Skip to content

Bump the cargo-minor group across 1 directory with 4 updates#280

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/cargo-minor-ba2808fe22
Open

Bump the cargo-minor group across 1 directory with 4 updates#280
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/cargo-minor-ba2808fe22

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the cargo-minor group with 4 updates in the / directory: ammonia, anyhow, tauri and log.

Updates ammonia from 4.1.2 to 4.1.3

Release notes

Sourced from ammonia's releases.

4.1.3

  • fix: unexpected namespace switches after cleanup on MathML annotation-xml can cause mXSS

Special thanks to Ivan Ivančić (ivan0912, YesWeHack) for finding this vulnerability!

Changelog

Sourced from ammonia's changelog.

4.1.3

  • fix: unexpected namespace switches after cleanup on MathML annotation-xml can cause mXSS (reported by Ivan Ivančić (ivan0912, YesWeHack))

  • chore: upgrade to html5ever 0.37.1

  • chore: always strip the contents of selectedcontent elements, since the parser will always replace it with the actual contents anyway

Commits
  • 2c56268 Merge pull request #245 from rust-ammonia/release-4.1.3
  • b51bf4f Release 4.1.3 with security fix
  • e7bf160 Merge pull request #242 from gghez/worktree-issue-183-doc-document-level-tags
  • 4eadffc Document fragment-parsing limit on html/head/body tags (closes #183)
  • 82955e7 Merge pull request #239 from gghez/worktree-issue-190-fix-to-dom-node-doc
  • 879997e Merge pull request #238 from gghez/worktree-issue-211-rename-stack-overflow-t...
  • e9d22b0 Fix to_dom_node doctest by wrapping Handle in SerializableHandle
  • bf1de31 Rename deeply_nested_* tests to express stack-overflow regression intent
  • 186f7b7 Merge pull request #235 from rust-ammonia/macros
  • f7e2213 Disable cssparser proc macros
  • Additional commits viewable in compare view

Updates anyhow from 1.0.102 to 1.0.103

Release notes

Sourced from anyhow's releases.

1.0.103

  • Fix Stacked Borrows violation (UB) in Error::downcast_mut (#451, #452)
Commits
  • 5bdb0e2 Release 1.0.103
  • e621bd3 Merge pull request #452 from dtolnay/downcast
  • 6e8c000 Eliminate pointer->reference->pointer during downcast
  • 67c4abd Add regression test for issue 451
  • 917a169 Update actions/upload-artifact@v6 -> v7
  • d9dc3fa Update actions/checkout@v6 -> v7
  • 841522b Raise minimum tested compiler to rust 1.85
  • See full diff in compare view

Updates tauri from 2.11.3 to 2.11.5

Release notes

Sourced from tauri's releases.

tauri v2.11.5

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1146 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1085 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413

Crate: atk-sys
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0416
URL: https://rustsec.org/advisories/RUSTSEC-2024-0416

Crate: fxhash
Version: 0.2.1
Warning: unmaintained
Title: fxhash - no longer maintained
Date: 2025-09-05
ID: RUSTSEC-2025-0057
URL: https://rustsec.org/advisories/RUSTSEC-2025-0057

Crate: gdk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0412
URL: https://rustsec.org/advisories/RUSTSEC-2024-0412

Crate: gdk-sys
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0418
URL: https://rustsec.org/advisories/RUSTSEC-2024-0418

Crate: gdkwayland-sys
</tr></table>

... (truncated)

Commits

Updates log from 0.4.32 to 0.4.33

Changelog

Sourced from log's changelog.

[0.4.33] - 2026-06-20

What's Changed

New Contributors

Full Changelog: rust-lang/log@0.4.32...0.4.33

Commits
  • f405739 Merge pull request #734 from rust-lang/cargo/0.4.33
  • 6a24abf prepare for 0.4.33 release
  • 87e0621 Merge pull request #732 from matteo-zeggiotti-ok/fix-key-comparison
  • a9b5711 Review: fallback to the &str hash
  • cc89cc6 Review: fixed other comparisons
  • 920e7dc Review: fixed comparison on MaybeStaticStr
  • 0d71d3c Fixed key comparison
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the cargo-minor group with 4 updates in the / directory: [ammonia](https://github.com/rust-ammonia/ammonia), [anyhow](https://github.com/dtolnay/anyhow), [tauri](https://github.com/tauri-apps/tauri) and [log](https://github.com/rust-lang/log).


Updates `ammonia` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/rust-ammonia/ammonia/releases)
- [Changelog](https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md)
- [Commits](rust-ammonia/ammonia@v4.1.2...v4.1.3)

Updates `anyhow` from 1.0.102 to 1.0.103
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](dtolnay/anyhow@1.0.102...1.0.103)

Updates `tauri` from 2.11.3 to 2.11.5
- [Release notes](https://github.com/tauri-apps/tauri/releases)
- [Commits](tauri-apps/tauri@tauri-v2.11.3...tauri-v2.11.5)

Updates `log` from 0.4.32 to 0.4.33
- [Release notes](https://github.com/rust-lang/log/releases)
- [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md)
- [Commits](rust-lang/log@0.4.32...0.4.33)

---
updated-dependencies:
- dependency-name: ammonia
  dependency-version: 4.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor
- dependency-name: anyhow
  dependency-version: 1.0.103
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor
- dependency-name: tauri
  dependency-version: 2.11.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor
- dependency-name: log
  dependency-version: 0.4.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the type/dependencies Pull requests that update a dependency file label Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

type/dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants