Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 10 updates#1377

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/minor-and-patch-700ec05fce
Closed

chore(deps): bump the minor-and-patch group across 1 directory with 10 updates#1377
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/minor-and-patch-700ec05fce

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 9 updates in the / directory:

Package From To
serde_json 1.0.149 1.0.150
napi 3.8.6 3.9.3
wat 1.249.0 1.252.0
zeroize 1.8.2 1.9.0
iroh 1.0.0-rc.0 1.0.0
loro 1.12.0 1.13.6
bytes 1.11.1 1.12.0
ml-dsa 0.1.0 0.1.1
tauri 2.11.2 2.11.3

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

Commits
  • a1ae73a Release 1.0.150
  • 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
  • 2037b63 Reject non-string enum object keys
  • 5d30df6 Resolve manual_assert_eq pedantic clippy lint
  • dc8003a Raise required compiler for preserve_order feature to 1.85
  • a42fa98 Unpin CI miri toolchain
  • 684a60e Pin CI miri to nightly-2026-02-11
  • 7c7da33 Raise required compiler to Rust 1.71
  • acf4850 Simplify Number::is_f64
  • 6b8ceab Resolve unnecessary_map_or clippy lint
  • Additional commits viewable in compare view

Updates napi from 3.8.6 to 3.9.3

Release notes

Sourced from napi's releases.

napi-v3.9.3

Fixed

  • (napi) sync referred flag when creating a weak ThreadsafeFunction (#3337)

Other

  • (napi) outline non-generic core of ThreadsafeFunction::create (#3334)

napi-v3.9.2

Fixed

  • (napi) ReadableStream Reader loses chunks and aborts on errored streams (#3328)

napi-v3.9.1

Fixed

  • (napi) unify Reference finalize callbacks on Arc (Rc/Arc type confusion) (#3313)
  • (napi) zero-copy external strings, fix WASI double-free (#3308)
  • (napi) experimental node_api_create_object_with_properties (#3304)

napi-v3.9.0

Added

  • (napi) add ThreadsafeFunction::call_async_catch to handle errors in callback functions (#3291)

Fixed

  • (deps) update rust crate ctor to v1 (#3276)
  • (deps) update rust crate ctor to 0.13.0 (#3275)
  • (deps) update rust crate ctor to 0.12.0 (#3271)
Commits
  • ee58383 chore(napi): release v3.9.3 (#3335)
  • c787276 fix(napi): sync referred flag when creating a weak ThreadsafeFunction (#3337)
  • d4276ca chore(deps): update dependency oxc-parser to ^0.137.0 (#3336)
  • a0b1831 perf(napi): outline non-generic core of ThreadsafeFunction::create (#3334)
  • 3759d7b chore(deps): update rust-lang/crates-io-auth-action action to v1.0.5 (#3333)
  • dd41eeb build(deps): bump protobufjs from 7.6.2 to 7.6.4 (#3332)
  • cdd48b3 chore(deps): update dependency oxc-parser to ^0.136.0 (#3314)
  • e98762d chore(deps): update yarn monorepo to v4.17.0 (#3330)
  • 529a78d chore(napi): release v3.9.2 (#3329)
  • 88f4b97 fix(napi): ReadableStream Reader loses chunks and aborts on errored streams (...
  • Additional commits viewable in compare view

Updates wat from 1.249.0 to 1.252.0

Release notes

Sourced from wat's releases.

v1.252.0

What's Changed

New Contributors

Full Changelog: bytecodealliance/wasm-tools@v1.251.0...v1.252.0

v1.251.0

What's Changed

New Contributors

Full Changelog: bytecodealliance/wasm-tools@v1.250.0...v1.251.0

v1.250.0

What's Changed

Full Changelog: bytecodealliance/wasm-tools@v1.249.0...v1.250.0

Commits
  • d66d436 Release wasm-tools 1.252.0 (#2541)
  • 6beea1e fix(wit-parser)!: preserve docs on world interface imports/exports (#2540)
  • d36e62a Enable the CM_ASYNC feature by default (#2539)
  • d7f1e28 fix(wit-encoder): only use serde attribute if serde is enabled (#2538)
  • c59fb63 wasm-smith: Allow limiting the size of const arrays (#2536)
  • 74145d2 deps: converge to unicode-ident, remove unicode-xid (#2535)
  • a1a178a Release wasm-tools 1.251.0 (#2534)
  • d0cee45 wit-parser: rust docs for ItemName, and instance_name argument doing the obvi...
  • de09ad2 wasm-wave: parse wit ItemNames as UntypedFuncCall names (#2530)
  • a7be6db wit-parser: add ItemName type and parser (#2529)
  • Additional commits viewable in compare view

Updates zeroize from 1.8.2 to 1.9.0

Commits

Updates iroh from 1.0.0-rc.0 to 1.0.0

Changelog

Sourced from iroh's changelog.

1.0.0 - 2026-06-15

⛰️ Features

  • (iroh-relay) [breaking] Allow setting a custom ServerCertVerifier and rename CaRootsConfig to CaTlsConfig (#4300) - (b1e91e3)
  • (iroh-relay) Add Bearer token access control without an external service (#4326) - (400264e)
  • (iroh-relay) Allow multiple hostnames with Let's encrypt TLS (#4337) - (9afd2bc)
  • Allow configuring NetReport (#4020) - (6406e07)
  • Update relay urls to 1.0 stable (#4341) - (8e25ecb)
  • [breaking] Update to 1.0 dependencies (#4343) - (b193191)

🐛 Bug Fixes

  • (iroh) Correctly abandon paths when new are opened with worse RTT (#4296) - (295a715)
  • (iroh) Don't kill noq endpoint on first transport recv error (#4314) - (0a5ce75)
  • (iroh) Add global address validation token store (#4317) - (ba81a72)
  • (iroh) Add missing export for unstable-custom-transport and improve docs (#4335) - (5791244)
  • (iroh-dns) Use portable_atomic::AtomicU64 for 32-bit targets (#4320) - (1903740)
  • (iroh-relay) Connect IPv4 and IPv6 concurrently (happy eyeballs) (#4299) - (bab6a43)
  • Fix condition for retry warning. (#4307) - (64b9316)

🚜 Refactor

  • (iroh) Use n0_future::MaybeFuture instead of own version (#4310) - (07f1d1a)
  • (iroh) Minor cleanups to reqwest setup (#4311) - (3cbc1a6)
  • (iroh) Improve tracing logs (#4313) - (9a79782)
  • (iroh) Don't log at warn level if the address lookup isn't configured. (#4318) - (94f4b2f)
  • (iroh) Gate net_report API behind unstable-net-report feature (#4338) - (7e95ae7)

📚 Documentation

🧪 Testing

⚙️ Miscellaneous Tasks

Deps

  • Update ed25519-dalek and curve25519-dalek (#4324) - (33a92f1)

1.0.0-rc.1 - 2026-05-27

... (truncated)

Commits
  • 6520cd6 chore: Release
  • b193191 feat!: update to 1.0 dependencies (#4343)
  • 0e7e976 chore: use install-action instead of binstall directly (#4342)
  • a134dd8 chore: Update the issue templates a little (#4340)
  • 5791244 fix(iroh): add missing export for unstable-custom-transport and improve doc...
  • 7e95ae7 refactor(iroh): gate net_report API behind unstable-net-report feature (#4338)
  • 9afd2bc feat(iroh-relay): Allow multiple hostnames with Let's encrypt TLS (#4337)
  • 8e25ecb feat: update relay urls to 1.0 stable (#4341)
  • b0fcd40 chore(deps): bump mainline from 6.2.0 to 7.0.0 (#4331)
  • 710d03a docs(iroh): improve readme (#4329)
  • Additional commits viewable in compare view

Updates loro from 1.12.0 to 1.13.6

Release notes

Sourced from loro's releases.

loro-crdt-map@1.13.6

Patch Changes

  • a4e6174: Fix undo/redo restoring mergeable map children as regular non-mergeable containers.
  • 78f6c8a: Fix a potential deadlock when lazy snapshot loading resolves mergeable container parent depths.

loro-crdt@1.13.6

Patch Changes

  • a4e6174: Fix undo/redo restoring mergeable map children as regular non-mergeable containers.
  • 78f6c8a: Fix a potential deadlock when lazy snapshot loading resolves mergeable container parent depths.

loro-crdt-map@1.13.5

Patch Changes

  • 1727258: Improve text insert and snapshot import performance by avoiding duplicate text boundary validation and skipping eager imported change block parsing.

  • 52d8168: Recover two per-operation editing slowdowns regressed since 1.11.

    Both are constant-factor regressions on the per-op (auto-commit) editing path introduced by the lazy-snapshot work in #985, measured against the 1.11.1 release.

    1. Every MapHandler/ListHandler/MovableListHandler insert validated its value with ensure_no_regular_container_value, which heap-allocated a Vec on each call even for scalar values (the common case). A scalar fast-path now skips the allocation and traversal entirely. map create 10^4 key: ~19.4ms -> ~10.7ms.
    2. The per-op text bounds check (TextHandler::len/len_unicode/len_utf16) took two DocState locks — one to check whether the container state was decoded, then another to query the length. These are now consolidated into a single DocState::get_text_len that takes one lock and one container-store lookup. The lazy-snapshot memory behavior is preserved: a still-lazy container reads its cached length metadata without materializing the full richtext state. bench_text B4 apply (per-op text editing): ~389ms -> ~352ms.

loro-crdt@1.13.5

Patch Changes

  • 1727258: Improve text insert and snapshot import performance by avoiding duplicate text boundary validation and skipping eager imported change block parsing.

  • 52d8168: Recover two per-operation editing slowdowns regressed since 1.11.

    Both are constant-factor regressions on the per-op (auto-commit) editing path introduced by the lazy-snapshot work in #985, measured against the 1.11.1 release.

    1. Every MapHandler/ListHandler/MovableListHandler insert validated its value with ensure_no_regular_container_value, which heap-allocated a Vec on each call even for scalar values (the common case). A scalar fast-path now skips the allocation and traversal entirely. map create 10^4 key: ~19.4ms -> ~10.7ms.

... (truncated)

Commits

Updates bytes from 1.11.1 to 1.12.0

Release notes

Sourced from bytes's releases.

Bytes v1.12.0

1.12.0 (June 18th, 2026)

Added

  • Add BytesMut::extend_from_within() (#818)
  • Add BytesMut::try_unsplit() (#746)

Fixed

  • Fix panic in get_int if nbytes is zero (#806)

Changed

  • Pass vtable data by value (#826)
  • Exclude development scripts from published package (#810)

Documented

  • Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)
Changelog

Sourced from bytes's changelog.

1.12.0 (June 18th, 2026)

Added

  • Add BytesMut::extend_from_within() (#818)
  • Add BytesMut::try_unsplit() (#746)

Fixed

  • Fix panic in get_int if nbytes is zero (#806)

Changed

  • Pass vtable data by value (#826)
  • Exclude development scripts from published package (#810)

Documented

  • Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)
Commits

Updates ml-dsa from 0.1.0 to 0.1.1

Commits

Updates tauri from 2.11.2 to 2.11.3

Release notes

Sourced from tauri's releases.

tauri-cli v2.11.3

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1133 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1085 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413

Crate: atk-sys
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0416
URL: https://rustsec.org/advisories/RUSTSEC-2024-0416

Crate: fxhash
Version: 0.2.1
Warning: unmaintained
Title: fxhash - no longer maintained
Date: 2025-09-05
ID: RUSTSEC-2025-0057
URL: https://rustsec.org/advisories/RUSTSEC-2025-0057

Crate: gdk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0412
URL: https://rustsec.org/advisories/RUSTSEC-2024-0412

Crate: gdk-sys
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0418
URL: https://rustsec.org/advisories/RUSTSEC-2024-0418

Crate: gdkwayland-sys
</tr></table>

... (truncated)

Commits

Updates tauri-build from 2.6.2 to 2.6.3

Release notes

Sourced from tauri-build's releases.

tauri-build v2.6.3

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1133 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1085 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413

Crate: atk-sys
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0416
URL: https://rustsec.org/advisories/RUSTSEC-2024-0416

Crate: fxhash
Version: 0.2.1
Warning: unmaintained
Title: fxhash - no longer maintained
Date: 2025-09-05
ID: RUSTSEC-2025-0057
URL: https://rustsec.org/advisories/RUSTSEC-2025-0057

Crate: gdk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0412
URL: https://rustsec.org/advisories/RUSTSEC-2024-0412

Crate: gdk-sys
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0418
URL: https://rustsec.org/advisories/RUSTSEC-2024-0418

Crate: gdkwayland-sys
</tr></table>

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…0 updates

Bumps the minor-and-patch group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [serde_json](https://github.com/serde-rs/json) | `1.0.149` | `1.0.150` |
| [napi](https://github.com/napi-rs/napi-rs) | `3.8.6` | `3.9.3` |
| [wat](https://github.com/bytecodealliance/wasm-tools) | `1.249.0` | `1.252.0` |
| [zeroize](https://github.com/RustCrypto/utils) | `1.8.2` | `1.9.0` |
| [iroh](https://github.com/n0-computer/iroh) | `1.0.0-rc.0` | `1.0.0` |
| [loro](https://github.com/loro-dev/loro) | `1.12.0` | `1.13.6` |
| [bytes](https://github.com/tokio-rs/bytes) | `1.11.1` | `1.12.0` |
| [ml-dsa](https://github.com/RustCrypto/signatures) | `0.1.0` | `0.1.1` |
| [tauri](https://github.com/tauri-apps/tauri) | `2.11.2` | `2.11.3` |



Updates `serde_json` from 1.0.149 to 1.0.150
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](serde-rs/json@v1.0.149...v1.0.150)

Updates `napi` from 3.8.6 to 3.9.3
- [Release notes](https://github.com/napi-rs/napi-rs/releases)
- [Commits](napi-rs/napi-rs@napi-v3.8.6...napi-v3.9.3)

Updates `wat` from 1.249.0 to 1.252.0
- [Release notes](https://github.com/bytecodealliance/wasm-tools/releases)
- [Commits](bytecodealliance/wasm-tools@v1.249.0...v1.252.0)

Updates `zeroize` from 1.8.2 to 1.9.0
- [Commits](RustCrypto/utils@zeroize-v1.8.2...zeroize-v1.9.0)

Updates `iroh` from 1.0.0-rc.0 to 1.0.0
- [Release notes](https://github.com/n0-computer/iroh/releases)
- [Changelog](https://github.com/n0-computer/iroh/blob/main/CHANGELOG.md)
- [Commits](n0-computer/iroh@v1.0.0-rc.0...v1.0.0)

Updates `loro` from 1.12.0 to 1.13.6
- [Release notes](https://github.com/loro-dev/loro/releases)
- [Commits](loro-dev/loro@loro-v1.12.0...loro-v1.13.6)

Updates `bytes` from 1.11.1 to 1.12.0
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.11.1...v1.12.0)

Updates `ml-dsa` from 0.1.0 to 0.1.1
- [Commits](RustCrypto/signatures@ml-dsa/v0.1.0...ml-dsa/v0.1.1)

Updates `tauri` from 2.11.2 to 2.11.3
- [Release notes](https://github.com/tauri-apps/tauri/releases)
- [Commits](tauri-apps/tauri@tauri-v2.11.2...tauri-v2.11.3)

Updates `tauri-build` from 2.6.2 to 2.6.3
- [Release notes](https://github.com/tauri-apps/tauri/releases)
- [Commits](tauri-apps/tauri@tauri-build-v2.6.2...tauri-build-v2.6.3)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-version: 1.0.150
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: napi
  dependency-version: 3.9.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: wat
  dependency-version: 1.252.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: zeroize
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: iroh
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: loro
  dependency-version: 1.13.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: bytes
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ml-dsa
  dependency-version: 0.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tauri
  dependency-version: 2.11.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tauri-build
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

Copy link
Copy Markdown

Cite-drift detector (Phase-3 G13-pre-A)

✅ No cite or numeric-claim drift detected.

@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 29, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/minor-and-patch-700ec05fce branch June 29, 2026 06:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants