suppression with field-level attributes and add zeroization tests (#60) * Initial plan * refactor(auth): Move lint suppression from module-level to field-level for targeted scope Co-authored-by: doublegate <[email protected]> * test(auth): Add comprehensive zeroization test coverage for security-critical fields Co-authored-by: doublegate <[email protected]> --------- Co-authored-by: copilot-swe-agent[bot] <[email protected]> Co-authored-by: doublegate <[email protected]> * fix(ci): Resolve all failing CI checks for PR #59 - Fix auth.rs formatting: Remove trailing whitespace and format unsafe blocks properly according to rustfmt rules - Fix dependency-review-config.yml: Remove conflicting deny-licenses (cannot have both allow-licenses and deny-licenses), use proper purl format for package specifications (pkg:cargo/package-name) - Fix Windows cargo-nextest timeout: Replace cargo install with taiki-e/install-action pre-built binaries to avoid 10+ minute compilation time that caused timeouts Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ci): Expand allowed licenses for Dependency Review check Add comprehensive license list for Rust ecosystem compatibility: - Unicode licenses: Unicode-DFS-2016, Unicode-3.0 - Compression: Zlib, zlib-acknowledgement - Mozilla: MPL-2.0 - Boost: BSL-1.0 - LLVM: Apache-2.0 WITH LLVM-exception - OpenSSL, BlueOak-1.0.0, CC-BY-3.0/4.0, WTFPL, Ring, MIT-0, NCSA Add package allowlist for crates with special license definitions: - Unicode crates (unicode-ident, unicode-normalization, etc.) - Cryptography crates (ring, webpki, rustls-webpki) - OpenSSL bindings - lab crate (low OpenSSF scorecard but essential) Remove openssl-sys from deny-packages list. Fixes Dependency Review check failure on PR #59. Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ci): Remove invalid 'Ring' from allow-licenses list Ring is not a valid SPDX license identifier. The ring crate uses ISC license, which is already in the allow list. The ring package is also in the allow-dependencies-licenses list to ensure it passes checks. Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ci): add unicode-properties to allow-dependencies-licenses The [email protected] crate uses "MIT/Apache-2.0" as its license string, which is not valid SPDX format (should be "MIT OR Apache-2.0"). GitHub's dependency-review-action cannot validate non-SPDX license strings. Adding the package to allow-dependencies-licenses bypasses the SPDX validation while still allowing the dependency since both MIT and Apache-2.0 are approved licenses. Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(security): Patch RUSTSEC-2026-0002 lru soundness vulnerability Apply security fix for vulnerable lru 0.12.5 in iced_glyphon dependency. Security Fix Applied: - Vendor patched iced_glyphon 0.6.0 with lru updated to 0.16.3 - Add Cargo patch to use vendored version - Resolves RUSTSEC-2026-0002 (IterMut violating Stacked Borrows) Dependency Chain Fixed: rustirc -> rustirc-gui -> iced 0.13.1 -> iced_wgpu -> iced_glyphon -> lru Code Quality Improvements: - Add Default derive to PluginCapabilities (clippy::derivable_impls) - Add dead_code allows for reserved Phase 4+ fields in ScriptApi Related to PR #45 (iced 0.14.0). Full iced migration deferred as it requires 82+ breaking API changes - recommended for separate PR. PRs #27, #32 superseded - Phase 4 documentation already in main branch. Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: doublegate <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps serde_json from 1.0.145 to 1.0.148.
Release notes
Sourced from serde_json's releases.
Commits
8b291c4Release 1.0.1481aefe15Update to zmij 1.062d6e8dRelease 1.0.147fd829a6Merge pull request #1304 from dtolnay/zmije757a3dSwitch from ryu -> zmij for float formatting75ad7e6Release 1.0.146bc6c827Merge pull request #1305 from Xeonacid/patch-1a09210aSet fast_arithmetic=64 for riscv6401182e5Update actions/upload-artifact@v5 -> v6383b13aUpdate actions/upload-artifact@v4 -> v5Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)