Bump thread_local from 1.0.1 to 1.1.0
Bumps [thread_local](https://github.com/Amanieu/thread_local-rs) from 1.0.1 to 1.1.0.
<details>
<summary>Commits</summary>
<ul>
<li><a href="d9e93cbc8b"><code>d9e93cb</code></a> Bump version to 1.1.0</li>
<li><a href="1ac832a099"><code>1ac832a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/Amanieu/thread_local-rs/issues/22">#22</a> from Koxiaet/list</li>
<li><a href="ef33f172f2"><code>ef33f17</code></a> Deprecate CachedThreadLocal</li>
<li><a href="34edea055d"><code>34edea0</code></a> Fix running benchmarks on CI</li>
<li><a href="fe072dcfcb"><code>fe072dc</code></a> Use a concurrent vector</li>
<li><a href="0b0830efed"><code>0b0830e</code></a> Fix testing on 1.28.0</li>
<li><a href="6c744de251"><code>6c744de</code></a> Skip benchmarking on 1.28.0</li>
<li><a href="d7b2b1d6a6"><code>d7b2b1d</code></a> Use criterion for benchmarks and add more of them</li>
<li><a href="6e46d4f23c"><code>6e46d4f</code></a> Reverse the thread id binary heap</li>
<li><a href="14c5889b5b"><code>14c5889</code></a> Save space with NonNull instead of a raw pointer</li>
<li>Additional commits viewable in <a href="https://github.com/Amanieu/thread_local-rs/compare/v1.0.1...v1.1.0">compare view</a></li>
</ul>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=thread_local&package-manager=cargo&previous-version=1.0.1&new-version=1.1.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
Bump build-parallel from 0.1.1 to 0.1.2
Bumps [build-parallel](https://github.com/jrmuizel/build-parallel) from 0.1.1 to 0.1.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/jrmuizel/build-parallel/commits/v0.1.2">compare view</a></li>
</ul>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=build-parallel&package-manager=cargo&previous-version=0.1.1&new-version=0.1.2)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
Clean up the code to BOM sniff.
See https://github.com/servo/servo/pull/28006#discussion_r551968553
cc @CYBAI
<!-- Please describe your changes on the following line: -->
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)
<!-- Either: -->
- [ ] There are tests for these changes OR
- [X] These changes do not require tests because they don't change any behavior.
<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
Bump addr2line from 0.14.0 to 0.14.1
Bumps [addr2line](https://github.com/gimli-rs/addr2line) from 0.14.0 to 0.14.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/gimli-rs/addr2line/blob/master/CHANGELOG.md">addr2line's changelog</a>.</em></p>
<blockquote>
<h2>0.14.1 (2020/12/31)</h2>
<h3>Fixed</h3>
<ul>
<li>Fix location lookup for skeleton units.
<a href="https://github-redirect.dependabot.com/gimli-rs/addr2line/pull/201">#201</a></li>
</ul>
<h3>Added</h3>
<ul>
<li>Added <code>Context::find_location_range</code>.
<a href="https://github-redirect.dependabot.com/gimli-rs/addr2line/pull/196">#196</a>
<a href="https://github-redirect.dependabot.com/gimli-rs/addr2line/pull/199">#199</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f7053dd93c"><code>f7053dd</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gimli-rs/addr2line/issues/202">#202</a> from philipc/release</li>
<li><a href="89a8383bab"><code>89a8383</code></a> Bump version to 0.14.1</li>
<li><a href="36c72f0a2c"><code>36c72f0</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gimli-rs/addr2line/issues/201">#201</a> from philipc/split</li>
<li><a href="dc4a14f1ca"><code>dc4a14f</code></a> example: handle location info only</li>
<li><a href="a885e0075b"><code>a885e00</code></a> Fix location lookup for split DWARF</li>
<li><a href="0b6b6018b5"><code>0b6b601</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gimli-rs/addr2line/issues/199">#199</a> from jsgf/master</li>
<li><a href="f67e91026e"><code>f67e910</code></a> Fix over iteration in find_location_range</li>
<li><a href="caa29328d7"><code>caa2932</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gimli-rs/addr2line/issues/196">#196</a> from jsgf/master</li>
<li><a href="3305fde645"><code>3305fde</code></a> Add find_location_range</li>
<li>See full diff in <a href="https://github.com/gimli-rs/addr2line/compare/0.14.0...0.14.1">compare view</a></li>
</ul>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=addr2line&package-manager=cargo&previous-version=0.14.0&new-version=0.14.1)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
Fix `document.characterSet` not reflecting byte order marks.
The process of decoding the network byte stream to Unicode is backed by an instance of `encoding_rs::Decoder`, which will switch the encoding it uses if it finds a BOM in the byte stream. However, this change in encoding is not communicated back to the caller and so `document.characterSet` gives the wrong result. This change fixes that.
See whatwg/html#5359 and whatwg/encoding#203 for the spec-level backing for this change.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#28005 (GitHub issue number if applicable)
<!-- Either: -->
- [X] There are tests for these changes OR
- [ ] These changes do not require tests because ___
<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
The process of decoding the network byte stream to Unicode is backed by
an instance of `encoding_rs::Decoder`, which will switch the encoding it
uses if it finds a BOM in the byte stream. However, this change in
encoding is not communicated back to the caller and so
`document.characterSet` gives the wrong result. This change fixes that.
See whatwg/html#5359 and whatwg/encoding#203 for the spec-level backing
for this change.
Signed-off-by: Andreu Botella <abb@randomunok.com>
Bump native-tls from 0.2.4 to 0.2.7
Bumps [native-tls](https://github.com/sfackler/rust-native-tls) from 0.2.4 to 0.2.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/sfackler/rust-native-tls/blob/master/CHANGELOG.md">native-tls's changelog</a>.</em></p>
<blockquote>
<h2>[v0.2.7]</h2>
<h3>Added</h3>
<ul>
<li>Added support for ALPN in client APIs flagged under the <code>alpn</code> Cargo feature.</li>
</ul>
<h2>[v0.2.6]</h2>
<h3>Fixed</h3>
<ul>
<li>Fixed compilation on iOS.</li>
</ul>
<h2>[v0.2.5]</h2>
<h3>Added</h3>
<ul>
<li>Added <code>TlsConnectorBuilder::disable_built_in_roots</code> to only trust root certificates explicitly
added to the builder.</li>
</ul>
<h3>Updated</h3>
<ul>
<li>Updated security-framework to 2.0.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="41522daa6f"><code>41522da</code></a> Release v0.2.7</li>
<li><a href="d808f9a203"><code>d808f9a</code></a> generate new certs to fix tests on catalina</li>
<li><a href="e0ccc9087d"><code>e0ccc90</code></a> remove old unused ios test harness</li>
<li><a href="1c219d1b49"><code>1c219d1</code></a> fix macos</li>
<li><a href="ded063339a"><code>ded0633</code></a> Run all CI on GH actions</li>
<li><a href="a7e5e27744"><code>a7e5e27</code></a> fix schannel alpn</li>
<li><a href="b1846a783d"><code>b1846a7</code></a> move windows build to github actions</li>
<li><a href="cb64ca98a8"><code>cb64ca9</code></a> Add rustfmt action</li>
<li><a href="0f4dc51bd0"><code>0f4dc51</code></a> alpn fixes</li>
<li><a href="0a68efa085"><code>0a68efa</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sfackler/rust-native-tls/issues/194">#194</a> from MarnixKuijs/alpn</li>
<li>Additional commits viewable in <a href="https://github.com/sfackler/rust-native-tls/compare/v0.2.4...v0.2.7">compare view</a></li>
</ul>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=native-tls&package-manager=cargo&previous-version=0.2.4&new-version=0.2.7)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
Updated to support macOS 11.1
<!-- Please describe your changes on the following line: -->
Updated Cargo.lock to contain the latest version of the rust-mozjs crate, which supports macOS 11.1
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)
<!-- Either: -->
- [ ] There are tests for these changes OR
- [X] These changes do not require tests because it adds supported files.
<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
add instruction for building libsimpleservo
fixes#27995
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [ ] `./mach build -d` does not report any errors
- [ ] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)
<!-- Either: -->
- [ ] There are tests for these changes OR
- [x] These changes do not require tests because *documentation only*
<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
Fix num_threads to avoid divide by zero error when running without a thread pool
Signed-off-by: teymour-aldridge <teymour.aldridge@icloud.com>
<!-- Please describe your changes on the following line: -->
This updates the style thread pool to set `num_threads` to `None` rather than `0` when running without a thread pool.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)
<!-- Either: -->
- [ ] There are tests for these changes OR
- [ ] These changes do not require tests because ___
I *think* this change might not need tests, but if it does I'm not sure exactly how to do so.
<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
Add support for KDE neon in bootstrap
it's based on Ubuntu but provides recent (User edition) or git versions of the KDE Plasma desktop environment and ecosystem
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [ ] `./mach build -d` does not report any errors
- [ ] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)
<!-- Either: -->
- [ ] There are tests for these changes OR
- [x] These changes do not require tests because they affect just the bootstrap script
<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
Bump openssl from 0.10.31 to 0.10.32
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.31 to 0.10.32.
<details>
<summary>Commits</summary>
<ul>
<li><a href="16afd0b465"><code>16afd0b</code></a> Release openssl v0.10.32</li>
<li><a href="a9dbe7299e"><code>a9dbe72</code></a> add changelog link</li>
<li><a href="aeafacbf24"><code>aeafacb</code></a> Release v0.9.60</li>
<li><a href="09dd721f05"><code>09dd721</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sfackler/rust-openssl/issues/1397">#1397</a> from sfackler/always-unpin</li>
<li><a href="625205de6f"><code>625205d</code></a> Fix argument type of Ssl::new</li>
<li><a href="ac3dec7c40"><code>ac3dec7</code></a> Allow SslConnector to return a raw Ssl</li>
<li><a href="455a1e362e"><code>455a1e3</code></a> Allow construction of disconnected sslstreams</li>
<li><a href="bc657d1c4e"><code>bc657d1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sfackler/rust-openssl/issues/1388">#1388</a> from Byron/master</li>
<li><a href="475193943b"><code>4751939</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sfackler/rust-openssl/issues/1392">#1392</a> from crab2313/EVP_digestname</li>
<li><a href="98fb96bb1f"><code>98fb96b</code></a> Update openssl/src/hash.rs</li>
<li>Additional commits viewable in <a href="https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.31...openssl-v0.10.32">compare view</a></li>
</ul>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=openssl&package-manager=cargo&previous-version=0.10.31&new-version=0.10.32)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
