Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.103.4 to
0.103.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rustls/webpki/releases">rustls-webpki's
releases</a>.</em></p>
<blockquote>
<h2>0.103.5</h2>
<ul>
<li><strong>New feature</strong>: support verification of P256+SHA512
and P384-SHA512 ECDSA signatures with aws-lc-rs. This is not a
recommended combination, but such signatures exist in the wild.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Leverage extended API from rcgen 0.14.2 by <a
href="https://github.com/djc"><code>@djc</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/366">rustls/webpki#366</a></li>
<li>Update semver-compatible dependencies by <a
href="https://github.com/djc"><code>@djc</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/369">rustls/webpki#369</a></li>
<li>ci: take updated nightly for cargo-check-external-types by <a
href="https://github.com/cpu"><code>@cpu</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/370">rustls/webpki#370</a></li>
<li>build(deps): bump actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/rustls/webpki/pull/371">rustls/webpki#371</a></li>
<li>build(deps): bump serde_json from 1.0.142 to 1.0.143 in the
crates-io group by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/rustls/webpki/pull/374">rustls/webpki#374</a></li>
<li>Clarify docs on <code>Cert</code> methods by <a
href="https://github.com/ctz"><code>@ctz</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/375">rustls/webpki#375</a></li>
<li>Extract trait for ExtendedKeyUsage validation by <a
href="https://github.com/djc"><code>@djc</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/376">rustls/webpki#376</a></li>
<li>build(deps): bump actions/setup-python from 5 to 6 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/rustls/webpki/pull/378">rustls/webpki#378</a></li>
<li>0.103.5: support P256+SHA512 and P384+SHA512 by <a
href="https://github.com/ctz"><code>@ctz</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/379">rustls/webpki#379</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rustls/webpki/compare/v/0.103.4...v/0.103.5">https://github.com/rustls/webpki/compare/v/0.103.4...v/0.103.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="064a68b479"><code>064a68b</code></a>
Prepare 0.103.5</li>
<li><a
href="f6fbb2a7bf"><code>f6fbb2a</code></a>
Support P256+SHA512 and P384+SHA512</li>
<li><a
href="41cc1fce6d"><code>41cc1fc</code></a>
Take aws-lc-rs 1.14.0</li>
<li><a
href="ac0500dc29"><code>ac0500d</code></a>
build(deps): bump actions/setup-python from 5 to 6</li>
<li><a
href="57fa975b95"><code>57fa975</code></a>
Extract trait for ExtendedKeyUsage validation</li>
<li><a
href="67002080e8"><code>6700208</code></a>
Move ExtendedKeyUsage::check() to KeyUsage</li>
<li><a
href="260cb69dac"><code>260cb69</code></a>
Extract KeyPurposeId iteration from ExtendedKeyUsage::check()</li>
<li><a
href="3ed145a2e4"><code>3ed145a</code></a>
Simplify KeyPurposeId comparison</li>
<li><a
href="b20354a813"><code>b20354a</code></a>
Clarify docs on <code>Cert</code> methods</li>
<li><a
href="0616ac9d64"><code>0616ac9</code></a>
build(deps): bump serde_json in the crates-io group</li>
<li>Additional commits viewable in <a
href="https://github.com/rustls/webpki/compare/v/0.103.4...v/0.103.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps libredox from 0.1.9 to 0.1.10.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [iana-time-zone](https://github.com/strawlab/iana-time-zone) from
0.1.63 to 0.1.64.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/strawlab/iana-time-zone/blob/main/CHANGELOG.md">iana-time-zone's
changelog</a>.</em></p>
<blockquote>
<h2>[0.1.64] - 2025-09-12</h2>
<h3>Changed</h3>
<ul>
<li>Bump <code>windows-core</code> to <code>0.56-0.62</code> range (<a
href="https://redirect.github.com/strawlab/iana-time-zone/pull/177">#177</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2a3665eb8a"><code>2a3665e</code></a>
Bump version number to 0.1.64</li>
<li><a
href="d4ea1ecc96"><code>d4ea1ec</code></a>
Merge pull request <a
href="https://redirect.github.com/strawlab/iana-time-zone/issues/177">#177</a>
from git-staus/main</li>
<li><a
href="762933846d"><code>7629338</code></a>
Bump the <code>windows-core</code> version</li>
<li><a
href="fc6ed13d08"><code>fc6ed13</code></a>
Merge pull request <a
href="https://redirect.github.com/strawlab/iana-time-zone/issues/175">#175</a>
from strawlab/dependabot/github_actions/actions/setup...</li>
<li><a
href="c4d1a1e9d1"><code>c4d1a1e</code></a>
Bump actions/setup-node from 4 to 5</li>
<li><a
href="165d4f1323"><code>165d4f1</code></a>
Bump actions/checkout from 4 to 5</li>
<li><a
href="0e0a0d04f9"><code>0e0a0d0</code></a>
Merge pull request <a
href="https://redirect.github.com/strawlab/iana-time-zone/issues/169">#169</a>
from strawlab/dependabot/github_actions/astral-sh/set...</li>
<li><a
href="44f371e87f"><code>44f371e</code></a>
Bump astral-sh/setup-uv from 5 to 6</li>
<li><a
href="6d3fe922e6"><code>6d3fe92</code></a>
clippy fix (<a
href="https://redirect.github.com/strawlab/iana-time-zone/issues/168">#168</a>)</li>
<li>See full diff in <a
href="https://github.com/strawlab/iana-time-zone/compare/v0.1.63...v0.1.64">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Vello has updated to wgpu v26 recently. It might be a good time for
servo to update as well. This PR should wait for #39015 and #38717
Testing: WebGPU CTS
Fixes: None
---------
Signed-off-by: Wu Yu Wei <yuweiwu@pm.me>
Also bumps mozjs to the latest version that has support for
`GStackVector` which is what this callback uses.
Part of #36258Fixes#38877
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Update some dependencies that were being held back due to windows
dependency updates.
Testing: No tests for dependency updates.
Signed-off-by: Alex Touchet <26315797+atouchet@users.noreply.github.com>
Bumps [zbus](https://github.com/dbus2/zbus) from 5.9.0 to 5.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dbus2/zbus/releases">zbus's
releases</a>.</em></p>
<blockquote>
<h2>🔖 zbus 5.11.0</h2>
<ul>
<li>✨ API to specify timeouts for method calls. Add a way to specify an
timeout for method calls. If
set, the method calls will timeout after the specified duration,
returning an error. This can be
used to handle the issues with non-answering D-Bus services.</li>
<li>🩹 Add <code>connection::socket::Split::new</code> method, allowing
<code>Socket</code> trait impls outside zbus.</li>
<li>📝 Mention receive_X_changes in <code>proxy</code> docs.</li>
</ul>
<h2>🔖 zbus 5.10.0</h2>
<ul>
<li>✨ Property stream will now first yield the current value.</li>
<li>🐛 Fall back to no groups rather than erroring out for peer
creds.</li>
<li>📝 Fix wrong documentation in blocking <code>Proxy</code>
methods.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="edd9a3c3d3"><code>edd9a3c</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1494">#1494</a> from
zeenix/prep-zb-5.11</li>
<li><a
href="ee3fb1b4f7"><code>ee3fb1b</code></a>
🔖 zb,zm: Release 5.11.0</li>
<li><a
href="9f85ee4b3d"><code>9f85ee4</code></a>
✅ zb: Much shorter timeout in method timeout test</li>
<li><a
href="000039a7d8"><code>000039a</code></a>
♻️ zb: Micro simplification</li>
<li><a
href="dbd853e3be"><code>dbd853e</code></a>
⬆️ micro: Update chrono to v0.4.42 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1493">#1493</a>)</li>
<li><a
href="bd4d5c722e"><code>bd4d5c7</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1491">#1491</a> from
dbus2/security-policy</li>
<li><a
href="29825e74cc"><code>29825e7</code></a>
🔒️ Add comprehensive security policy</li>
<li><a
href="e46151c9ad"><code>e46151c</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1477">#1477</a> from
sergeyfd/main</li>
<li><a
href="979f5f9030"><code>979f5f9</code></a>
✨ zb: API to specify timeouts for method calls</li>
<li><a
href="442063d295"><code>442063d</code></a>
⬆️ micro: Update time to v0.3.43 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1490">#1490</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/dbus2/zbus/compare/zbus-5.9.0...zbus-5.11.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Euclid Ye <yezhizhenjiakang@gmail.com>
Bumps [errno](https://github.com/lambda-fairy/rust-errno) from 0.3.13 to
0.3.14.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lambda-fairy/rust-errno/blob/main/CHANGELOG.md">errno's
changelog</a>.</em></p>
<blockquote>
<h1>[0.3.14] - 2025-09-08</h1>
<ul>
<li>Update windows-sys requirement from >=0.52, <=0.59 to
>=0.52, <0.62
<a
href="https://redirect.github.com/lambda-fairy/rust-errno/pull/117">#117</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/lambda-fairy/rust-errno/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [unicode-ident](https://github.com/dtolnay/unicode-ident) from
1.0.18 to 1.0.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/unicode-ident/releases">unicode-ident's
releases</a>.</em></p>
<blockquote>
<h2>1.0.19</h2>
<ul>
<li>Update to Unicode 17.0.0 (<a
href="https://redirect.github.com/dtolnay/unicode-ident/issues/37">#37</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dc018bf1ca"><code>dc018bf</code></a>
Release 1.0.19</li>
<li><a
href="9dce213946"><code>9dce213</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/unicode-ident/issues/37">#37</a>
from dtolnay/unicode17.0.0</li>
<li><a
href="17da3fe9b7"><code>17da3fe</code></a>
Force latest=17.0.0 in CI</li>
<li><a
href="acbaf6a39e"><code>acbaf6a</code></a>
Update to Unicode 17.0.0</li>
<li><a
href="e4cceeded0"><code>e4cceed</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/unicode-ident/issues/36">#36</a>
from dtolnay/ucdgenerate</li>
<li><a
href="f871463773"><code>f871463</code></a>
Regenerate comparison tests with ucd-generate 0.3.1</li>
<li><a
href="ff8590b968"><code>ff8590b</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/unicode-ident/issues/35">#35</a>
from dtolnay/latest</li>
<li><a
href="6a0743712f"><code>6a07437</code></a>
Update UCD.zip download URL</li>
<li><a
href="83d3bdfe5d"><code>83d3bdf</code></a>
Update actions/checkout@v4 -> v5</li>
<li><a
href="be1614805e"><code>be16148</code></a>
Make .gitattributes match only paths from repo root</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/unicode-ident/compare/1.0.18...1.0.19">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Uses the `zstd` support from `async-compression` to support zstd
Content-Encoding.
Testing: Covered by wpt tests.
Signed-off-by: webbeef <me@webbeef.org>
This should be the final PR for the Hash Function series that is
trivial.
Of note: I decided to transform `HashMapTracedValues<Atom,..>` to use
FxBuildHasher. This is likely not going to improve performance as Atom's
already have a unique u32 that is used as the Hash but it safes a few
bytes for the RandomState that is normally in the HashMap.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Testing: Hash function changes should not change functionality, we
slightly decrease the size and unit tests still work.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Bumps [zbus_macros](https://github.com/dbus2/zbus) from 5.10.0 to
5.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dbus2/zbus/releases">zbus_macros's
releases</a>.</em></p>
<blockquote>
<h2>🔖 zbus_macros 3.14.0.</h2>
<p>✨ Allow unicast signals through the <code>dbus_interface</code>.
Fixes <a
href="https://redirect.github.com/dbus2/zbus/issues/374">#374</a>.
⬆️ Bump our MSRV. More and more dependencies are requiring Rust 1.64.0,
so let's bump our MSRV
to match.
🔥 Drop manual <code>Default</code> impl of
<code>PropertyEmitsChangedSignal</code>. After Rust 1.64, we can use the
derive for this.
⏪️ Revert locking of <code>winnow</code> version. We've bumped our MSRV
so there is no need for this
workaround anymore.
🎨 Code comments should also adhere to 100 character limit.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="edd9a3c3d3"><code>edd9a3c</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1494">#1494</a> from
zeenix/prep-zb-5.11</li>
<li><a
href="ee3fb1b4f7"><code>ee3fb1b</code></a>
🔖 zb,zm: Release 5.11.0</li>
<li><a
href="9f85ee4b3d"><code>9f85ee4</code></a>
✅ zb: Much shorter timeout in method timeout test</li>
<li><a
href="000039a7d8"><code>000039a</code></a>
♻️ zb: Micro simplification</li>
<li><a
href="dbd853e3be"><code>dbd853e</code></a>
⬆️ micro: Update chrono to v0.4.42 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1493">#1493</a>)</li>
<li><a
href="bd4d5c722e"><code>bd4d5c7</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1491">#1491</a> from
dbus2/security-policy</li>
<li><a
href="29825e74cc"><code>29825e7</code></a>
🔒️ Add comprehensive security policy</li>
<li><a
href="e46151c9ad"><code>e46151c</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1477">#1477</a> from
sergeyfd/main</li>
<li><a
href="979f5f9030"><code>979f5f9</code></a>
✨ zb: API to specify timeouts for method calls</li>
<li><a
href="442063d295"><code>442063d</code></a>
⬆️ micro: Update time to v0.3.43 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1490">#1490</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/dbus2/zbus/compare/zbus-5.10.0...zbus-5.11.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
FxHash is faster than FnvHash and SipHash for simple types up to at
least 64 bytes. The cryptographic guarantees are not needed for any
types changed here because they are simple ids.
This changes the types in script and net crates.
In a future PR we will change the remaining Fnv to be also Fx unless
there is a reason to keep them as Fnv.
Testing: Should not change functionality but unit test and wpt will find
it.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.41 to
0.4.42.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chronotope/chrono/releases">chrono's
releases</a>.</em></p>
<blockquote>
<h2>0.4.42</h2>
<h2>What's Changed</h2>
<ul>
<li>Add fuzzer for DateTime::parse_from_str by <a
href="https://github.com/tyler92"><code>@tyler92</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1700">chronotope/chrono#1700</a></li>
<li>Fix wrong amount of micro/milliseconds by <a
href="https://github.com/nmlt"><code>@nmlt</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1703">chronotope/chrono#1703</a></li>
<li>Add warning about MappedLocalTime and wasm by <a
href="https://github.com/lutzky"><code>@lutzky</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1702">chronotope/chrono#1702</a></li>
<li>Fix incorrect parsing of fixed-length second fractions by <a
href="https://github.com/chris-leach"><code>@chris-leach</code></a> in
<a
href="https://redirect.github.com/chronotope/chrono/pull/1705">chronotope/chrono#1705</a></li>
<li>Fix cfgs for <code>wasm32-linux</code> support by <a
href="https://github.com/arjunr2"><code>@arjunr2</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1707">chronotope/chrono#1707</a></li>
<li>Fix OpenHarmony's <code>tzdata</code> parsing by <a
href="https://github.com/ldm0"><code>@ldm0</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1679">chronotope/chrono#1679</a></li>
<li>Convert NaiveDate to/from days since unix epoch by <a
href="https://github.com/findepi"><code>@findepi</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1715">chronotope/chrono#1715</a></li>
<li>Add <code>?Sized</code> bound to related methods of
<code>DelayedFormat::write_to</code> by <a
href="https://github.com/Huliiiiii"><code>@Huliiiiii</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1721">chronotope/chrono#1721</a></li>
<li>Add <code>from_timestamp_secs</code> method to <code>DateTime</code>
by <a href="https://github.com/jasonaowen"><code>@jasonaowen</code></a>
in <a
href="https://redirect.github.com/chronotope/chrono/pull/1719">chronotope/chrono#1719</a></li>
<li>Migrate to core::error::Error by <a
href="https://github.com/benbrittain"><code>@benbrittain</code></a> in
<a
href="https://redirect.github.com/chronotope/chrono/pull/1704">chronotope/chrono#1704</a></li>
<li>Upgrade to windows-bindgen 0.63 by <a
href="https://github.com/djc"><code>@djc</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1730">chronotope/chrono#1730</a></li>
<li>strftime: simplify error handling by <a
href="https://github.com/djc"><code>@djc</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1731">chronotope/chrono#1731</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f3fd15f976"><code>f3fd15f</code></a>
Bump version to 0.4.42</li>
<li><a
href="5cf5603500"><code>5cf5603</code></a>
strftime: add regression test case</li>
<li><a
href="a6231701ee"><code>a623170</code></a>
strftime: simplify error handling</li>
<li><a
href="36fbfb1221"><code>36fbfb1</code></a>
strftime: move specifier handling out of match to reduce rightward
drift</li>
<li><a
href="7f413c363b"><code>7f413c3</code></a>
strftime: yield None early</li>
<li><a
href="9d5dfe1640"><code>9d5dfe1</code></a>
strftime: outline constants</li>
<li><a
href="e5f6be7db4"><code>e5f6be7</code></a>
strftime: move error() method below caller</li>
<li><a
href="d516c2764d"><code>d516c27</code></a>
strftime: merge impl blocks</li>
<li><a
href="0ee2172fb9"><code>0ee2172</code></a>
strftime: re-order items to keep impls together</li>
<li><a
href="757a8b0226"><code>757a8b0</code></a>
Upgrade to windows-bindgen 0.63</li>
<li>Additional commits viewable in <a
href="https://github.com/chronotope/chrono/compare/v0.4.41...v0.4.42">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This moves more of HashMap/FnvHashMap to FxHashmap. Again we only
changed instances that do not look security related and have small keys.
Additionally, allocator used the fnv feature which did not seem to be
used.
Testing: Unit Tests and WPT should cover this and functionality change
is highly unlikely.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Bumps [lebe](https://github.com/johannesvollmer/lebe) from 0.5.2 to
0.5.3.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/johannesvollmer/lebe/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [wit-bindgen](https://github.com/bytecodealliance/wit-bindgen)
from 0.45.0 to 0.45.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5d37dfb192"><code>5d37dfb</code></a>
Release wit-bindgen 0.45.1 (<a
href="https://redirect.github.com/bytecodealliance/wit-bindgen/issues/1378">#1378</a>)</li>
<li><a
href="3db0056513"><code>3db0056</code></a>
Fill out missing <code>StreamRead::cancel</code> implementation (<a
href="https://redirect.github.com/bytecodealliance/wit-bindgen/issues/1376">#1376</a>)</li>
<li><a
href="ca55f12b7c"><code>ca55f12</code></a>
fix(core): results for async task generation (<a
href="https://redirect.github.com/bytecodealliance/wit-bindgen/issues/1374">#1374</a>)</li>
<li><a
href="93c9ee3d6f"><code>93c9ee3</code></a>
Disable unused-import warnings on <code>__with_name*</code> aliases. (<a
href="https://redirect.github.com/bytecodealliance/wit-bindgen/issues/1372">#1372</a>)</li>
<li>See full diff in <a
href="https://github.com/bytecodealliance/wit-bindgen/compare/v0.45.0...v0.45.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [zune-jpeg](https://github.com/etemesi254/zune-image) from 0.4.20
to 0.4.21.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/etemesi254/zune-image/releases">zune-jpeg's
releases</a>.</em></p>
<blockquote>
<h2>v0.1.0</h2>
<p>No release notes provided.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/etemesi254/zune-image/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [winapi-util](https://github.com/BurntSushi/winapi-util) from
0.1.10 to 0.1.11.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="803874c57d"><code>803874c</code></a>
0.1.11</li>
<li><a
href="c14bbd7bfa"><code>c14bbd7</code></a>
deps: support windows-sys 0.61</li>
<li>See full diff in <a
href="https://github.com/BurntSushi/winapi-util/compare/0.1.10...0.1.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
While I adding spec comments to the CSP crate, I discovered two issues:
1. We should only use the last sandbox value (WPT test added)
2. We weren't checking for the scripting sandbox flag in document
Also, the autoplay test should have allowed scripts to run, otherwise
the test doesn't run. Since we weren't checking the flag before, the
test ran fine for Servo. However, it wouldn't run for other browsers.
Also realized that an existing test was pointing to a non-existent file
(since it doesn't have `.sub`). Updated that and confirmed that in other
browsers it now properly works (it no longer shows a 404). However,
Servo now fails that test as we don't fire an load event.
Part of #913
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
fxhash seems to be unmaintained (see
https://github.com/rustsec/advisory-db/issues/2185) so we should move
away from it.
Additionally, the new crate might be slightly faster.
There is still some cases depending on stylo that have the old fxhash
crate.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Testing: Changes in Hash should really not show any bugs. And
performance should be comparable.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Bumps [windows-sys](https://github.com/microsoft/windows-rs) from 0.59.0
to 0.61.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/microsoft/windows-rs/releases">windows-sys's
releases</a>.</em></p>
<blockquote>
<h2>61</h2>
<p>Major crate updates:</p>
<ul>
<li><code>windows</code> 0.59.0</li>
<li><code>windows-core</code> 0.59.0
<ul>
<li><code>windows-implement</code> 0.59.0</li>
<li><code>windows-interface</code> 0.59.0</li>
</ul>
</li>
<li><code>windows-targets</code> 0.53.0
<ul>
<li><code>windows_i686_msvc</code> 0.53.0</li>
<li><code>windows_x86_64_msvc</code> 0.53.0</li>
<li><code>windows_aarch64_msvc</code> 0.53.0</li>
<li><code>windows_i686_gnu</code> 0.53.0</li>
<li><code>windows_x86_64_gnu</code> 0.53.0</li>
<li><code>windows_i686_gnullvm</code> 0.53.0</li>
<li><code>windows_x86_64_gnullvm</code> 0.53.0</li>
<li><code>windows_aarch64_gnullvm</code> 0.53.0</li>
</ul>
</li>
<li><code>windows-bindgen</code> 0.59.0</li>
<li><code>windows-registry</code> 0.4.0</li>
<li><code>windows-result</code> 0.3.0</li>
<li><code>windows-strings</code> 0.3.0</li>
<li><code>cppwinrt</code> 0.2.0</li>
</ul>
<p>Minor crate updates:</p>
<ul>
<li><code>windows-version</code> 0.1.2</li>
</ul>
<p>Excluded:</p>
<ul>
<li><code>windows-sys</code> 0.59.0</li>
</ul>
<p>Things to keep in mind:</p>
<ul>
<li>
<p>The tag/release names no longer map directly to the crate versions,
so to <a
href="https://github.com/microsoft/windows-rs/tree/master/crates/samples">find
samples</a> for a particular release requires looking at <a
href="https://github.com/microsoft/windows-rs/releases">the releases</a>
page and finding the release that most recently updated a particular
crate.</p>
</li>
<li>
<p>The <code>windows-bindgen</code> crate includes the major code
generation overhaul that brings many improvements - be sure to check out
the PR description for more information. The resulting code gen depends
on the new version of <code>windows-core</code> and its dependencies,
unless you include the <code>--sys</code> option. <a
href="https://redirect.github.com/microsoft/windows-rs/issues/3359">#3359</a></p>
</li>
<li>
<p>The <code>cppwinrt</code> crate constitutes a major update due to
streamlining the error handling. <a
href="https://redirect.github.com/microsoft/windows-rs/issues/3415">#3415</a></p>
</li>
<li>
<p>The <code>windows-registry</code>, <code>windows-strings,</code> and
<code>windows-result</code> crates are also major version updates since
they include small breaking changes.</p>
</li>
<li>
<p>The <code>windows-targets</code> crate finally receives a major
version update, the first in over a year. This is due to <a
href="https://redirect.github.com/microsoft/windows-rs/issues/3359">#3359</a>
and <a
href="https://redirect.github.com/microsoft/windows-rs/issues/3342">#3342</a>
potentially introducing breaking changes. Although unlikely, these
updates introduced sufficient changes that make it hard to ensure that
the <code>windows-targets</code> libs don't break existing code. As
we're updating <code>windows-targets</code> anyway, I took the liberty
to bump the MSRV to 1.60 - to match the latest version of
<code>windows-sys</code> - and remove the old but unused doc macro
feature. Both remained for compatibility with very old dependents of the
<code>windows-targets</code> crate.</p>
</li>
<li>
<p>The <code>windows-version</code> crate receives a minor update to
update its dependency on the <code>windows-targets</code> crate.</p>
</li>
<li>
<p>Beyond these specifics, this update is the culmination of around 6
months worth of work on the <code>windows-rs</code> project. The biggest
improvements comes from the new code generation engine, but many other
improvements are now also available for production. This includes
support for many new lints, warnings, and suggestions provided by the
Rust toolchain; much smaller code gen thanks to deriving many more
traits; more efficient code gen; major improvements to WinRT type system
and implementation support; more robust and consistent error handling;
stock collection and async support; improved support for class
hierarchies; and much more!</p>
</li>
</ul>
<p>In addition to "what's changed" below, check out what's
changed for notes for <a
href="https://github.com/microsoft/windows-rs/releases/tag/0.60.0">0.60.0</a>
and <a
href="https://github.com/microsoft/windows-rs/releases/tag/0.59.0">0.59.0</a>
for additional changes that roll up to the crates published as part of
this release.</p>
<h2>What's Changed</h2>
<ul>
<li>Remove improper_ctypes workaround by <a
href="https://github.com/ChrisDenton"><code>@ChrisDenton</code></a> in
<a
href="https://redirect.github.com/microsoft/windows-rs/pull/3296">microsoft/windows-rs#3296</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5888c8c472"><code>5888c8c</code></a>
Release 0.61.0 (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3418">#3418</a>)</li>
<li><a
href="9911fee2a9"><code>9911fee</code></a>
Improve feature search UX, add dark mode, and update deps (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3422">#3422</a>)</li>
<li><a
href="eed74532cd"><code>eed7453</code></a>
Update GitHub Actions runners (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3423">#3423</a>)</li>
<li><a
href="284f18906a"><code>284f189</code></a>
Avoid <code>transmute</code> where possible (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3421">#3421</a>)</li>
<li><a
href="b35dfd1470"><code>b35dfd1</code></a>
Update web workflow to use external origin (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3420">#3420</a>)</li>
<li><a
href="3566fca8c5"><code>3566fca</code></a>
Fix provenance in direct32 sample (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3419">#3419</a>)</li>
<li><a
href="382ea566c2"><code>382ea56</code></a>
Use <code>track_caller</code> to make debugging <code>cppwinrt</code>
build script errors easier (#...</li>
<li><a
href="f09c13292a"><code>f09c132</code></a>
Shorten sample crate names (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3416">#3416</a>)</li>
<li><a
href="5e8ce09c70"><code>5e8ce09</code></a>
<code>cppwinrt</code> should consistently panic on failure (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3415">#3415</a>)</li>
<li><a
href="d02c977dc8"><code>d02c977</code></a>
Detect unsupported array parameters (<a
href="https://redirect.github.com/microsoft/windows-rs/issues/3402">#3402</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/microsoft/windows-rs/compare/0.59.0...0.61.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Euclid Ye <euclid.ye@huawei.com>
This includes some small refactoring and some small breaking changes as
listed below. Other than these I tried to keep the functionality exactly
the same but because in the old code the parsing and settings of
preferences was intermingled it was difficult to figure out.
Small Breaking:
- Size and resources-path were unused but appeared in the help.
- soft-fail and hard-fail: Soft-fail flag got removed because it is too
difficult to keep both. The default is now soft-fail and hard-fail can
be enabled.
- The help strings are obviously formatted differently now.
- -V does not work anymore but -v and --version.
Ideally, we want to have the ServoShellPreferences and Preferences be
directly the Argument structure but that needs a bit more discussion
because it would break backwards compatibility with the commandline.
This increases the binary size by ~280kb.
Testing: The testcases are still working but they do not cover much.
I added a unit test for the -p flag because it is the most difficult to
parse in general.
Fixes: This will fix a small number of various parsing misshaps. It will
also show if we are removing an option via unused lint.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.18.0 to 1.18.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/uuid-rs/uuid/releases">uuid's
releases</a>.</em></p>
<blockquote>
<h2>v1.18.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Unsafe cleanup by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/841">uuid-rs/uuid#841</a></li>
<li>Prepare for 1.18.1 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/842">uuid-rs/uuid#842</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1">https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="50d8e797ed"><code>50d8e79</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/842">#842</a> from
uuid-rs/cargo/v1.18.1</li>
<li><a
href="79485925e9"><code>7948592</code></a>
prepare for 1.18.1 release</li>
<li><a
href="6d847c79d0"><code>6d847c7</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/841">#841</a> from
uuid-rs/chore/unsafe-cleanup</li>
<li><a
href="675cccc829"><code>675cccc</code></a>
re-gate zerocopy behind unstable feature flag</li>
<li><a
href="4dd5828060"><code>4dd5828</code></a>
Remove some unsafe; stabilize zerocopy</li>
<li>See full diff in <a
href="https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [deranged](https://github.com/jhpratt/deranged) from 0.5.2 to
0.5.3.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/jhpratt/deranged/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.46 to 4.5.47.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/releases">clap's
releases</a>.</em></p>
<blockquote>
<h2>v4.5.47</h2>
<h2>[4.5.47] - 2025-09-02</h2>
<h3>Features</h3>
<ul>
<li>Added <code>impl FromArgMatches for ()</code></li>
<li>Added <code>impl Args for ()</code></li>
<li>Added <code>impl Subcommand for ()</code></li>
<li>Added <code>impl FromArgMatches for Infallible</code></li>
<li>Added <code>impl Subcommand for Infallible</code></li>
</ul>
<h3>Fixes</h3>
<ul>
<li><em>(derive)</em> Update runtime error text to match
<code>clap</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's
changelog</a>.</em></p>
<blockquote>
<h2>[4.5.47] - 2025-09-02</h2>
<h3>Features</h3>
<ul>
<li>Added <code>impl FromArgMatches for ()</code></li>
<li>Added <code>impl Args for ()</code></li>
<li>Added <code>impl Subcommand for ()</code></li>
<li>Added <code>impl FromArgMatches for Infallible</code></li>
<li>Added <code>impl Subcommand for Infallible</code></li>
</ul>
<h3>Fixes</h3>
<ul>
<li><em>(derive)</em> Update runtime error text to match
<code>clap</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f046ca6a2b"><code>f046ca6</code></a>
chore: Release</li>
<li><a
href="436949dde1"><code>436949d</code></a>
docs: Update changelog</li>
<li><a
href="1ddab84c32"><code>1ddab84</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5954">#5954</a>
from epage/tests</li>
<li><a
href="8a66dbf7c2"><code>8a66dbf</code></a>
test(complete): Add more native cases</li>
<li><a
href="76465cf223"><code>76465cf</code></a>
test(complete): Make things more consistent</li>
<li><a
href="232cedbe76"><code>232cedb</code></a>
test(complete): Remove redundant index</li>
<li><a
href="02244a69a3"><code>02244a6</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5949">#5949</a>
from krobelus/option-name-completions-after-positionals</li>
<li><a
href="2e13847533"><code>2e13847</code></a>
fix(complete): Missing options in multi-val arg</li>
<li><a
href="74388d784b"><code>74388d7</code></a>
test(complete): Multi-valued, unbounded positional</li>
<li><a
href="5b3d45f72c"><code>5b3d45f</code></a>
refactor(complete): Extract function for options</li>
<li>Additional commits viewable in <a
href="https://github.com/clap-rs/clap/compare/clap_complete-v4.5.46...clap_complete-v4.5.47">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [time](https://github.com/time-rs/time) from 0.3.42 to 0.3.43.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/time-rs/time/releases">time's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.43</h2>
<p>See the <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">time's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.43 [2025-09-02]</h2>
<h3>Added</h3>
<ul>
<li>Support for <code>rand</code> 0.9</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>In the <code>convert</code> module, any use of <code>per</code> with
types that were not the same (such as
<code>Nanosecond::per(Second)</code>) would not compile due to a bug.
This has been fixed.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="45b9932e57"><code>45b9932</code></a>
v0.3.43 release</li>
<li><a
href="8cbf0dbff0"><code>8cbf0db</code></a>
Fix bug with <code>convert</code></li>
<li><a
href="3343e85826"><code>3343e85</code></a>
Add support for rand 0.9</li>
<li><a
href="afb2574f94"><code>afb2574</code></a>
Add note about MSRV</li>
<li>See full diff in <a
href="https://github.com/time-rs/time/compare/v0.3.42...v0.3.43">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
FNV is faster for hashing less than 16 bytes of data and the
cryptographic properties of the default HashMap are not needed for the
various ids.
Testing: This does not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This PR **removes** `ScriptToConstellationMessage::ForwardToEmbedder`,
and replaces it with an explicit `ScriptToEmbedderChannel`. This new
channel is based on `GenericCallback` and in single-process mode will
directly send the message the to the embedder and wake it. In
multi-process mode, the message is routed via the ROUTER, since waking
is only possible from the same process currently. This means in
multi-process mode there are likely no direct perf benefits, since we
still need to hop the message over the ROUTER (instead of over the
constellation).
In single-process mode we can directly send the message to the embedder,
which should provide a noticable latency improvement in all cases where
script is blocked waiting on the embedder to reply.
This does not change the way the embedder receives messages - the
receiving end is unchanged.
## How was sending messages to the embedder working before?
1. Script wraps it's message to the embedder in
`ScriptToConstellationMessage::ForwardToEmbedder` and sends it to
constellation.
2. The [constellation event loop] receives the message in
[handle_request]
3. If deserialization fails, [an error is logged and the message is
ignored]
4. Since our message came from script, it is handle in
[handle_request_from_script]
5. The message is logged with trace log level
6. If the pipeline is closed, [a warning is logged and the message
ignored]
7. The wrapped `EmbedderMsg` [is forwarded to the embedder]. Sending the
message also invokes `wake()` on the embedder eventloop waker.
[constellation event loop]:
2e1b2e7260/components/constellation/constellation.rs (L755)
[handle request]:
2e1b2e7260/components/constellation/constellation.rs (L1182)
[an error is logged and the message is ignored]:
2e1b2e7260/components/constellation/constellation.rs (L1252)
[handle_request_from_script]:
https://github.com/servo/servo/blob/main/components/constellation/constellation.rs#L1590
[a warning is logged and the message ignored]:
2e1b2e7260/components/constellation/constellation.rs (L1599)
[is forwarded to the embedder]:
2e1b2e7260/components/constellation/constellation.rs (L1701)
Testing: Communication between Script and Embedder is extensive, so this
should be covered by existing tests.
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Bumps [getopts](https://github.com/rust-lang/getopts) from 0.2.23 to
0.2.24.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/getopts/releases">getopts's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.24</h2>
<h3>Other</h3>
<ul>
<li>Make unicode-width an optional default dependency (<a
href="https://redirect.github.com/rust-lang/getopts/pull/133">#133</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/getopts/blob/master/CHANGELOG.md">getopts's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/rust-lang/getopts/compare/v0.2.23...v0.2.24">0.2.24</a>
- 2025-08-29</h2>
<h3>Other</h3>
<ul>
<li>Make unicode-width an optional default dependency (<a
href="https://redirect.github.com/rust-lang/getopts/pull/133">#133</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="40846923f0"><code>4084692</code></a>
chore: release v0.2.24 (<a
href="https://redirect.github.com/rust-lang/getopts/issues/134">#134</a>)</li>
<li><a
href="03ce599970"><code>03ce599</code></a>
Make unicode-width an optional default dependency (<a
href="https://redirect.github.com/rust-lang/getopts/issues/133">#133</a>)</li>
<li>See full diff in <a
href="https://github.com/rust-lang/getopts/compare/v0.2.23...v0.2.24">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [time](https://github.com/time-rs/time) from 0.3.41 to 0.3.42.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/time-rs/time/releases">time's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.42</h2>
<p>See the <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">time's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.42 [2025-08-31]</h2>
<h3>Added</h3>
<ul>
<li><code>Time::duration_until</code></li>
<li><code>Time::duration_since</code></li>
<li><code>per_t</code> method for all types in
<code>time::convert</code>. This is similar to the existing
<code>per</code> method, but
can return any of the primitive numeric types that can represent the
result. This will cut down on
<code>as</code> casts while ensuring correctness. Type inference isn't
perfect, so you may need to provide a
type annotation in some situations.</li>
<li><code>impl PartialOrd for Month</code> and <code>impl Ord for
Month</code>; this assumes the months are in the same year</li>
<li><code>SystemTimeExt</code> trait, adding methods for checked
arithmetic with <code>time::Duration</code> and obtaining
the difference between two <code>SystemTime</code>s as a
<code>time::Duration</code></li>
<li>Permit using <code>UtcDateTime</code> with <code>rand</code> (this
was inadvertently omitted previously)</li>
<li><code>impl core::error::Error</code> for all error types (now
available when the <code>std</code> feature is disabled)</li>
<li>MacOS can now obtain the local UTC offset in multi-threaded programs
as the system APIs are
thread-safe.</li>
<li><code>#[track_caller]</code> has been added to all relevant
methods.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The minimum supported Rust version is now 1.81.0.</li>
<li>The dependency on <code>itoa</code> has been removed, as the
standard library now has similar functionality
by default.</li>
<li>Formatting a component that involves a floating point number is now
guaranteed to be
deterministic, avoiding any subtle differences between platforms or
compiler versions.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Serializing timestamps with nanosecond precision <em>should</em>
always emit the correct value.
Previously, it could be off by one nanosecond due to floating point
imprecision.</li>
<li>A previously unknown bug in <code>OffsetDateTime::to_offset</code>
and <code>UtcDateTime::to_offset</code> has been
fixed. The bug could result in a value that was invalid. It was unlikely
to ever occur in
real-world code, as it involved passing a UTC offset that has never been
used in any location.</li>
</ul>
<h3>Miscellaneous</h3>
<ul>
<li>The amount of code generated by macros has been massively reduced,
on the order of 65-70% for
typical use cases of <code>format_description!</code>.</li>
<li>Significant performance gains for comparisons of <code>Time</code>,
<code>PrimitiveDateTime</code>, <code>UtcDateTime</code>, and
<code>OffsetDateTime</code>. The first three have gains of approximately
85% (i.e. 6× faster).</li>
<li>Nearly all methods are <code>#[inline]</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ed2852e3b2"><code>ed2852e</code></a>
v0.3.42 release</li>
<li><a
href="1067543c7f"><code>1067543</code></a>
Fix copied comment</li>
<li><a
href="f45bff514c"><code>f45bff5</code></a>
Use <code>const</code> block for readability</li>
<li><a
href="b38c118d3d"><code>b38c118</code></a>
Add <code>#[inline]</code> to most methods</li>
<li><a
href="f410951557"><code>f410951</code></a>
Add <code>#[track_caller]</code> to numerous methods</li>
<li><a
href="d30f3d0f12"><code>d30f3d0</code></a>
Optimize <code>Time::sub</code></li>
<li><a
href="e807ad35ec"><code>e807ad3</code></a>
Add tests, benchmarks</li>
<li><a
href="3fcb83d65f"><code>3fcb83d</code></a>
Optimize <code>OffsetDateTime</code> comparisons</li>
<li><a
href="95db5c3613"><code>95db5c3</code></a>
Optimize UTC offset conversions</li>
<li><a
href="998b26fba5"><code>998b26f</code></a>
Optimize <code>Time::duration_until</code></li>
<li>Additional commits viewable in <a
href="https://github.com/time-rs/time/compare/v0.3.41...v0.3.42">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[async-compression](https://github.com/Nullus157/async-compression) from
0.4.29 to 0.4.30.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="74f5eb11ac"><code>74f5eb1</code></a>
chore: release (<a
href="https://redirect.github.com/Nullus157/async-compression/issues/382">#382</a>)</li>
<li><a
href="5072f4a6e3"><code>5072f4a</code></a>
rm unused dep from async-compression and compression-codecs (<a
href="https://redirect.github.com/Nullus157/async-compression/issues/381">#381</a>)</li>
<li>See full diff in <a
href="https://github.com/Nullus157/async-compression/compare/async-compression-v0.4.29...async-compression-v0.4.30">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Update x11rb and dedupe windows-targets 0.48.
Testing: No tests for dependency updates.
Signed-off-by: Alex Touchet <26315797+atouchet@users.noreply.github.com>
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from
0.3.19 to 0.3.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/tracing/releases">tracing-subscriber's
releases</a>.</em></p>
<blockquote>
<h2>tracing-subscriber 0.3.20</h2>
<p><strong>Security Fix</strong>: ANSI Escape Sequence Injection
(CVE-TBD)</p>
<h2>Impact</h2>
<p>Previous versions of tracing-subscriber were vulnerable to ANSI
escape sequence injection attacks. Untrusted user input containing ANSI
escape sequences could be injected into terminal output when logged,
potentially allowing attackers to:</p>
<ul>
<li>Manipulate terminal title bars</li>
<li>Clear screens or modify terminal display</li>
<li>Potentially mislead users through terminal manipulation</li>
</ul>
<p>In isolation, impact is minimal, however security issues have been
found in terminal emulators that enabled an attacker to use ANSI escape
sequences via logs to exploit vulnerabilities in the terminal
emulator.</p>
<h2>Solution</h2>
<p>Version 0.3.20 fixes this vulnerability by escaping ANSI control
characters in when writing events to destinations that may be printed to
the terminal.</p>
<h2>Affected Versions</h2>
<p>All versions of tracing-subscriber prior to 0.3.20 are affected by
this vulnerability.</p>
<h2>Recommendations</h2>
<p>Immediate Action Required: We recommend upgrading to
tracing-subscriber 0.3.20 immediately, especially if your
application:</p>
<ul>
<li>Logs user-provided input (form data, HTTP headers, query parameters,
etc.)</li>
<li>Runs in environments where terminal output is displayed to
users</li>
</ul>
<h2>Migration</h2>
<p>This is a patch release with no breaking API changes. Simply update
your Cargo.toml:</p>
<pre lang="toml"><code>[dependencies]
tracing-subscriber = "0.3.20"
</code></pre>
<h2>Acknowledgments</h2>
<p>We would like to thank <a href="http://github.com/zefr0x">zefr0x</a>
who responsibly reported the issue at
<code>security@tokio.rs</code>.</p>
<p>If you believe you have found a security vulnerability in any
tokio-rs project, please email us at <code>security@tokio.rs</code>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4c52ca5266"><code>4c52ca5</code></a>
fmt: fix ANSI escape sequence injection vulnerability (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3368">#3368</a>)</li>
<li><a
href="f71cebe41e"><code>f71cebe</code></a>
subscriber: impl Clone for EnvFilter (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3360">#3360</a>)</li>
<li><a
href="3a1f571102"><code>3a1f571</code></a>
Fix CI (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3361">#3361</a>)</li>
<li><a
href="e63ef57f3d"><code>e63ef57</code></a>
chore: prepare tracing-attributes 0.1.30 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3316">#3316</a>)</li>
<li><a
href="6e59a13b1a"><code>6e59a13</code></a>
attributes: fix tracing::instrument regression around shadowing (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3311">#3311</a>)</li>
<li><a
href="e4df761275"><code>e4df761</code></a>
tracing: update core to 0.1.34 and attributes to 0.1.29 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3305">#3305</a>)</li>
<li><a
href="643f392ebb"><code>643f392</code></a>
chore: prepare tracing-attributes 0.1.29 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3304">#3304</a>)</li>
<li><a
href="d08e7a6eea"><code>d08e7a6</code></a>
chore: prepare tracing-core 0.1.34 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3302">#3302</a>)</li>
<li><a
href="6e70c571d3"><code>6e70c57</code></a>
tracing-subscriber: count numbers of enters in <code>Timings</code> (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/2944">#2944</a>)</li>
<li><a
href="c01d4fd9de"><code>c01d4fd</code></a>
fix docs and enable CI on <code>main</code> branch (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3295">#3295</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.19...tracing-subscriber-0.3.20">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/servo/servo/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Euclid Ye <euclid.ye@huawei.com>
Adds epoch to each WR image op command that is sent to compositor. The
renderer now has a `FrameDelayer` data structure that is responsible for
tracking when a frame is ready to be displayed. When asking canvases to
update their rendering, they are given an optional `Epoch` which denotes
the `Document`'s canvas epoch. When all image updates for that `Epoch`
are seen in the renderer, the frame can be displayed.
Testing: Existing WPT tests
Fixes: #35733
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
dependabot[bot]
Wu Yuwei
Tim van der Lippe
Alex Touchet
webbeef
Narfinger
Oriol Brufau
Jonathan Schwender
Sam