rust Update Rust dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
extism-pdk (source)	dependencies	patch	=1.4.0 → =1.4.1
quick-xml	dependencies	minor	0.31 → 0.40
serde_json	dependencies	patch	1.0.149 → 1.0.150

---

Release Notes

extism/rust-pdk (extism-pdk)

v1.4.1

Compare Source

What's Changed

• update for newer versions of rust by @​bhelx in #​76
• cleanup: improve macro hygiene by @​zshipko in #​79

Full Changelog: extism/rust-pdk@v1.4.0...v1.4.1

tafia/quick-xml (quick-xml)

v0.40.1

Compare Source

Bug Fixes

• #​964: Fix unreachable!() panic in the serde deserializer when a DOCTYPE
  declaration appears between two text runs inside an element (e.g.
  <a>x<!DOCTYPE y>z</a>). The DOCTYPE used to break drain_text's
  consecutive-text merge, so two DeEvent::Text events reached
  read_text and tripped its "Cannot be two consequent Text events"
  invariant. DOCTYPE is now treated as transparent during text drain —
  it still goes through the entity resolver, but the surrounding text
  is merged into one run. Discovered via libFuzzer on a real-world
  SAML deserializer harness.

Misc Changes

v0.40.0

Compare Source

MSRV bumped to 1.79.

Now quick-xml supports the UTF-16 encoded documents. See the new DecodingReader type.

New Features

• #​956: Add DecodingReader, a BufRead adapter that auto-detects encoding
  from BOM or XML declaration and transcodes to UTF-8. Enabled by the encoding feature.

• #​938: Add new enumeration XmlVersion and typified getter BytesDecl::xml_version().

• #​938: Add new error variant IllFormedError::UnknownVersion.

• #​371: Add new error variant EscapeError::TooManyNestedEntities.

• #​371: Improved compliance with the XML attribute value normalization process by adding

  • Attribute::normalized_value()
  • Attribute::normalized_value_with()
  • Attribute::decoded_and_normalized_value()
  • Attribute::decoded_and_normalized_value_with()

  which ought to be used in place of deprecated

  • Attribute::unescape_value()
  • Attribute::unescape_value_with()
  • Attribute::decode_and_unescape_value()
  • Attribute::decode_and_unescape_value_with()

  Deprecated functions now behaves the same as newly added.

Bug Fixes

• #​938: Use correct rules for EOL normalization in Deserializer when parse XML 1.0 documents.
  Previously XML 1.1. rules was applied.

Misc Changes

• #​914: Remove deprecated .prefixes(), .resolve(), .resolve_attribute(), and .resolve_element()
  of NsReader. Use .resolver().<...> methods instead.
• #​938: Now BytesText::xml_content, BytesCData::xml_content and BytesRef::xml_content
  accepts XmlVersion parameter to apply correct EOL normalization rules.
• #​944: read_text() now returns BytesText which allows you to get the content with
  properly normalized EOLs. To get the previous behavior use .read_text().decode()?.
• #​956: Bumped MSRV from 1.59 (Feb 2022) to 1.79 (June 2024)

v0.39.4

Compare Source

Bug Fixes

• #​957: Fix slice-index panic when reading malformed DTD whose unknown markup
  is split across BufReader chunks. As with #​950, the returned
  Event::DocType may contain the malformed DTD; this fix only ensures that
  the parser does not panic.
• #​960: Fix sibling slice-index panic when a single chunk delivers < followed
  by 9+ bytes of unknown markup inside a DTD internal subset. Same disposition
  as #​957 / #​950: parser must not panic; DTD validity reporting is a future
  improvement.

v0.39.3

Compare Source

Bug Fixes

• #​950: Fix subtraction with overflow when parse malformed DTD in some cases.
  Note, that currently we do not check the validity of DTD, so the returned Event::DocType
  may contain the malformed DTD.

v0.39.2

Compare Source

New Features

• #​483: Implement read_text_into() and read_text_into_async().

Bug Fixes

• #​939: Fix parsing error of the tag from buffered reader, when the first byte <
  is the last in the BufRead internal buffer. This is the regression from #​936.

v0.39.1

Compare Source

New Features

• #​598: Add method NamespaceResolver::set_level which may be helpful in some circumstances.

Bug Fixes

• #​597: Fix incorrect processing of namespace scopes in NsReader::read_to_end
NsReader::read_to_end_into, NsReader::read_to_end_into_async and NsReader::read_text.
  The scope started by a start element was not ended after that call.
• #​936: Fix incorrect result of .read_text() when it is called after reading Text or GeneralRef event.

v0.39.0

Compare Source

Added a way to configure Writer. Now all configuration is contained in the writer::Config
struct and can be applied at once. When serde-types feature is enabled, configuration is serializable.

New Features

• #​846: Add methods config() and config_mut() to inspect and change the writer configuration.
• #​846: Add ability to write space before /> in self-closed tags for maximum compatibility with
  XHTML.
• #​846: Add method empty_element_handling() as a more powerful alternative to expand_empty_elements()
  in Serializer.
• #​929: Allow to pass list of field names to impl_deserialize_for_internally_tagged_enum! macro
  which is required if you enum variants contains $value fields.

Bug Fixes

• #​923: Implement correct skipping of well-formed DTD.

Misc Changes

• #​908: Increase minimal supported serde version from 1.0.139 to 1.0.180.
• #​913: Deprecate .prefixes(), .resolve(), .resolve_attribute(), and .resolve_element()
  of NsReader. Use .resolver().bindings() and .resolver().resolve() methods instead.
• #​913: Attributes::has_nil now accepts NamespaceResolver instead of Reader<R>.
• #​924: (breaking change) Split SyntaxError::UnclosedPIOrXmlDecl into UnclosedPI and
  UnclosedXmlDecl for more precise error reporting.
• #​924: (breaking change) Parser::eof_error now takes &self and content &[u8] parameters.
• #​926: (breaking change) Split SyntaxError::UnclosedTag into UnclosedTag,
  UnclosedSingleQuotedAttributeValue and UnclosedDoubleQuotedAttributeValue for more precise error reporting.

v0.38.4

Compare Source

New Features

• #​353: Add ability to serialize textual content as CDATA sections in Serializer.
  Everywhere where the text node may be created, a CDATA section(s) could be produced instead.
  See the new Serializer::text_format() method.

Bug Fixes

• #​912: Fix deserialization of numbers, booleans and characters that is space-wrapped, for example
  <int> 42 </int>. That space characters are usually indent added during serialization and
  other XML serialization libraries trims them

Misc Changes

• #​901: Fix running tests on 32-bit architecture
• #​909: Avoid some allocations in the Serializer

v0.38.3

Compare Source

Bug Fixes

• #​895: Fix incorrect normalization of \rX EOL sequences where X is a char which is
  UTF-8 encoded as [c2 xx], except [c2 85].

Misc Changes

• #​895: Add new xml10_content() and xml11_content() methods which behaves the same as
  html_content() and xml_content() methods, but express intention more clearly.

v0.38.2

Compare Source

New Features

• #​893: Implement FusedIterator for NamespaceBindingsIter.
• #​893: Make NamespaceResolver public.
• #​893: Add NsReader::resolver() for access to namespace resolver.

Misc Changes

• #​893: Rename PrefixIter to NamespaceBindingsIter.

v0.38.1

Compare Source

Important changes

To get text in events according to the XML specification (normalized EOLs) use the
new methods xml_content() instead of decode(). Deserializer uses new method
automatically.

New Features

• #​882: Add new methods to create Deserializer from existing NsReader:
  • Deserializer::borrowing
  • Deserializer::borrowing_with_resolver
  • Deserializer::buffering
  • Deserializer::buffering_with_resolver
• #​878: Add ability to serialize structs in $value fields. The struct name will
  be used as a tag name. Previously only enums was allowed there.
• #​806: Add BytesText::xml_content, BytesCData::xml_content and BytesRef::xml_content
  methods which returns XML EOL normalized strings.
• #​806: Add BytesText::html_content, BytesCData::html_content and BytesRef::html_content
  methods which returns HTML EOL normalized strings.

Bug Fixes

• #​806: Properly normalize EOL characters in Deserializer.
• #​888: Properly split attribute values by items when deserialize attribute into
  list of values and attribute requires decoding.

v0.38.0

Compare Source

Significant changes

Now references to entities (as predefined, such as <, as user-defined) reported as a new
Event::GeneralRef.
Caller can parse the content of the entity and stream events from it as it is required by the
XML specification. See the updated custom_entities example!

Implement whitespace behavior in the standard in Deserializer, which says string primitive
types should preserve whitespace, while all other primitives have collapse behavior.

New Features

• #​863: Add Attributes::into_map_access(&str) and Attributes::into_deserializer() when serialize
  feature is enabled. This will allow do deserialize serde types right from attributes. Both methods
  returns the same type which implements serde's Deserializer and MapAccess traits.
• #​766: Allow to parse resolved entities as XML fragments and stream events from them.
• #​766: Added new event Event::GeneralRef with content of general entity.
• #​766: Added new configuration option allow_dangling_amp which allows to have
  a & not followed by ; in the textual data which is required for some applications
  for compatibility reasons.
• #​285: Add ability to quick_xml::de::Text to access text with trimmed spaces

Bug Fixes

• #​868: Allow to have both $text and $value special fields in one struct. Previously
  any text will be recognized as $value field even when $text field is also presented.
• #​868: Skip text events when deserialize a sequence of items overlapped with text (including CDATA).
• #​841: Do not strip xml prefix from the attributes when map them to struct fields in Deserializer.

Misc Changes

• #​863: Remove From<QName<'a>> for BytesStart<'a> because now BytesStart stores the
  encoding in which its data is encoded, but QName is a simple wrapper around byte slice.
• #​766: BytesText::unescape and BytesText::unescape_with replaced by BytesText::decode.
  Now Text events does not contain escaped parts which are reported as Event::GeneralRef.

v0.37.5

Compare Source

New Features

• #​857: Add BytesCData::decode().

v0.37.4

Compare Source

Misc Changes

• #​852: Add Debug impl for NsReader and Reader and Clone impl for NsReader

v0.37.3

Compare Source

New Features

• #​850: Add Attribute::as_bool() method to get an attribute value as a boolean.
• #​850: Add Attributes::has_nil() method to check if attributes has xsi:nil attribute set to true.
• #​497: Handle xsi:nil attribute in serde Deserializer to better process optional fields.

v0.37.2

Compare Source

New Features

• #​836: Add se::to_utf8_io_writer() helper compatible with std::io::Write and restricted to UTF-8 encoding.

v0.37.1

Compare Source

New Features

• #​831: Add BytesCData::escaped() fn to construct CDATA events from arbitrary user input.

v0.37.0

Compare Source

New Features

• #​826: Implement From<String> and From<Cow<str>> for quick_xml::de::Text.
• #​826: Make SimpleTypeDeserializer and SimpleTypeSerializer public.
• #​826: Implement IntoDeserializer for &mut Deserializer.

Bug Fixes

• #​655: Do not write indent before and after $text fields and those $value fields
  that are serialized as a text (for example, usize or String).
• #​826: Handle only those boolean representations that are allowed by Xml Schema
  which is only "true", "1", "false", and "0". Previously the following values
  also was accepted:

  bool	XML content
  true	"True", "TRUE", "t", "Yes", "YES", "yes", "y"
  false	"False", "FALSE", "f", "No", "NO", "no", "n"

Misc Changes

• #​227: Split SeError from DeError in the serialize feature.
  Serialize functions and methods now return SeError.
• #​810: Return std::io::Error from Writer methods.
• #​811: Split NamespaceError and EncodingError from Error.
• #​811: Renamed Error::EscapeError to Error::Escape to match other variants.
• #​811: Narrow down error return type from Error where only one variant is ever returned:
  attribute related methods on BytesStart and BytesDecl returns AttrError
• #​820: Classify output of the Serializer by returning an enumeration with kind of written data
• #​823: Do not allow serialization of consequent primitives, for example Vec<usize> or
  Vec<String> in $value fields. They cannot be deserialized back with the same result
• #​827: Make escape and it variants take a impl Into<Cow<str>> argument and implement
  From<(&'a str, Cow<'a, str>)> on Attribute
• #​826: Removed DeError::InvalidInt, DeError::InvalidFloat and DeError::InvalidBoolean.
  Now the responsibility for returning the error lies with the visitor of the type.
  See rationale in serde-rs/serde#2811

v0.36.2

Compare Source

Bug Fixes

• #​533: Fix incorrect DocType closing bracket detection when parsing with buffered reader

v0.36.1

Compare Source

New Features

• #​623: Added Reader::stream() that can be used to read arbitrary data
  from the inner reader while track position for XML reader.

v0.36.0

Compare Source

Bug Fixes

• #​781: Fix conditions to start CDATA section. Only uppercase <![CDATA[ can start it.
  Previously any case was allowed.
• #​780: Fixed incorrect .error_position() when encountering syntax error for open or self-closed tag.

Misc Changes

• #​780: reader::Parser, reader::ElementParser and reader::PiParser moved to the new module parser.
• #​776: Allow to have attributes in the end tag for compatibility reasons with Adobe Flash XML parser.

v0.35.0

Compare Source

New Features

• #​772: Add reader::Config::allow_unmatched_ends to permit dangling end tags

Bug Fixes

• #​773: Fixed reporting incorrect end position in Reader::read_to_end family
  of methods and trimming of the trailing spaces in Reader::read_text when
  trim_text_start is set and the last event is not a Text event.
• #​771: Character references now allow any number of leading zeroes as it should.
  As a result, the following variants of quick_xml::escape::EscapeError are removed:
  • TooLongDecimal
  • TooLongHexadecimal
• #​771: Fixed Attribute::unescape_value which does not unescape predefined values since 0.32.0.
• #​774: Fixed regression since 0.33.0: Text event may be skipped in read_event_into()
  and read_event_into_async() in some circumstances.

Misc Changes

• #​771: EscapeError::UnrecognizedSymbol renamed to EscapeError::UnrecognizedEntity.
• #​771: Implemented PartialEq for EscapeError.
• #​771: Replace the following variants of EscapeError by InvalidCharRef variant
  with a new ParseCharRefError inside:
  • EntityWithNull
  • InvalidDecimal
  • InvalidHexadecimal
  • InvalidCodepoint

v0.34.0

Compare Source

Bug Fixes

• #​751: Fix internal overflow when read 4GB+ files on 32-bit targets using Reader<impl BufRead> readers.

Misc Changes

• #​760: Attribute::decode_and_unescape_value and Attribute::decode_and_unescape_value_with now
  accepts Decoder instead of Reader. Use Reader::decoder() to get it.
• #​760: Writer::write_event now consumes event. Use Event::borrow() if you want to keep ownership.
• #​751: Type of Reader::error_position() and Reader::buffer_position() changed from usize to u64.
• #​751: Type alias Span changed from Range<usize> to Range<u64>.

v0.33.0

Compare Source

New Features

• #​758: Implemented From<QName> for BytesStart and BytesEnd.

Bug Fixes

• #​755: Fix incorrect missing of trimming all-space text events when
  trim_text_start = false and trim_text_end = true.

Misc Changes

• #​650: Change the type of Event::PI to a new dedicated BytesPI type.
• #​759: Make const as much functions as possible:
  • resolve_html5_entity()
  • resolve_predefined_entity()
  • resolve_xml_entity()
  • Attr::key()
  • Attr::value()
  • Attributes::html()
  • Attributes::new()
  • BytesDecl::from_start()
  • Decoder::encoding()
  • Deserializer::get_ref()
  • IoReader::get_ref()
  • LocalName::into_inner()
  • Namespace::into_inner()
  • NsReader::config()
  • NsReader::prefixes()
  • Prefix::into_inner()
  • QName::into_inner()
  • Reader::buffer_position()
  • Reader::config()
  • Reader::decoder()
  • Reader::error_position()
  • Reader::get_ref()
  • SliceReader::get_ref()
  • Writer::get_ref()
  • Writer::new()
• #​763: Hide quick_xml::escape::resolve_html5_entity under escape-html feature again.
  This function has significant influence to the compilation time (10+ seconds or 5x times)

v0.32.0

Compare Source

The way to configure parser is changed. Now all configuration is contained in the
Config struct and can be applied at once. When serde-types feature is enabled,
configuration is serializable.

The method of reporting positions of errors has changed - use error_position()
to get an offset of the error position. For SyntaxErrors the range
error_position()..buffer_position() also will represent a span of error.

The way of resolve entities with unescape_with are changed. Those methods no longer
resolve predefined entities.

New Features

• #​513: Allow to continue parsing after getting new Error::IllFormed.
• #​677: Added methods config() and config_mut() to inspect and change the parser
  configuration. Previous builder methods on Reader / NsReader was replaced by
  direct access to fields of config using reader.config_mut().<...>.
• #​684: Added a method Config::enable_all_checks to turn on or off all
  well-formedness checks.
• #​362: Added escape::minimal_escape() which escapes only & and <.
• #​362: Added BytesCData::minimal_escape() which escapes only & and <.
• #​362: Added Serializer::set_quote_level() which allow to set desired level of escaping.
• #​705: Added NsReader::prefixes() to list all the prefixes currently declared.
• #​629: Added a default case to impl_deserialize_for_internally_tagged_enum macro so that
  it can handle every attribute that does not match existing cases within an enum variant.
• #​722: Allow to pass owned strings to Writer::create_element. This is breaking change!
• #​275: Added ElementWriter::new_line() which enables pretty printing elements with multiple attributes.
• #​743: Added Deserializer::get_ref() to get XML Reader from serde Deserializer
• #​734: Added helper functions to resolve predefined XML and HTML5 entities:
  • quick_xml::escape::resolve_predefined_entity
  • quick_xml::escape::resolve_xml_entity
  • quick_xml::escape::resolve_html5_entity
• #​753: Added parser for processing instructions: quick_xml::reader::PiParser.
• #​754: Added parser for elements: quick_xml::reader::ElementParser.

Bug Fixes

• #​622: Fix wrong disregarding of not closed markup, such as lone <.
• #​684: Fix incorrect position reported for Error::IllFormed(DoubleHyphenInComment).
• #​684: Fix incorrect position reported for Error::IllFormed(MissingDoctypeName).
• #​704: Fix empty tags with attributes not being expanded when expand_empty_elements is set to true.
• #​683: Use local tag name when check tag name against possible names for field.
• #​753: Correctly determine end of processing instructions and XML declaration.

Misc Changes

• #​675: Minimum supported version of serde raised to 1.0.139
• #​675: Rework the quick_xml::Error type to provide more accurate information:
  • Error::EndEventMismatch replaced by IllFormedError::MismatchedEndTag in some cases
  • Error::EndEventMismatch replaced by IllFormedError::UnmatchedEndTag in some cases
  • Error::TextNotFound was removed because not used
  • Error::UnexpectedBang replaced by SyntaxError
  • Error::UnexpectedEof replaced by SyntaxError in some cases
  • Error::UnexpectedEof replaced by IllFormedError in some cases
  • Error::UnexpectedToken replaced by IllFormedError::DoubleHyphenInComment
  • Error::XmlDeclWithoutVersion replaced by IllFormedError::MissingDeclVersion (in #​684)
  • Error::EmptyDocType replaced by IllFormedError::MissingDoctypeName (in #​684)
• #​684: Changed positions reported for SyntaxErrors: now they are always points
  to the start of markup (i. e. to the < character) with error. Use error_position()
  for that.
• #​684: Now <??> parsed as Event::PI with empty content instead of raising
  syntax error.
• #​684: Now <?xml?> parsed as Event::Decl instead of Event::PI.
• #​362: Now default quote level is QuoteLevel::Partial when using serde serializer.
• #​689: buffer_position() now always report the position the parser last seen.
  To get an error position use error_position().
• #​738: Add an example of how to deserialize XML elements into Rust enums using an
  intermediate custom deserializer.
• #​748: Implement Clone for DeEvent, PayloadEvent and Text.
• #​734: Rename NoEntityResolver to PredefinedEntityResolver.
• #​734: No longer resolve predefined entities (lt, gt, apos, quot, amp)
  in unescape_with family of methods. You should do that by yourself using the methods
  listed above.

serde-rs/json (serde_json)

v1.0.150

Compare Source

• Reject non-string enum object keys (#​1324, thanks @​puneetdixit200)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.