Bump the dependencies group with 8 updates

[dependabot]

Bumps the dependencies group with 8 updates:

Package	From	To
anyhow	1.0.98	1.0.99
tokio-util	0.7.15	0.7.16
security-framework	3.2.0	3.3.0
sysinfo	0.36.1	0.37.0
tempfile	3.20.0	3.21.0
regex	1.11.1	1.11.2
tree-sitter-javascript	0.23.1	0.25.0
libc	0.2.174	0.2.175

Updates anyhow from 1.0.98 to 1.0.99

Release notes

Sourced from anyhow's releases.

1.0.99

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#420)

Commits

• f2b963a Release 1.0.99
• 2c64c15 Merge pull request #420 from dtolnay/enotempty
• 8cf66f7 Allow build-script cleanup failure with NFSv3 output directory to be non-fatal
• f5e145c Revert "Pin nightly toolchain used for miri job"
• 1d7ef1d Update ui test suite to nightly-2025-06-30
• 6929572 Update ui test suite to nightly-2025-06-18
• 37224e3 Ignore mismatched_lifetime_syntaxes lint
• 11f0e81 Pin nightly toolchain used for miri job
• d04c999 Raise required compiler for backtrace feature to rust 1.82
• 219d163 Update test suite to nightly-2025-05-01
• See full diff in compare view

Updates tokio-util from 0.7.15 to 0.7.16

Commits

• cf6b50a chore: prepare tokio-util v0.7.16 (#7507)
• 416e36b task: stabilise JoinMap (#7075)
• 9741c90 sync: document cancel safety on SetOnce::wait (#7506)
• 4e3f17b codec: also apply capacity to read buffer in Framed::with_capacity (#7500)
• 86cbf81 Merge 'tokio-1.47.1' into 'master'
• be8ee45 chore: prepare Tokio v1.47.1 (#7504)
• d9b1916 Merge 'tokio-1.43.2' into 'tokio-1.47.x' (#7503)
• db8edc6 chore: prepare Tokio v1.43.2 (#7502)
• e47565b blocking: clarify that spawn_blocking is aborted if not yet started (#7501)
• 4730984 readme: add 1.47 as LTS release (#7497)
• Additional commits viewable in compare view

Updates security-framework from 3.2.0 to 3.3.0

Commits

• bb4f7b4 Bump
• f65ccc6 Allow adding a client-constructed access control object to an item.
• 2ecca58 Password options cleanup
• See full diff in compare view

Updates sysinfo from 0.36.1 to 0.37.0

Changelog

Sourced from sysinfo's changelog.

0.37.0

• Update minimum supported Rust version to 1.88 (for 2024 edition and if let chain feature).
• Added Component::id API.
• Linux: Greatly improve partial processes retrieval.
• Linux: Simplify internal components retrieval code.

Commits

• 317d873 Merge pull request #1569 from GuillaumeGomez/update-version
• 65797c1 Update crate version to 0.37.0
• 634f800 Update CHANGELOG for 0.37.0 version
• 1862c57 Merge pull request #1568 from GuillaumeGomez/internal-improvement
• 5d189e6 Rename PathHandler::join into PathHandler::replace_and_join to make it ea...
• 833b3ba Improve process refresh on Linux (#1566)
• af60d22 Merge pull request #1567 from GuillaumeGomez/msrv
• 5fa1b50 Fix new clippy lints
• 8ac5855 Update minimum supported rust version to 1.88
• 14f55d3 Merge pull request #1561 from guillaumecl/id
• Additional commits viewable in compare view

Updates tempfile from 3.20.0 to 3.21.0

Changelog

Sourced from tempfile's changelog.

3.21.0

• Updated windows-sys requirement to allow version 0.60.x

Commits

• 48bff5f test(tempdir): configure tempdir on wasi
• 704a1d2 test(tempdir): cleanup tempdir tests and run more tests on wasi
• a0dc80d Add Android CI target (#367)
• 4ad1ae6 chore(release): release 3.21.0
• 3849edd build(deps): bump actions/checkout from 4 to 5 (#368)
• 0657fdf build(deps): update windows-sys requirement <0.61 (#360)
• 69b95c7 ci: fix was tests in CI (#361)
• See full diff in compare view

Updates regex from 1.11.1 to 1.11.2

Changelog

Sourced from regex's changelog.

1.11.2 (2025-08-24)

This is a new patch release of regex with some minor fixes. A larger number of typo or lint fix patches were merged. Also, we now finally recommend using std::sync::LazyLock.

Improvements:

• [BUG #1217](rust-lang/regex#1217): Switch recommendation from once_cell to std::sync::LazyLock.
• [BUG #1225](rust-lang/regex#1225): Add DFA::set_prefilter to regex-automata.

Bug fixes:

• [BUG #1165](rust-lang/regex#1150): Remove std dependency from perf-literal-multisubstring crate feature.
• [BUG #1165](rust-lang/regex#1165): Clarify the meaning of (?R)$ in the documentation.
• [BUG #1281](rust-lang/regex#1281): Remove fuzz/ and record/ directories from published crate on crates.io.

Commits

• d0aa586 1.11.2
• a3bf4ad regex-cli-0.2.2
• 25a15e2 rure-0.2.3
• 45c3da7 regex-lite-0.1.7
• 873ed80 regex-automata-0.4.10
• ea834f8 regex-syntax-0.8.6
• 86836fb changelog: 1.11.2
• 63a26c1 cargo: ensure that 'perf' doesn't enable 'std' implicitly (#1150)
• dd96592 doc: clarify CRLF mode effect
• 931dae0 cargo: point repository metadata to clonable URLs
• Additional commits viewable in compare view

Updates tree-sitter-javascript from 0.23.1 to 0.25.0

Release notes

Sourced from tree-sitter-javascript's releases.

v0.25.0

NOTE: Download tree-sitter-javascript.tar.gz for the complete source code.

Commits

• 44c892e 0.25.0
• 5f100b0 docs: clarify targeted ECMAScript version
• 2409583 chore: generate
• 39798e2 feat: add await to reserved identifiers
• c220d3e feat: add reserved words
• 7ef8551 fix: allow of as identifiers in for loops
• ebdb4f1 feat: add using declaration
• 166a565 ci: use macos-latest
• be1e969 build: update bindings
• b131ccb ci: bump actions/checkout from 4 to 5
• Additional commits viewable in compare view

Updates libc from 0.2.174 to 0.2.175

Release notes

Sourced from libc's releases.

0.2.175

Added

• AIX: Add getpeereid (#4524)
• AIX: Add struct ld_info and friends (#4578)
• AIX: Retore struct winsize (#4577)
• Android: Add UDP socket option constants (#4619)
• Android: Add CLONE_CLEAR_SIGHAND and CLONE_INTO_CGROUP (#4502)
• Android: Add more prctl constants (#4531)
• FreeBSD Add further TCP stack-related constants (#4196)
• FreeBSD x86-64: Add mcontext_t.mc_tlsbase (#4503)
• FreeBSD15: Add kinfo_proc.ki_uerrmsg (#4552)
• FreeBSD: Add in_conninfo (#4482)
• FreeBSD: Add xinpgen and related types (#4482)
• FreeBSD: Add xktls_session (#4482)
• Haiku: Add functionality from libbsd (#4221)
• Linux: Add SECBIT_* (#4480)
• NetBSD, OpenBSD: Export ioctl request generator macros (#4460)
• NetBSD: Add ptsname_r (#4608)
• RISCV32: Add time-related syscalls (#4612)
• Solarish: Add strftime* (#4453)
• linux: Add EXEC_RESTRICT_* and EXEC_DENY_* (#4545)

Changed

• AIX: Add const to signatures to be consistent with other platforms (#4563)

Fixed

• AIX: Fix the type of struct statvfs.f_fsid (#4576)
• AIX: Fix the type of constants for the ioctl request argument (#4582)
• AIX: Fix the types of stat{,64}.st_*tim (#4597)
• AIX: Use unique errno values (#4507)
• Build: Fix an incorrect target_os -> target_arch check (#4550)
• FreeBSD: Fix the type of xktls_session_onedir.ifnet (#4552)
• Mips64 musl: Fix the type of nlink_t (#4509)
• Mips64 musl: Use a special MIPS definition of stack_t (#4528)
• Mips64: Fix SI_TIMER, SI_MESGQ and SI_ASYNCIO definitions (#4529)
• Musl Mips64: Swap the order of si_errno and si_code in siginfo_t (#4530)
• Musl Mips64: Use a special MIPS definition of statfs (#4527)
• Musl: Fix the definition of fanotify_event_metadata (#4510)
• NetBSD: Correct enum fae_action to be #[repr(C)] (#60a8cfd5)
• PSP: Correct char -> c_char (eaab4fc3)
• PowerPC musl: Fix termios definitions (#4518)
• PowerPC musl: Fix the definition of EDEADLK (#4517)
• PowerPC musl: Fix the definition of NCCS (#4513)
• PowerPC musl: Fix the definitions of MAP_LOCKED and MAP_NORESERVE (#4516)
• PowerPC64 musl: Fix the definition of shmid_ds (#4519)

Deprecated

... (truncated)

Changelog

Sourced from libc's changelog.

0.2.175 - 2025-08-10

Added

• AIX: Add getpeereid (#4524)
• AIX: Add struct ld_info and friends (#4578)
• AIX: Retore struct winsize (#4577)
• Android: Add UDP socket option constants (#4619)
• Android: Add CLONE_CLEAR_SIGHAND and CLONE_INTO_CGROUP (#4502)
• Android: Add more prctl constants (#4531)
• FreeBSD Add further TCP stack-related constants (#4196)
• FreeBSD x86-64: Add mcontext_t.mc_tlsbase (#4503)
• FreeBSD15: Add kinfo_proc.ki_uerrmsg (#4552)
• FreeBSD: Add in_conninfo (#4482)
• FreeBSD: Add xinpgen and related types (#4482)
• FreeBSD: Add xktls_session (#4482)
• Haiku: Add functionality from libbsd (#4221)
• Linux: Add SECBIT_* (#4480)
• NetBSD, OpenBSD: Export ioctl request generator macros (#4460)
• NetBSD: Add ptsname_r (#4608)
• RISCV32: Add time-related syscalls (#4612)
• Solarish: Add strftime* (#4453)
• linux: Add EXEC_RESTRICT_* and EXEC_DENY_* (#4545)

Changed

• AIX: Add const to signatures to be consistent with other platforms (#4563)

Fixed

• AIX: Fix the type of struct statvfs.f_fsid (#4576)
• AIX: Fix the type of constants for the ioctl request argument (#4582)
• AIX: Fix the types of stat{,64}.st_*tim (#4597)
• AIX: Use unique errno values (#4507)
• Build: Fix an incorrect target_os -> target_arch check (#4550)
• FreeBSD: Fix the type of xktls_session_onedir.ifnet (#4552)
• Mips64 musl: Fix the type of nlink_t (#4509)
• Mips64 musl: Use a special MIPS definition of stack_t (#4528)
• Mips64: Fix SI_TIMER, SI_MESGQ and SI_ASYNCIO definitions (#4529)
• Musl Mips64: Swap the order of si_errno and si_code in siginfo_t (#4530)
• Musl Mips64: Use a special MIPS definition of statfs (#4527)
• Musl: Fix the definition of fanotify_event_metadata (#4510)
• NetBSD: Correct enum fae_action to be #[repr(C)] (#60a8cfd5)
• PSP: Correct char -> c_char (eaab4fc3)
• PowerPC musl: Fix termios definitions (#4518)
• PowerPC musl: Fix the definition of EDEADLK (#4517)
• PowerPC musl: Fix the definition of NCCS (#4513)
• PowerPC musl: Fix the definitions of MAP_LOCKED and MAP_NORESERVE (#4516)
• PowerPC64 musl: Fix the definition of shmid_ds (#4519)

... (truncated)

Commits

• 84e26e6 Update the lockfile
• 4d04aee chore: release libc 0.2.175
• 94a7f32 cleanup: Format a file that was missed
• 1725273 Rename the ctest file from main to ctest
• e9b021b freebsd adding further TCP stack related constants.
• 9606a29 freebsd15: Add ki_uerrmsg to struct kinfo_proc
• 2816bc2 libc-test: include sys/ktls.h on freebsd
• adfe283 libc-test: Account for xktls_session_onedir::gen (freebsd)
• 4cc1bf4 freebsd: Document avoidance of reserved name gen
• 7cdcaa6 freebsd: Fix type of struct xktls_session_onedir, field ifnet
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
sysinfo	[>= 0.32.a, < 0.33]
sysinfo	[>= 0.31.a, < 0.32]
sysinfo	[>= 0.30.a, < 0.31]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[decathorpe]

Can dependabot not be configured to make these bumps lockfile-only? Bumping the minimum version in Cargo.toml for no reason really isn't necessary.

[mhils]

I don't hold super strong opinions here, but I generally dislike the idea of declaring support for a version that we don't actively test against.

[decathorpe]

I don't hold super strong opinions here, but I generally dislike the idea of declaring support for a version that we don't actively test against.

Well, that depends on what "declaring support for" means ... the way it's set up now is that the project always forces a dependency on the ~ latest version even if that's not technically necessary.

This can cause unnecessary MSRV bumps, or a lot of duplicate dependencies in the dependency tree - which can sometimes cause compiled artifacts to be significantly larger than necessary.

(It's probably not practical to enforce having only one version of every dependency in the dependency tree (cargo-deny can be set up to do that - with an allowlist for exceptions) though, since that often leads to not being able to bump dependencies for relatively long periods of time.)

Mostly though I kind of have a negative opinion about dependabot bumping "real" dependencies (as opposed to only bumping the lockfile, when possible) because it is really annoing to deal with when doing distribution packaging (mostly affects Fedora and debian). Bumping project dependencies for no good reason often creates a lot of work for those downstream consumers.

As an aside, it appears that the mitmproxy package in debian is stuck at version 8.1.1 (the last one before Rust components were added), which isn't great ...

[mhils]

The problem is that cargo does not seem to have a way to test with the oldest allowed dependency versions. This means that we won't notice in CI if we break old versions (despite still declaring support). I don't want to declare support for an older version we can't actively test against.

I agree that Dependabot's default strategy is annoying for distributions, but it's such a widely used pattern that I think this needs to be solved with better distribution tooling. Except for downstream distributions, there are really very few reasons to declare support for older versions. Duplicate dependencies can be an example, but empirically that's never been a big issue for us.

[mhils]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[mhils]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.

[decathorpe]

cargo does not seem to have a way to test with the oldest allowed dependency versions

It actually does (but it's still unstable): -Zminimal-versions or -Zdirect-minimal-versions
https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#direct-minimal-versions

But I'm OK with keeping the current "strategy" for mitmproxy_rs.

[mhils]

Oh, super cool! Thanks, TIL. This is really useful for libs. :)

…

On Tue, 9 Sept 2025, 17:29 Fabio Valentini, ***@***.***> wrote: *decathorpe* left a comment (mitmproxy/mitmproxy_rs#280) <#280 (comment)> cargo does not seem to have a way to test with the oldest allowed dependency versions It actually does (but it's still unstable): -Zminimal-versions or -Zdirect-minimal-versions https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#direct-minimal-versions But I'm OK with keeping the current "strategy" for mitmproxy_rs. — Reply to this email directly, view it on GitHub <#280 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAHY2PTZ7BSTSH7LS23LTFT3R3W5TAVCNFSM6AAAAACFN7MAGKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTENZRGIZTQNRXHE> . You are receiving this because you commented.Message ID: ***@***.***>