Upgrade bumpalo and stop holding it back for dependabot (#30303)

This fixes a dependabot security alert.

.github/dependabot.yml

@@ -179,10 +179,6 @@ updates:
   - dependency-name: thiserror
     versions:
     - 1.0.24
-  - dependency-name: bumpalo
-    versions:
-    - 3.6.0
-    - 3.6.1
   - dependency-name: core-text
     versions:
     - 19.2.0

Cargo.lock

@@ -560,9 +560,9 @@ dependencies = [
 
 [[package]]
 name = "bumpalo"
-version = "3.3.0"
+version = "3.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5356f1d23ee24a1f785a56d1d1a5f0fd5b0f6a0c0fb2412ce11da71649ab78f6"
+checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1"
 
 [[package]]
 name = "byte-slice-cast"