Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.11.3 to
2.11.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md">indexmap's
changelog</a>.</em></p>
<blockquote>
<h2>2.11.4 (2025-09-18)</h2>
<ul>
<li>Updated the <code>hashbrown</code> dependency to a range allowing
0.15 or 0.16.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="03f9e58626"><code>03f9e58</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/418">#418</a>
from a1phyr/hashbrown_0.16</li>
<li><a
href="ee6080d480"><code>ee6080d</code></a>
Release 2.11.4</li>
<li><a
href="a7da8f181e"><code>a7da8f1</code></a>
Use a range for hashbrown</li>
<li><a
href="0cd5aefb44"><code>0cd5aef</code></a>
Update <code>hashbrown</code> to 0.16</li>
<li>See full diff in <a
href="https://github.com/indexmap-rs/indexmap/compare/2.11.3...2.11.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.11.1 to
2.11.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md">indexmap's
changelog</a>.</em></p>
<blockquote>
<h2>2.11.3 (2025-09-15)</h2>
<ul>
<li>Make the minimum <code>serde</code> version only apply when
"serde" is enabled.</li>
</ul>
<h2>2.11.2 (2025-09-15)</h2>
<ul>
<li>Switched the "serde" feature to depend on
<code>serde_core</code>, improving build
parallelism in cases where other dependents have enabled
"serde/derive".</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fd5c819daf"><code>fd5c819</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/417">#417</a>
from cuviper/release-2.11.3</li>
<li><a
href="9321145e1f"><code>9321145</code></a>
Release 2.11.3</li>
<li><a
href="7b485688c2"><code>7b48568</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/416">#416</a>
from cuviper/release-2.11.2</li>
<li><a
href="49ce7fa471"><code>49ce7fa</code></a>
Release 2.11.2</li>
<li><a
href="58fd834804"><code>58fd834</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/414">#414</a>
from DaniPopes/serde_core</li>
<li><a
href="5dc1d6ab31"><code>5dc1d6a</code></a>
Depend on <code>serde_core</code> instead of <code>serde</code></li>
<li><a
href="dc8f9b30e2"><code>dc8f9b3</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/415">#415</a>
from cuviper/vec-links</li>
<li><a
href="f3431bf938"><code>f3431bf</code></a>
Fix <code>Vec</code> doc links</li>
<li>See full diff in <a
href="https://github.com/indexmap-rs/indexmap/compare/2.11.1...2.11.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.219 to
1.0.223.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/serde/releases">serde's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.223</h2>
<ul>
<li>Fix serde_core documentation links (<a
href="https://redirect.github.com/serde-rs/serde/issues/2978">#2978</a>)</li>
</ul>
<h2>v1.0.222</h2>
<ul>
<li>Make <code>serialize_with</code> attribute produce code that works
if respanned to 2024 edition (<a
href="https://redirect.github.com/serde-rs/serde/issues/2950">#2950</a>,
thanks <a href="https://github.com/aytey"><code>@aytey</code></a>)</li>
</ul>
<h2>v1.0.221</h2>
<ul>
<li>Documentation improvements (<a
href="https://redirect.github.com/serde-rs/serde/issues/2973">#2973</a>)</li>
<li>Deprecate <code>serde_if_integer128!</code> macro (<a
href="https://redirect.github.com/serde-rs/serde/issues/2975">#2975</a>)</li>
</ul>
<h2>v1.0.220</h2>
<ul>
<li>Add a way for data formats to depend on serde traits without waiting
for serde_derive compilation: <a
href="https://docs.rs/serde_core">https://docs.rs/serde_core</a> (<a
href="https://redirect.github.com/serde-rs/serde/issues/2608">#2608</a>,
thanks <a
href="https://github.com/osiewicz"><code>@osiewicz</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6c316d7cb5"><code>6c316d7</code></a>
Release 1.0.223</li>
<li><a
href="a4ac0c2bc6"><code>a4ac0c2</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2978">#2978</a>
from dtolnay/htmlrooturl</li>
<li><a
href="ed76364f87"><code>ed76364</code></a>
Change serde_core's html_root_url to docs.rs/serde_core</li>
<li><a
href="57e21a1afa"><code>57e21a1</code></a>
Release 1.0.222</li>
<li><a
href="bb58726133"><code>bb58726</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2950">#2950</a>
from aytey/fix_lifetime_issue_2024</li>
<li><a
href="3f6925125b"><code>3f69251</code></a>
Delete unneeded field of MapDeserializer</li>
<li><a
href="fd4decf2fe"><code>fd4decf</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2976">#2976</a>
from dtolnay/content</li>
<li><a
href="00b1b6b2b5"><code>00b1b6b</code></a>
Move Content's Deserialize impl from serde_core to serde</li>
<li><a
href="cf141aa8c7"><code>cf141aa</code></a>
Move Content's Clone impl from serde_core to serde</li>
<li><a
href="ff3aee490a"><code>ff3aee4</code></a>
Release 1.0.221</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/serde/compare/v1.0.219...v1.0.223">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Vello has updated to wgpu v26 recently. It might be a good time for
servo to update as well. This PR should wait for #39015 and #38717
Testing: WebGPU CTS
Fixes: None
---------
Signed-off-by: Wu Yu Wei <yuweiwu@pm.me>
This should be the final PR for the Hash Function series that is
trivial.
Of note: I decided to transform `HashMapTracedValues<Atom,..>` to use
FxBuildHasher. This is likely not going to improve performance as Atom's
already have a unique u32 that is used as the Hash but it safes a few
bytes for the RandomState that is normally in the HashMap.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Testing: Hash function changes should not change functionality, we
slightly decrease the size and unit tests still work.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fxhash seems to be unmaintained (see
https://github.com/rustsec/advisory-db/issues/2185) so we should move
away from it.
Additionally, the new crate might be slightly faster.
There is still some cases depending on stylo that have the old fxhash
crate.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Testing: Changes in Hash should really not show any bugs. And
performance should be comparable.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Bumps [windows-sys](https://github.com/microsoft/windows-rs) from 0.59.0
to 0.61.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/microsoft/windows-rs/releases">windows-sys's
releases</a>.</em></p>
<blockquote>
<h2>61</h2>
<p>Major crate updates:</p>
<ul>
<li><code>windows</code> 0.59.0</li>
<li><code>windows-core</code> 0.59.0
<ul>
<li><code>windows-implement</code> 0.59.0</li>
<li><code>windows-interface</code> 0.59.0</li>
</ul>
</li>
<li><code>windows-targets</code> 0.53.0
<ul>
<li><code>windows_i686_msvc</code> 0.53.0</li>
<li><code>windows_x86_64_msvc</code> 0.53.0</li>
<li><code>windows_aarch64_msvc</code> 0.53.0</li>
<li><code>windows_i686_gnu</code> 0.53.0</li>
<li><code>windows_x86_64_gnu</code> 0.53.0</li>
<li><code>windows_i686_gnullvm</code> 0.53.0</li>
<li><code>windows_x86_64_gnullvm</code> 0.53.0</li>
<li><code>windows_aarch64_gnullvm</code> 0.53.0</li>
</ul>
</li>
<li><code>windows-bindgen</code> 0.59.0</li>
<li><code>windows-registry</code> 0.4.0</li>
<li><code>windows-result</code> 0.3.0</li>
<li><code>windows-strings</code> 0.3.0</li>
<li><code>cppwinrt</code> 0.2.0</li>
</ul>
<p>Minor crate updates:</p>
<ul>
<li><code>windows-version</code> 0.1.2</li>
</ul>
<p>Excluded:</p>
<ul>
<li><code>windows-sys</code> 0.59.0</li>
</ul>
<p>Things to keep in mind:</p>
<ul>
<li>
<p>The tag/release names no longer map directly to the crate versions,
so to <a
href="https://github.com/microsoft/windows-rs/tree/master/crates/samples">find
samples</a> for a particular release requires looking at <a
href="https://github.com/microsoft/windows-rs/releases">the releases</a>
page and finding the release that most recently updated a particular
crate.</p>
</li>
<li>
<p>The <code>windows-bindgen</code> crate includes the major code
generation overhaul that brings many improvements - be sure to check out
the PR description for more information. The resulting code gen depends
on the new version of <code>windows-core</code> and its dependencies,
unless you include the <code>--sys</code> option. <a
href="https://redirect.github.com/microsoft/windows-rs/issues/3359">#3359</a></p>
</li>
<li>
<p>The <code>cppwinrt</code> crate constitutes a major update due to
streamlining the error handling. <a
href="https://redirect.github.com/microsoft/windows-rs/issues/3415">#3415</a></p>
</li>
<li>
<p>The <code>windows-registry</code>, <code>windows-strings,</code> and
<code>windows-result</code> crates are also major version updates since
they include small breaking changes.</p>
</li>
<li>
<p>The <code>windows-targets</code> crate finally receives a major
version update, the first in over a year. This is due to <a
href="https://redirect.github.com/microsoft/windows-rs/issues/3359">#3359</a>
and <a
href="https://redirect.github.com/microsoft/windows-rs/issues/3342">#3342</a>
potentially introducing breaking changes. Although unlikely, these
updates introduced sufficient changes that make it hard to ensure that
the <code>windows-targets</code> libs don't break existing code. As
we're updating <code>windows-targets</code> anyway, I took the liberty
to bump the MSRV to 1.60 - to match the latest version of
<code>windows-sys</code> - and remove the old but unused doc macro
feature. Both remained for compatibility with very old dependents of the
<code>windows-targets</code> crate.</p>
</li>
<li>
<p>The <code>windows-version</code> crate receives a minor update to
update its dependency on the <code>windows-targets</code> crate.</p>
</li>
<li>
<p>Beyond these specifics, this update is the culmination of around 6
months worth of work on the <code>windows-rs</code> project. The biggest
improvements comes from the new code generation engine, but many other
improvements are now also available for production. This includes
support for many new lints, warnings, and suggestions provided by the
Rust toolchain; much smaller code gen thanks to deriving many more
traits; more efficient code gen; major improvements to WinRT type system
and implementation support; more robust and consistent error handling;
stock collection and async support; improved support for class
hierarchies; and much more!</p>
</li>
</ul>
<p>In addition to "what's changed" below, check out what's
changed for notes for <a
href="https://github.com/microsoft/windows-rs/releases/tag/0.60.0">0.60.0</a>
and <a
href="https://github.com/microsoft/windows-rs/releases/tag/0.59.0">0.59.0</a>
for additional changes that roll up to the crates published as part of
this release.</p>
<h2>What's Changed</h2>
<ul>
<li>Remove improper_ctypes workaround by <a
href="https://github.com/ChrisDenton"><code>@ChrisDenton</code></a> in
<a
href="https://redirect.github.com/microsoft/windows-rs/pull/3296">microsoft/windows-rs#3296</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5888c8c472"><code>5888c8c</code></a>
Release 0.61.0 (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3418">#3418</a>)</li>
<li><a
href="9911fee2a9"><code>9911fee</code></a>
Improve feature search UX, add dark mode, and update deps (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3422">#3422</a>)</li>
<li><a
href="eed74532cd"><code>eed7453</code></a>
Update GitHub Actions runners (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3423">#3423</a>)</li>
<li><a
href="284f18906a"><code>284f189</code></a>
Avoid <code>transmute</code> where possible (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3421">#3421</a>)</li>
<li><a
href="b35dfd1470"><code>b35dfd1</code></a>
Update web workflow to use external origin (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3420">#3420</a>)</li>
<li><a
href="3566fca8c5"><code>3566fca</code></a>
Fix provenance in direct32 sample (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3419">#3419</a>)</li>
<li><a
href="382ea566c2"><code>382ea56</code></a>
Use <code>track_caller</code> to make debugging <code>cppwinrt</code>
build script errors easier (#...</li>
<li><a
href="f09c13292a"><code>f09c132</code></a>
Shorten sample crate names (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3416">#3416</a>)</li>
<li><a
href="5e8ce09c70"><code>5e8ce09</code></a>
<code>cppwinrt</code> should consistently panic on failure (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3415">#3415</a>)</li>
<li><a
href="d02c977dc8"><code>d02c977</code></a>
Detect unsupported array parameters (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3402">#3402</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/microsoft/windows-rs/compare/0.59.0...0.61.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Euclid Ye <euclid.ye@huawei.com>
This includes some small refactoring and some small breaking changes as
listed below. Other than these I tried to keep the functionality exactly
the same but because in the old code the parsing and settings of
preferences was intermingled it was difficult to figure out.
Small Breaking:
- Size and resources-path were unused but appeared in the help.
- soft-fail and hard-fail: Soft-fail flag got removed because it is too
difficult to keep both. The default is now soft-fail and hard-fail can
be enabled.
- The help strings are obviously formatted differently now.
- -V does not work anymore but -v and --version.
Ideally, we want to have the ServoShellPreferences and Preferences be
directly the Argument structure but that needs a bit more discussion
because it would break backwards compatibility with the commandline.
This increases the binary size by ~280kb.
Testing: The testcases are still working but they do not cover much.
I added a unit test for the -p flag because it is the most difficult to
parse in general.
Fixes: This will fix a small number of various parsing misshaps. It will
also show if we are removing an option via unused lint.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.18.0 to 1.18.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/uuid-rs/uuid/releases">uuid's
releases</a>.</em></p>
<blockquote>
<h2>v1.18.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Unsafe cleanup by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/841">uuid-rs/uuid#841</a></li>
<li>Prepare for 1.18.1 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/842">uuid-rs/uuid#842</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1">https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="50d8e797ed"><code>50d8e79</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/842">#842</a> from
uuid-rs/cargo/v1.18.1</li>
<li><a
href="79485925e9"><code>7948592</code></a>
prepare for 1.18.1 release</li>
<li><a
href="6d847c79d0"><code>6d847c7</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/841">#841</a> from
uuid-rs/chore/unsafe-cleanup</li>
<li><a
href="675cccc829"><code>675cccc</code></a>
re-gate zerocopy behind unstable feature flag</li>
<li><a
href="4dd5828060"><code>4dd5828</code></a>
Remove some unsafe; stabilize zerocopy</li>
<li>See full diff in <a
href="https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [getopts](https://github.com/rust-lang/getopts) from 0.2.23 to
0.2.24.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/getopts/releases">getopts's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.24</h2>
<h3>Other</h3>
<ul>
<li>Make unicode-width an optional default dependency (<a
href="https://redirect.github.com/rust-lang/getopts/pull/133">#133</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/getopts/blob/master/CHANGELOG.md">getopts's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/rust-lang/getopts/compare/v0.2.23...v0.2.24">0.2.24</a>
- 2025-08-29</h2>
<h3>Other</h3>
<ul>
<li>Make unicode-width an optional default dependency (<a
href="https://redirect.github.com/rust-lang/getopts/pull/133">#133</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="40846923f0"><code>4084692</code></a>
chore: release v0.2.24 (<a
href="https://redirect.github.com/rust-lang/getopts/issues/134">#134</a>)</li>
<li><a
href="03ce599970"><code>03ce599</code></a>
Make unicode-width an optional default dependency (<a
href="https://redirect.github.com/rust-lang/getopts/issues/133">#133</a>)</li>
<li>See full diff in <a
href="https://github.com/rust-lang/getopts/compare/v0.2.23...v0.2.24">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from
0.3.19 to 0.3.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/tracing/releases">tracing-subscriber's
releases</a>.</em></p>
<blockquote>
<h2>tracing-subscriber 0.3.20</h2>
<p><strong>Security Fix</strong>: ANSI Escape Sequence Injection
(CVE-TBD)</p>
<h2>Impact</h2>
<p>Previous versions of tracing-subscriber were vulnerable to ANSI
escape sequence injection attacks. Untrusted user input containing ANSI
escape sequences could be injected into terminal output when logged,
potentially allowing attackers to:</p>
<ul>
<li>Manipulate terminal title bars</li>
<li>Clear screens or modify terminal display</li>
<li>Potentially mislead users through terminal manipulation</li>
</ul>
<p>In isolation, impact is minimal, however security issues have been
found in terminal emulators that enabled an attacker to use ANSI escape
sequences via logs to exploit vulnerabilities in the terminal
emulator.</p>
<h2>Solution</h2>
<p>Version 0.3.20 fixes this vulnerability by escaping ANSI control
characters in when writing events to destinations that may be printed to
the terminal.</p>
<h2>Affected Versions</h2>
<p>All versions of tracing-subscriber prior to 0.3.20 are affected by
this vulnerability.</p>
<h2>Recommendations</h2>
<p>Immediate Action Required: We recommend upgrading to
tracing-subscriber 0.3.20 immediately, especially if your
application:</p>
<ul>
<li>Logs user-provided input (form data, HTTP headers, query parameters,
etc.)</li>
<li>Runs in environments where terminal output is displayed to
users</li>
</ul>
<h2>Migration</h2>
<p>This is a patch release with no breaking API changes. Simply update
your Cargo.toml:</p>
<pre lang="toml"><code>[dependencies]
tracing-subscriber = "0.3.20"
</code></pre>
<h2>Acknowledgments</h2>
<p>We would like to thank <a href="http://github.com/zefr0x">zefr0x</a>
who responsibly reported the issue at
<code>security@tokio.rs</code>.</p>
<p>If you believe you have found a security vulnerability in any
tokio-rs project, please email us at <code>security@tokio.rs</code>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4c52ca5266"><code>4c52ca5</code></a>
fmt: fix ANSI escape sequence injection vulnerability (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3368">#3368</a>)</li>
<li><a
href="f71cebe41e"><code>f71cebe</code></a>
subscriber: impl Clone for EnvFilter (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3360">#3360</a>)</li>
<li><a
href="3a1f571102"><code>3a1f571</code></a>
Fix CI (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3361">#3361</a>)</li>
<li><a
href="e63ef57f3d"><code>e63ef57</code></a>
chore: prepare tracing-attributes 0.1.30 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3316">#3316</a>)</li>
<li><a
href="6e59a13b1a"><code>6e59a13</code></a>
attributes: fix tracing::instrument regression around shadowing (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3311">#3311</a>)</li>
<li><a
href="e4df761275"><code>e4df761</code></a>
tracing: update core to 0.1.34 and attributes to 0.1.29 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3305">#3305</a>)</li>
<li><a
href="643f392ebb"><code>643f392</code></a>
chore: prepare tracing-attributes 0.1.29 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3304">#3304</a>)</li>
<li><a
href="d08e7a6eea"><code>d08e7a6</code></a>
chore: prepare tracing-core 0.1.34 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3302">#3302</a>)</li>
<li><a
href="6e70c571d3"><code>6e70c57</code></a>
tracing-subscriber: count numbers of enters in <code>Timings</code> (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/2944">#2944</a>)</li>
<li><a
href="c01d4fd9de"><code>c01d4fd</code></a>
fix docs and enable CI on <code>main</code> branch (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3295">#3295</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.19...tracing-subscriber-0.3.20">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/servo/servo/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Euclid Ye <euclid.ye@huawei.com>
Sanitization of object store names brought some problems because of
replacing special characters and making it impossible to have certain
object store names that are allowed by the spec. These changes make sure
deterministic UUIDs are used for file paths plus object store names are
inserted into SQLite without sanitization.
Testing: Covered by existing tests and new unit tests were added.
Fixes: #37569
---------
Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>
Testing: These changes should be covered by existing web platform tests
and `image`'s own test suite.
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.10.0 to
2.11.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md">indexmap's
changelog</a>.</em></p>
<blockquote>
<h2>2.11.0 (2025-08-22)</h2>
<ul>
<li>Added <code>insert_sorted_by</code> and
<code>insert_sorted_by_key</code> methods to <code>IndexMap</code>,
<code>IndexSet</code>, and <code>VacantEntry</code>, like customizable
versions of <code>insert_sorted</code>.</li>
<li>Added <code>is_sorted</code>, <code>is_sorted_by</code>, and
<code>is_sorted_by_key</code> methods to
<code>IndexMap</code> and <code>IndexSet</code>, as well as their
<code>Slice</code> counterparts.</li>
<li>Added <code>sort_by_key</code> and <code>sort_unstable_by_key</code>
methods to <code>IndexMap</code> and
<code>IndexSet</code>, as well as parallel counterparts.</li>
<li>Added <code>replace_index</code> methods to <code>IndexMap</code>,
<code>IndexSet</code>, and <code>VacantEntry</code>
to replace the key (or set value) at a given index.</li>
<li>Added optional <code>sval</code> serialization support.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="91d53adb32"><code>91d53ad</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/409">#409</a>
from cuviper/release-2.11.0</li>
<li><a
href="cf566a7060"><code>cf566a7</code></a>
Release 2.11.0</li>
<li><a
href="2e173dcf75"><code>2e173dc</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/408">#408</a>
from cuviper/is_sorted</li>
<li><a
href="e4bb7d03b9"><code>e4bb7d0</code></a>
Add <code>is_sorted</code>{,<code>_by</code>,<code>_by_key</code>}</li>
<li><a
href="0f40489b1a"><code>0f40489</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/407">#407</a>
from cuviper/sort_by_key</li>
<li><a
href="ab9e461b89"><code>ab9e461</code></a>
Add <code>sort_by_key</code> and <code>sort_unstable_by_key</code></li>
<li><a
href="a468ca41bb"><code>a468ca4</code></a>
Normalize to ASCII apostrophes</li>
<li><a
href="7939ae9c21"><code>7939ae9</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/406">#406</a>
from cuviper/more-insert_sorted_by</li>
<li><a
href="354345b5a2"><code>354345b</code></a>
Take <em>two</em> entries in <code>insert_sorted_by</code></li>
<li><a
href="314ec7dbda"><code>314ec7d</code></a>
Add quick checks for <code>insert_sorted_by</code></li>
<li>Additional commits viewable in <a
href="https://github.com/indexmap-rs/indexmap/compare/2.10.0...2.11.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This is necessary so that `constellation_traits` can get these types via
a
dependency on `fonts_traits`. This will allow sending IPC channels to
shared
workers so that they can have access to a shared `FontContext` from
`script`.
Testing: This just moves code between crates, so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
These aren't referenced anywhere, so they needlessly clutter the
`workspace.dependencies` section.
Testing: N/A
Fixes: None
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Bumps [memmap2](https://github.com/RazrFalcon/memmap2-rs) from 0.9.7 to
0.9.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/RazrFalcon/memmap2-rs/blob/master/CHANGELOG.md">memmap2's
changelog</a>.</em></p>
<blockquote>
<h2>[0.9.8] - 2025-08-22</h2>
<h3>Added</h3>
<ul>
<li><code>MmapOptions::no_reserve_swap</code>.
<a href="https://github.com/nhtyy"><code>@nhtyy</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="05b2d0ecab"><code>05b2d0e</code></a>
Merge pull request <a
href="https://redirect.github.com/RazrFalcon/memmap2-rs/issues/154">#154</a>
from RazrFalcon/release/v0.9.8</li>
<li><a
href="b59eb44fd6"><code>b59eb44</code></a>
Bump version to 0.9.8.</li>
<li><a
href="2907b1e7b7"><code>2907b1e</code></a>
Merge pull request <a
href="https://redirect.github.com/RazrFalcon/memmap2-rs/issues/153">#153</a>
from nhtyy/n/noreserve</li>
<li><a
href="8bfe4e5440"><code>8bfe4e5</code></a>
Rename noreserve in impl to no_reserve.</li>
<li><a
href="3fcecb6c79"><code>3fcecb6</code></a>
Also support <code>no_reserve_swap()</code> on Illumos.</li>
<li><a
href="c8235d7bce"><code>c8235d7</code></a>
chore: run <code>cargo fmt</code></li>
<li><a
href="beb3d3a5da"><code>beb3d3a</code></a>
fix: apply suggestions to comments</li>
<li><a
href="2abbcd6663"><code>2abbcd6</code></a>
fix: cfg target_os</li>
<li><a
href="7b67e0db76"><code>7b67e0d</code></a>
fix: update stub and comments</li>
<li><a
href="ec72e01a4c"><code>ec72e01</code></a>
fix: noreserve -> noreserve_swap</li>
<li>Additional commits viewable in <a
href="https://github.com/RazrFalcon/memmap2-rs/compare/v0.9.7...v0.9.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `vello`, `vello_cpu`,`skrifa`, and `read-fonts` dependencies.
Notes:
- The primary motivation for this is so that our version of `read-fonts`
matches the version used by current releases of `harfrust`
- `vello_cpu` now defaults to `RenderMode::OptimizeSpeed` so we don't
need to pass this explicitly.
Signed-off-by: Nico Burns <nico@nicoburns.com>
Bumps [cfg-if](https://github.com/rust-lang/cfg-if) from 1.0.1 to 1.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/cfg-if/releases">cfg-if's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.3</h2>
<ul>
<li>Revert "Remove <code>@__identity</code> rule."</li>
</ul>
<h2>v1.0.2</h2>
<ul>
<li>Remove <code>@__identity</code> rule.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/cfg-if/blob/main/CHANGELOG.md">cfg-if's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/rust-lang/cfg-if/compare/v1.0.2...v1.0.3">1.0.3</a>
- 2025-08-19</h2>
<ul>
<li>Revert "Remove <code>@__identity</code> rule."</li>
</ul>
<h2><a
href="https://github.com/rust-lang/cfg-if/compare/v1.0.1...v1.0.2">1.0.2</a>
- 2025-08-19</h2>
<ul>
<li>Remove <code>@__identity</code> rule.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9c7bb0bf71"><code>9c7bb0b</code></a>
chore: release v1.0.3 (<a
href="https://redirect.github.com/rust-lang/cfg-if/issues/93">#93</a>)</li>
<li><a
href="145894c77e"><code>145894c</code></a>
Revert "Remove <code>@__identity</code> rule."</li>
<li><a
href="9f747fecdd"><code>9f747fe</code></a>
chore: release v1.0.2 (<a
href="https://redirect.github.com/rust-lang/cfg-if/issues/88">#88</a>)</li>
<li><a
href="97739b8388"><code>97739b8</code></a>
Fix some ugly and inconsistent formatting.</li>
<li><a
href="4d7a585e4d"><code>4d7a585</code></a>
Remove <code>@__identity</code> rule.</li>
<li><a
href="527acbdbd4"><code>527acbd</code></a>
Bump actions/checkout from 4 to 5</li>
<li>See full diff in <a
href="https://github.com/rust-lang/cfg-if/compare/v1.0.1...v1.0.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Use skrifa instead of freetype for extracting raw table data. Allows us
to replace unsafe Freetype code with safe Skrifa code. Also allows us to
avoid copying the table data. Instead we return Arc'd data.
---------
Signed-off-by: Nico Burns <nico@nicoburns.com>
Replace static_assertions in the `size_of_test` macro with `const
assert`s. The error message is still informative.
Additionally also remove the `cfg` guard, which caused the assertion to
only be enabled on 64 bit platforms, which is something one would not
expect given the name `size_of_test` of the macro.
`cargo tree -i static_assertions` now points to only `stylo` using
`static_assertions`, so we should be able to remove this dependency
fairly easy, since the macro doesn't seem to be used there either at
first glance.
Testing: Covered by existing tests.
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
As previously proposed on zulip and discussed in the coordination
meeting, add a check to CI to see if
servo still compiles with our minimum supported Rust version.
To avoid requiring changes, we define our MSRV as the current version we
are using now (1.85.0).
This does not prevent us from updating the default compiler version,
which we should still do, to
get benefits like faster compile times, newer lints and making sure
crown stays up-to-date.
We simply test that libservo compiles in CI, since libservo (and
dependencies) is what embedders would care about. We also don't need
mach (or bootstrap!) for this, so we just use cargo build.
Testing: This PR adds a CI test. [`./mach try windows-build-libservo
linux-build-libservo
mac-build-libservo`](https://github.com/jschwe/servo/actions/runs/16901171766)
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.17.0 to 1.18.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/uuid-rs/uuid/releases">uuid's
releases</a>.</em></p>
<blockquote>
<h2>v1.18.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix up mismatched_lifetime_syntaxes lint by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/837">uuid-rs/uuid#837</a></li>
<li>Conversions between <code>Timestamp</code> and
<code>std::time::SystemTime</code> by <a
href="https://github.com/dcormier"><code>@dcormier</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/835">uuid-rs/uuid#835</a></li>
<li>Wrap the error type used in time conversions by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/838">uuid-rs/uuid#838</a></li>
<li>Prepare for 1.18.0 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/839">uuid-rs/uuid#839</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/dcormier"><code>@dcormier</code></a>
made their first contribution in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/835">uuid-rs/uuid#835</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/uuid-rs/uuid/compare/v1.17.0...v1.18.0">https://github.com/uuid-rs/uuid/compare/v1.17.0...v1.18.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="60a49eb94f"><code>60a49eb</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/839">#839</a> from
uuid-rs/cargo/v1.18.0</li>
<li><a
href="eb8c697083"><code>eb8c697</code></a>
prepare for 1.18.0 release</li>
<li><a
href="281f26fcd9"><code>281f26f</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/838">#838</a> from
uuid-rs/chore/time-conversion</li>
<li><a
href="2d67ab2b5e"><code>2d67ab2</code></a>
don't use allocated values in errors</li>
<li><a
href="c284ed562f"><code>c284ed5</code></a>
wrap the error type used in time conversions</li>
<li><a
href="87a4359f25"><code>87a4359</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/835">#835</a> from
dcormier/main</li>
<li><a
href="8927396625"><code>8927396</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/837">#837</a> from
uuid-rs/fix/lifetime-syntaxes</li>
<li><a
href="6dfb4b135c"><code>6dfb4b1</code></a>
Conversions between <code>Timestamp</code> and
<code>std::time::SystemTime</code></li>
<li><a
href="b508383aff"><code>b508383</code></a>
fix up mismatched_lifetime_syntaxes lint</li>
<li>See full diff in <a
href="https://github.com/uuid-rs/uuid/compare/v1.17.0...v1.18.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
There are two relevant breaking changes:
* instead of `)(input)`, we now need to call `).parse(input)`
* tuples are no longer a call, but a `()` call.
There is one other usage of nom 7, however that's in the build
dependencies list of mozangle via bindgen. Therefore, we won't have
duplicate nom versions in Servo binary.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
I need this to properly evaluate multi threading in vello_cpu.
Testing: Existing WPT tests, but it's just dep bump.
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Bumps [keyboard-types](https://github.com/pyfisch/keyboard-types) from
0.8.0 to 0.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pyfisch/keyboard-types/releases">keyboard-types's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.1</h2>
<h2>Added</h2>
<ul>
<li>Added <code>impl From<NamedKey> for Key</code>: <a
href="https://redirect.github.com/rust-windowing/keyboard-types/pull/81">rust-windowing/keyboard-types#81</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-windowing/keyboard-types/compare/v0.8.0...v0.8.1">https://github.com/rust-windowing/keyboard-types/compare/v0.8.0...v0.8.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f82b9e4a8a"><code>f82b9e4</code></a>
Release v0.8.1</li>
<li><a
href="6b939e28b3"><code>6b939e2</code></a>
Make it clear in the docs that space is not a named key</li>
<li><a
href="25d8e98baa"><code>25d8e98</code></a>
Add <code>impl From\<NamedKey> for Key</code></li>
<li><a
href="763483400d"><code>7634834</code></a>
Doc tweaks / improvements</li>
<li><a
href="29852c9eca"><code>29852c9</code></a>
no_std: Don't use the <code>std</code> prelude</li>
<li>See full diff in <a
href="https://github.com/pyfisch/keyboard-types/compare/v0.8.0...v0.8.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
### Changes made
This implements named grid lines (line names in `grid-template-*`),
named grid areas (`grid-template-areas`), and the ability to target
those using `grid-{row,column}-{start,end}`. It also includes a bunch of
miscelaneous fixes for `repeat(auto-fill | auto-fit, ...)` syntax as
that interacts with the specification of line names.
The actual layout implementation is in Taffy. The bulk of this PR is
updating Servo to translate (CSS Grid-related) Stylo types into Taffy
types using a new iterator-based API which uses iterators and lazy
translation for efficiency (which is more important now that we're
dealing with string data, even though they're `Atom`s).
### Testing
This functionality has lots of WPT tests. It fixes some seemingly random
CSS Grid tests that use named lines/areas even though that's not what
they're testing.
### Screenshots
wikipedia.org
<img width="1624" height="1056" alt="Screenshot 2025-07-27 at 20 03 16"
src="https://github.com/user-attachments/assets/2c50b96f-ae36-4405-ac48-b771bfdcb515"
/>
bbc.co.uk:
<img width="1624" height="1056" alt="Screenshot 2025-07-27 at 20 32 57"
src="https://github.com/user-attachments/assets/ba84e211-65d2-4411-95fb-7b9b91bea31c"
/>
theguardian.com:
<img width="1624" height="1056" alt="Screenshot 2025-07-27 at 20 33 29"
src="https://github.com/user-attachments/assets/e85daaa6-5fb0-45d4-b9ec-b22b38b087ec"
/>
---------
Signed-off-by: Nico Burns <nico@nicoburns.com>
With some adjustment for `NamedKey`. The two crates need to be bumped
together to avoid duplicate of `keyboard-types` action.
---------
Signed-off-by: PotatoCP <Kenzie.Raditya.Tirtarahardja@huawei.com>
Use workspace dependency to sync the `winit` version between examples &
libservo.
Upgrade winit to 0.30.12.
Fixes: The hope is lost as it doesn't fix anything..
---------
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
vello_cpu does not have any tests timeouts, because we do not need
download stuff from GPU as all work happens on CPU. So performance wise
it's better then classic vello at least for our usecase. There are some
vello bugs, but I think we will be able to sort them out within
upstream, eventually. Interestingly enough there are no new PASS like
they were with classic vello.
Difference with raqote can be observed here:
https://github.com/sagudev/servo/actions/runs/16549241085/attempts/1#summary-46802486798
## Known vello problems:
- https://github.com/linebender/vello/issues/1119
- https://github.com/linebender/vello/issues/1056
-
`/html/canvas/element/fill-and-stroke-styles/2d.gradient.interpolate.coloralpha.html`
- `kurbo::Cap::Butt` is defect (only visible with big lineWidth)
https://github.com/linebender/vello/issues/1063
- `/html/canvas/element/line-styles/2d.line.cross.html`
- `/html/canvas/element/line-styles/2d.line.miter.acute.html`
- other lack of strong correct problems
(https://github.com/linebender/vello/issues/1063#issuecomment-2998084736):
- `/html/canvas/element/path-objects/2d.path.rect.selfintersect.html`
- `putImageData(getImageData(...), ...)` is lossy (precision problems,
might be due to ImageData being unmultiplied)
-
`/html/canvas/element/pixel-manipulation/2d.imageData.put.unchanged.html`
Testing: Tested using vello_cpu_canvas subsuite
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Disables the serde of taffy. This feature doesn't seem to be actually
being used.
Testing: This would cause build errors if it was required. So if it
builds it should be fine.
Signed-off-by: Nico Burns <nico@nicoburns.com>
This PR changes surface type from `Vec<u8>` to `Vec<u32>` as this is
native type of raqote's backend. We used unsafe for `Vec<u8>` <->
`Vec<u32>` casting that is replaced with bytemuck. Bytemuck is already
in cargo lock.
Testing: Existing WPT tests.
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
This will allow reusing those conversions in vello_cpu backend.
Testing: Just refactor
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Add vello backend by implementing Backend traits in canvas crate (so
this lives in canvas_paint_thread - embedded process). Current
implementation uses normal wgpu, so we block on GPU work. Vello backend
is gated behind `vello` feature and `dom_canvas_vello_enabled` pref.
Feature-wise this backend is on on par with raqote (sometimes better
sometimes worse), but performance wise it's worse.
## Known vello problems:
- image roundtrip does not work (fixed in
https://github.com/linebender/vello/pull/974)
- https://github.com/linebender/vello/issues/1066 (fixed)
- clip layers are not working properly:
https://github.com/linebender/vello/issues/1061
- `/html/canvas/element/pixel-manipulation/2d.imageData.put.*`
- `/html/canvas/element/path-objects/2d.path.clip.intersect.html`
- https://github.com/linebender/vello/issues/1056
-
`/html/canvas/element/fill-and-stroke-styles/2d.gradient.interpolate.coloralpha.html`
- `kurbo::Cap::Butt` is defect (only visible with big lineWidth)
https://github.com/linebender/vello/issues/1063
- `/html/canvas/element/line-styles/2d.line.cross.html`
- `/html/canvas/element/line-styles/2d.line.miter.acute.html`
- other lack of strong correct problems
(https://github.com/linebender/vello/issues/1063#issuecomment-2998084736):
- `/html/canvas/element/path-objects/2d.path.rect.selfintersect.html`
- There is currently no way to do put image properly in vello as we
would need to ignore all clips and other stuff (we try to work around
this on best effort basis)
https://github.com/linebender/vello/issues/1088
- `/html/canvas/element/pixel-manipulation/2d.imageData.put.*`
- precision problems
- `/html/canvas/element/path-objects/2d.path.stroke.scale2.html`
- `/html/canvas/element/path-objects/2d.path.arc.scale.1.html`
## Known servo problems
- bad performance due to blocking on GPU work
- some get/put intensive tests `TIMEOUT`
- proper shadow support (non-blocker as we already are living without it
now)
- support for rect shadow is there but unimplemented currently as that's
the state in raqote
Testing: `mach try vello` will run normal WPT (with raqote) +
vello_canvas subsuite that runs only on `/html/canvas/element`. All
subsuite expectations are stored separately.
Fixes: #36823Fixes: #35230
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Some of the code we wrote is now also in upstream, mainly
`BezPath.current_position` and euclid types conversions.
Testing: Code is covered by existing WPT tests.
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Co-authored-by: Jonathan Schwender <55576758+jschwe@users.noreply.github.com>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This PR removes existing path(segment) abstractions in favor of
`kurbo::BezPath`, well actually wrapped `kurbo::BezPath`, to ensure
building of valid paths. This allows us better Path2D building in script
and doing all validation and segmentation there and also allows us
remove blocking is_point_in_path on Path2D as we can now do this in
script. Current path is still done on canvas thread side as it will be
harder to move to script (will be done as a follow up), but it now uses
this new path abstraction.
Using kurbo also allows us to ditch our manual svgpath parser with the
one provided by kurbo.
Same code is stolen from: https://github.com/servo/servo/pull/36821.
Testing: Existing WPT tests
Fixes: #37904
wpt run: https://github.com/sagudev/servo/actions/runs/16172191716
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
The cookie-rs library parses the cookie expiry date based on the format
from RFC 2616 (for HTTP/1.1), which is stricter than the format from RFC
6265 (for HTTP cookie).
This patch implements the cookie expiry date algorithm from RFC 6265.
When Cookie::parse fails in parsing the expiry date, we try to parse the
expiry again with this algorithm, to provide extra compatibility with
legacy systems.
Testing: Pass a WPT test that was expected to fail before, and add a
unit test.
Fixes: #36452
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
