Skip to content

chore(deps): Bump the patch-and-minor group with 2 updates#25

Merged
leboiko merged 1 commit into
masterfrom
dependabot/cargo/patch-and-minor-9689887ff9
Jun 30, 2026
Merged

chore(deps): Bump the patch-and-minor group with 2 updates#25
leboiko merged 1 commit into
masterfrom
dependabot/cargo/patch-and-minor-9689887ff9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the patch-and-minor group with 2 updates: anyhow and ratatui-image.

Updates anyhow from 1.0.102 to 1.0.103

Release notes

Sourced from anyhow's releases.

1.0.103

  • Fix Stacked Borrows violation (UB) in Error::downcast_mut (#451, #452)
Commits
  • 5bdb0e2 Release 1.0.103
  • e621bd3 Merge pull request #452 from dtolnay/downcast
  • 6e8c000 Eliminate pointer->reference->pointer during downcast
  • 67c4abd Add regression test for issue 451
  • 917a169 Update actions/upload-artifact@v6 -> v7
  • d9dc3fa Update actions/checkout@v6 -> v7
  • 841522b Raise minimum tested compiler to rust 1.85
  • See full diff in compare view

Updates ratatui-image from 11.0.5 to 11.0.6

Release notes

Sourced from ratatui-image's releases.

v11.0.6

Other

  • only filter out '\0'
  • add check for ascii control characters returned by chafa_canvas_get_char_at()
Changelog

Sourced from ratatui-image's changelog.

11.0.6 - 2026-06-25

Other

  • only filter out '\0'
  • add check for ascii control characters returned by chafa_canvas_get_char_at()
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the patch-and-minor group with 2 updates: [anyhow](https://github.com/dtolnay/anyhow) and [ratatui-image](https://github.com/ratatui/ratatui-image).


Updates `anyhow` from 1.0.102 to 1.0.103
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](dtolnay/anyhow@1.0.102...1.0.103)

Updates `ratatui-image` from 11.0.5 to 11.0.6
- [Release notes](https://github.com/ratatui/ratatui-image/releases)
- [Changelog](https://github.com/ratatui/ratatui-image/blob/master/CHANGELOG.md)
- [Commits](ratatui/ratatui-image@v11.0.5...v11.0.6)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-version: 1.0.103
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-and-minor
- dependency-name: ratatui-image
  dependency-version: 11.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-and-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@leboiko leboiko merged commit 662f2d8 into master Jun 30, 2026
12 checks passed
@leboiko leboiko deleted the dependabot/cargo/patch-and-minor-9689887ff9 branch June 30, 2026 18:55
leboiko added a commit that referenced this pull request Jul 2, 2026
ttf-parser's author declared the crate unmaintained on 2026-06-30
(RUSTSEC-2026-0192). It is a deep transitive dep of the mermaid
SVG->raster pipeline (mermaid-rs-renderer -> fontdb/usvg/resvg/
rustybuzz -> ttf-parser); every version is flagged, so there is no
upgrade escape, and the whole resvg/usvg/fontdb/ttf-parser stack
shares one upstream author. It is an unmaintained notice, not a
security vulnerability.

This is the first master CI run to fetch the advisory after it was
published, which is why #25's post-merge run went red despite the
PR-branch run passing the day before — no code change caused it.

Handled the same way as the existing syntect transitive ignores:
documented ignore with the upstream blocker cited for quarterly
re-audit. `cargo deny check` is green again locally.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant