Bump the all-dependencies group with 10 updates

[dependabot]

Bumps the all-dependencies group with 10 updates:

Package	From	To
clap	4.5.26	4.5.27
garde	0.21.1	0.22.0
listenfd	1.0.1	1.0.2
rand	0.8.5	0.9.0
serde_json	1.0.135	1.0.138
openidconnect	3.5.0	4.0.0
uuid	1.11.1	1.12.1
rustls	0.23.21	0.23.22
test-log	0.2.16	0.2.17
insta	1.42.0	1.42.1

Updates clap from 4.5.26 to 4.5.27

Release notes

Sourced from clap's releases.

v4.5.27

[4.5.27] - 2025-01-20

Documentation

• Iterate on tutorials and reference based on feedback

Changelog

Sourced from clap's changelog.

[4.5.27] - 2025-01-20

Documentation

• Iterate on tutorials and reference based on feedback

Commits

• 21c9892 chore: Release
• 0c8bceb docs: Update changelog
• d8f102a Merge pull request #5732 from epage/consistent
• c92fca3 docs(complete): Clarify CompleteEnv's Shell trait
• 5ca60e9 Merge pull request #5731 from epage/bash
• 5d7c16c fix(complete): Adjust how IFS is passed to clap
• See full diff in compare view

Updates garde from 0.21.1 to 0.22.0

Release notes

Sourced from garde's releases.

v0.22.0

What's Changed

• Allow an optional context when using dive by @​lasantosr in jprochazk/garde#143

Full Changelog: jprochazk/garde@v0.21.1...v0.22.0

Commits

• bb2af87 Bump versions to 0.22
• 395a85d Merge pull request #143 from lasantosr/dive-context
• ecd9bac ctx is always a ref
• 5c51a55 allow an optional context when using dive
• e030e5b git tag in publishing script
• See full diff in compare view

Updates listenfd from 1.0.1 to 1.0.2

Changelog

Sourced from listenfd's changelog.

1.0.2

• Maintenance release with readme fixes.

Commits

• 119770e 1.0.2
• 42b8ef9 Merge tag '1.0.1'
• fe9d2f1 Fix CI (#20)
• ae6039b rustfmt
• 8dea4f0 Remove build status from readme
• 61efdd7 Fix warning
• 7d4675c Mention systemd-socket-activate
• See full diff in compare view

Updates rand from 0.8.5 to 0.9.0

Changelog

Sourced from rand's changelog.

[0.9.0] - 2025-01-27

Security and unsafe

• Policy: "rand is not a crypto library" (#1514)
• Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
• Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

• Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
• Update to rand_core v0.9.0 (#1558)

Features

• Support std feature without getrandom or rand_chacha (#1354)
• Enable feature small_rng by default (#1455)
• Remove implicit feature rand_chacha; use std_rng instead. (#1473)
• Rename feature serde1 to serde (#1477)
• Rename feature getrandom to os_rng (#1537)
• Add feature thread_rng (#1547)

API changes: rand_core traits

• Add fn RngCore::read_adapter implementing std::io::Read (#1267)
• Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#1273)
• Add traits TryRngCore, TryCryptoRng (#1424, #1499)
• Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#1424)
• Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#1424)
• Add bounds Clone and AsRef to associated type SeedableRng::Seed (#1491)

API changes: Rng trait and top-level fns

• Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#1506)
• Remove fn rand::random() from the prelude (#1506)
• Add top-level fns random_iter, random_range, random_bool, random_ratio, fill (#1488)
• Re-introduce fn Rng::gen_iter as random_iter (#1305, #1500)
• Rename fn Rng::gen to random to avoid conflict with the new gen keyword in Rust 2024 (#1438)
• Rename fns Rng::gen_range to random_range, gen_bool to random_bool, gen_ratio to random_ratio (#1505)
• Annotate panicking methods with #[track_caller] (#1442, #1447)

API changes: RNGs

• Fix <SmallRng as SeedableRng>::Seed size to 256 bits (#1455)
• Remove first parameter (rng) of ReseedingRng::new (#1533)

API changes: Sequences

• Split trait SliceRandom into IndexedRandom, IndexedMutRandom, SliceRandom (#1382)
• Add IndexedRandom::choose_multiple_array, index::sample_array (#1453, #1469)

API changes: Distributions: renames

• Rename module rand::distributions to rand::distr (#1470)
• Rename distribution Standard to StandardUniform (#1526)
• Move distr::Slice -> distr::slice::Choose, distr::EmptySlice -> distr::slice::Empty (#1548)
• Rename trait distr::DistString -> distr::SampleString (#1548)
• Rename distr::DistIter -> distr::Iter, distr::DistMap -> distr::Map (#1548)

... (truncated)

Commits

• 96f8df6 Prepare 0.9.0 release (#1558)
• 34da321 Enable stdarch_x86_avx512 for cpu has avx512bw (#1551)
• b4b1eb7 Re-org with distr::slice, distr::weighted modules (#1548)
• 16eb7de Add the thread_rng feature flag (#1547)
• afa24e4 Fix test status badges (#1544)
• c681dfc Create FUNDING.yml
• 9f05e22 Update: getrandom v0.3.0 rc.0 (#1541)
• 88c310b Fix docs.rs build options (#1539)
• b879689 Adjust GH Actions (#1538)
• 3fac49f Prepare 0.9.0-beta.0 (#1535)
• Additional commits viewable in compare view

Updates serde_json from 1.0.135 to 1.0.138

Release notes

Sourced from serde_json's releases.

v1.0.138

• Documentation improvements

v1.0.137

• Turn on "float_roundtrip" and "unbounded_depth" features for serde_json in play.rust-lang.org (#1231)

v1.0.136

• Optimize serde_json::value::Serializer::serialize_map by using Map::with_capacity (#1230, thanks @​goffrie)

Commits

• c916099 Release 1.0.138
• dc29e48 Move BufReader to caller
• 29122f9 Sort imports from PR 1237
• d33c1b5 Merge pull request #1237 from JonathanBrouwer/master
• 8c2d800 Add more warnings to apply buffering on docs of affected functions
• 65bbd1a Fix example of from_reader not applying buffering when it should
• 87f78da More precise gitignore patterns
• 4134f11 Remove *.sw[po] from gitignore
• c7626db Remove **/*.rs.bk from project-specific gitignore
• eb49e28 Release 1.0.137
• Additional commits viewable in compare view

Updates openidconnect from 3.5.0 to 4.0.0

Release notes

Sourced from openidconnect's releases.

4.0.0

Refer to the Upgrade Guide for tips on how to upgrade from 3.x.

Changes since 4.0.0-rc.1

Bug Fixes

• Use #[skip_serializing_none] (025889ebbf2161adfd76614570283af787026e2f)
• Overhaul deserialization of claims and client metadata (5632960ea94ceda3a17c818d45c26648cc6bee8b)

Other Changes

• Bump oauth2 to 5.0.0 (dbb3f5c4c24a0ca893bdd7d6b49ab71790304f82)

Full Changelog: ramosbugs/openidconnect-rs@4.0.0-rc.1...4.0.0

Summary of changes since 3.5.0

Breaking Changes

• Bump oauth2 to 5.0.0-alpha.4 (19043b103b74f38137d2c0b563eadd4165d2f827)
• Fix EdDSA signature verification (1d97e0e1fcbab6dbcea60abb5f33c895c8499848)
• Replace JWT-related generic traits with associated types (5f039ee4c7233147199febe98e8dadd35491c523)
• Bump oauth2 to 5.0.0-alpha.3 along with http, reqwest, and base64 (7efc8943a8f699aff2db742827fc3d0fc2b3f34d)
• Remove unused nightly feature (c67ffe94af24b65dbb596a68b6623baecf080eb8)
• Update oauth2 to 5.0.0-alpha.2 (fd404985ef6c8e546f951191f4e1bc791615f5ca)
• Remove jwk-alg Cargo feature (73ee82f4243ef6e0e52896b97081c9b7b7226fa4)

New Features

• Add support for specific JOSE header types (#161)
• Implement From<> for unwrapping newtypes
• Derive Eq for types that already derive PartialEq (898ead2e849f9fd7b3afc506d0763d3c9000a6f7)

Bug Fixes

• Use #[skip_serializing_none] (025889ebbf2161adfd76614570283af787026e2f)
• Overhaul deserialization of claims and client metadata (5632960ea94ceda3a17c818d45c26648cc6bee8b)
• Export CoreJsonCurveType (#182)
• Return impl Future instead of Pin<Box<dyn Future>> (#158)
• Propagate timing-resistant-secret-traits feature flag to oauth2 (1c9f77071dd29d8039e65cfeac4345584fdad56b)
• Fix doc comment URL (1131afa2c5a9702c36ddfb400d24d2e241a02ef2)

Other Changes

• Bump oauth2 to 5.0.0 (dbb3f5c4c24a0ca893bdd7d6b49ab71790304f82)
• Remove defunct sponsorship from README
• Add upgrade guide (6852dcc8fbfc4cbf814b0eea48050d406069698c)
• Address clippy lints from Rust 1.77 (29aad1cfccb32397f02cb889b115cb949c68db6a)
• Update list of example OIDC providers (fcada1718118cfebfaa874e8b1920cd1dbc2b358)
• Update README (fd077bde028e24f2a698fdc450138e85482981bb)
• Remove private JsonCurveType trait (ffde16ad678a8a1e2fda7ccd1d87e12eb4ccfee3)
• Refactor crate into smaller private modules (e87580c99233a77c4263cd3224c5b2840f6e5b15)
• Remove empty leading and trailing lines from doc comments (38baa1a1473896020af0809062f337fa27de7f30)
• Improve Display output of ClientRegistrationError (3a801c9666589450322b710ca2f38f2f99fb24f2)

... (truncated)

Upgrade guide

Sourced from openidconnect's upgrade guide.

Upgrade Guide

Upgrading from 3.x to 4.x

The 4.0 release includes breaking changes to address several long-standing API issues, along with a few minor improvements. Consider following the tips below to help ensure a smooth upgrade process. This document is not exhaustive but covers the breaking changes most likely to affect typical uses of this crate.

Add typestate generic types to Client

Each auth flow depends on one or more server endpoints. For example, the authorization code flow depends on both an authorization endpoint and a token endpoint, while the client credentials flow only depends on a token endpoint. Previously, it was possible to instantiate a Client without a token endpoint and then attempt to use an auth flow that required a token endpoint, leading to errors at runtime. Also, the authorization endpoint was always required, even for auth flows that do not use it.

In the 4.0 release, all endpoints are optional. Typestates are used to statically track, at compile time, which endpoints' setters (e.g., set_auth_uri()) have been called. Auth flows that depend on an endpoint cannot be used without first calling the corresponding setter, which is enforced by the compiler's type checker. This guarantees that certain errors will not arise at runtime.

When using OpenID Connect Discovery (i.e., Client::from_provider_metadata()), each discoverable endpoint is set to a conditional typestate (EndpointMaybeSet). This is because it cannot be determined at compile time whether each of these endpoints will be returned by the OpenID Provider. When the conditional typestate is set, endpoints can be used via fallible methods that return Err(ConfigurationError::MissingUrl(_)) if an endpoint has not been set.

There are three possible typestates, each implementing the EndpointState trait:

• EndpointNotSet: the corresponding endpoint has not been set and cannot be used.
• EndpointSet: the corresponding endpoint has been set and is ready to be used.
• EndpointMaybeSet: the corresponding endpoint may have been set and can be used via fallible methods that return Result<_, ConfigurationError>.

The following code changes are required to support the new interface:

1. Update calls to Client::new() to use the three-argument constructor (which accepts only a ClientId, IssuerUrl, and JsonWebKeySet). Use the set_auth_uri(), set_token_uri(), set_user_info_url(), and set_client_secret() methods to set the authorization endpoint, token endpoint, user info endpoint, and client secret, respectively, if applicable to your application's auth flows.
2. If using Client::from_provider_metadata(), update call sites that use each auth flow (e.g., Client::exchange_code()) to handle the possibility of a ConfigurationError if the corresponding endpoint was not specified in the provider metadata.
3. If required by your usage of the Client or CoreClient types (i.e., if you see related compiler errors), add the following generic parameters:

... (truncated)

Commits

• fb5b3e2 Bump version to 4.0.0
• dbb3f5c Bump oauth2 to 5.0.0
• 5632960 Overhaul deserialization of claims and client metadata
• 025889e Use #[skip_serializing_none]
• 77363f3 Bump oauth2 to 5.0.0-rc.1
• 819409a Bump version to 4.0.0-rc.1
• 052f4a7 Remove sponsorship from README
• 819428d Export CoreJsonCurveType
• af598c2 Add support for specific JOSE header types (#161)
• 0252532 Revert "Add IdTokenVerifier::require_typ_check method (#175)"
• Additional commits viewable in compare view

Updates uuid from 1.11.1 to 1.12.1

Release notes

Sourced from uuid's releases.

1.12.1

What's Changed

• Fix links to namespaces in documentation by @​cstyles in uuid-rs/uuid#789
• use inherent to_be_bytes and to_le_bytes methods by @​Vrtgs in uuid-rs/uuid#788
• Reduce bitshifts in from_u64_pair by @​KodrAus in uuid-rs/uuid#790
• prepare for 1.12.1 release by @​KodrAus in uuid-rs/uuid#791

New Contributors

• @​cstyles made their first contribution in uuid-rs/uuid#789
• @​Vrtgs made their first contribution in uuid-rs/uuid#788

Full Changelog: uuid-rs/uuid@1.12.0...1.12.1

1.12.0

⚠️ Possible Breakage

This release includes additional PartialEq implementations on Uuid, which can break inference in some cases.

What's Changed

• feat: Add NonZeroUuid type for optimized Option<Uuid> representation by @​ab22593k in uuid-rs/uuid#779
• Finalize NonNilUuid by @​KodrAus in uuid-rs/uuid#783
• Prepare for 1.12.0 release by @​KodrAus in uuid-rs/uuid#784

New Contributors

• @​ab22593k made their first contribution in uuid-rs/uuid#779

Full Changelog: uuid-rs/uuid@1.11.1...1.12.0

Commits

• 70831d2 Merge pull request #791 from uuid-rs/cargo/1.12.1
• ddb8785 prepare for 1.12.1 release
• 3a0a378 Merge pull request #790 from uuid-rs/chore/fewer-shifts
• 62da97b remove sketchy benches
• 7a96ae2 restore parens
• cfc627b reduce bitshifts in from_u64_pair
• 4c785e5 Merge pull request #788 from Vrtgs/main
• 70efa18 Merge pull request #789 from cstyles/fix-links-to-namespaces
• 2a28bc5 Fix links to namespaces in documentation
• 5d629ce use inherint to_be_bytes and to_le_bytes methods, rather than reimplementing ...
• Additional commits viewable in compare view

Updates rustls from 0.23.21 to 0.23.22

Commits

• 784b873 Further defend ChunkVecBuffer::prefix_used invariant
• 200d566 Re-privatize ChunkVecBuffer::consume() and defend misuse
• a5d8a6b Detect ChunkVecBuffer::consume larger than length
• d978e2f chore(deps): update rust crate x509-parser to 0.17
• 43c2336 Detect illegal HRR if X25519 offered as secondary kx
• 2551558 Increase accuracy of when to include second keyshare
• 50d1acd Add X25519MLKEM768 to features documentation
• bf663b6 Move crypto::aws_lc_rs::pq docs into manual
• e883143 Bump rustls 0.23.22, rustls-post-quantum 0.2.2
• c7a86de Add post-quantum key exchange algorithm to defaults
• Additional commits viewable in compare view

Updates test-log from 0.2.16 to 0.2.17

Release notes

Sourced from test-log's releases.

v0.2.17

• Changed default log level to INFO

New Contributors

• @​Wilfred made their first contribution in d-e-s-o/test-log#54

Full Changelog: d-e-s-o/test-log@v0.2.16...v0.2.17

Changelog

Sourced from test-log's changelog.

0.2.17

• Changed default log level to INFO

Commits

• b0847e5 Bump version to 0.2.17
• ed14486 Uniformly set default log level to INFO
• c91596c Store default_log_filter as Cow<str>
• a98f548 Capture INFO and WARN from tracing by default
• 756d49e Address clippy reported issues
• See full diff in compare view

Updates insta from 1.42.0 to 1.42.1

Release notes

Sourced from insta's releases.

1.42.1

Release Notes

• Improved handling of control characters in inline snapshots. #713

Install cargo-insta 1.42.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.42.1/cargo-insta-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy ByPass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.42.1/cargo-insta-installer.ps1 | iex"

Download cargo-insta 1.42.1

File	Platform	Checksum
cargo-insta-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
cargo-insta-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
cargo-insta-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
cargo-insta-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum
cargo-insta-x86_64-unknown-linux-musl.tar.xz	x64 MUSL Linux	checksum

Changelog

Sourced from insta's changelog.

1.42.1

• Improved handling of control characters in inline snapshots. #713

Commits

• 272d628 Bump version to 1.42.1 (#714)
• c22d1ee Improved handling of control characters in inline snapshots (#713)
• f778d29 Replace use of unsafe with pin_project (#711)
• 949ac94 Update test output for snapshot_text change (#706)
• 1da675c Fix command in changelog (#705)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions