Bump roxmltree from 0.20.0 to 0.21.0

[dependabot]

Bumps roxmltree from 0.20.0 to 0.21.0.

Changelog

Sourced from roxmltree's changelog.

[0.21.0] - 2025-10-04

Added

• ParsingOptions::entity_resolver can be used to resolve external entities referenced via public ID and URI.

Changed

• Node::has_attribute, Node::attribute and Node::attribute_node match local names similar to how Node::has_tag_name works.
• Various internal performance improvements, e.g. devirtualization of token dispatch and usage of memchr for finding delimiters.

Fixed

• Possible panic when entity resolution yields unbalanced tags.
• Quadratic runtime when merging consecutive text nodes.

Commits

• cd5b0e8 Fix benchmark build, update changelog and bump version.
• 634f4d0 Add support for resolving external entities
• a1bd711 Adjust attribute accessors to match purely on local names
• 5528680 Fix lints emitted by current nightly Clippy.
• d2c7801 Speed-up attribute parsing by splitting tokenizing and verification
• 239114a Add benchmark using gigantic SVG containing huge attribute values.
• 3b09447 Avoid quadratic runtime when merging text nodes
• 6df398d Refine and extend synthetic benchmarks stressing CDATA, text and attribute va...
• faffff8 Use of try_consume_reference always treats failure as fatal, so no need to ba...
• bc7a816 Devirtualize XmlEvents dispatch to give the optimizer full visibility
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (b470b8b) to head (829d4e0).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #572   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            5         5           
  Lines           44        44           
=========================================
  Hits            44        44           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.