Bump the rust-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the rust-dependencies group with 7 updates in the / directory:

Package	From	To
libcnb	0.21.0	0.22.0
libherokubuildpack	0.24.0	0.26.0
semver	1.0.23	1.0.25
serde	1.0.215	1.0.217
thiserror	2.0.3	2.0.11
libcnb-test	0.21.0	0.22.0
tempfile	3.14.0	3.16.0

Updates libcnb from 0.21.0 to 0.22.0

Changelog

Sourced from libcnb's changelog.

[0.22.0] - 2024-06-18

Added

• libcnb:
  • A new API for working with layers has been added. See the BuildContext::cached_layer and BuildContext::uncached_layer docs for examples of how to use this API. (#814)

Changed

• libcnb:
  • The Layer trait and related types and functions have been deprecated. Please migrate to the new API. (#814)
  • Errors related to layers have been restructured. While this is technically a breaking change, buildpacks usually don't have to be modified in practice. (#814)

Fixed

• libcnb-data:
  • The working directory for launch processes specifying a WorkingDirectory::Directory value is now respected. (#831)

Commits

• 8f74590 Prepare release v0.22.0 (#835)
• 8058f4c Bump buildpacks/github-actions from 5.7.1 to 5.7.2 (#834)
• aa3268b Migrate examples and test buildpacks to struct layer API (#833)
• fa568d4 Struct Layer API (#814)
• b1065a8 Replace '**' with '`' in libherokubuildpack README (#832)
• 5d59632 Serialize process working directory as working-dir (#831)
• 6dc72cb Bump buildpacks/github-actions from 5.6.0 to 5.7.1 (#830)
• f7223a8 Update cyclonedx-bom requirement from 0.5.0 to 0.6.0 (#829)
• df5bb10 Bump softprops/action-gh-release from 2.0.4 to 2.0.5 (#826)
• 097bef0 Test helpers to match against regular expressions. (#813)
• See full diff in compare view

Updates libherokubuildpack from 0.24.0 to 0.26.0

Release notes

Sourced from libherokubuildpack's releases.

v0.26.0

Changed

• libherokubuildpack:
  • Removed buildpack_output module. This functionality from (#721) was experimental. The API was not stable and it is being removed. A similar API is available at bullet_stream. (#852

v0.25.0

Added

• libcnb-test:
  • Added ContainerConfig::bind_mount to support mounting a host machine file or directory into a container. (#871)

Changelog

Sourced from libherokubuildpack's changelog.

[0.26.0] - 2024-11-18

Changed

• libherokubuildpack:
  • Removed buildpack_output module. This functionality from (#721) was experimental. The API was not stable and it is being removed. A similar API is available at bullet_stream. (#852)

[0.25.0] - 2024-10-23

Added

• libcnb-test:
  • Added ContainerConfig::bind_mount to support mounting a host machine file or directory into a container. (#871)

Commits

• 5f9f5dd Prepare release v0.26.0 (#878)
• 06ef0d1 Update thiserror requirement from 1.0.65 to 2.0.3 (#881)
• c64063c Bump buildpacks/github-actions from 5.7.4 to 5.8.1 (#880)
• a6ef1b4 Update cyclonedx-bom requirement from 0.7.0 to 0.8.0 (#882)
• be5e45a Bump softprops/action-gh-release from 2.0.9 to 2.1.0 (#879)
• 1f83b10 Remove Buildpack Output module (#852)
• 0243784 Update which requirement from 6.0.3 to 7.0.0 (#875)
• 92fa62e Update fancy-regex requirement from 0.13.0 to 0.14.0 (#876)
• 7180324 Bump softprops/action-gh-release from 2.0.8 to 2.0.9 (#877)
• 2a3299c Switch back to the example alpine builder in CI (#668)
• Additional commits viewable in compare view

Updates semver from 1.0.23 to 1.0.25

Release notes

Sourced from semver's releases.

1.0.25

• Enable serde impls on play.rust-lang.org (#330, thanks @​jofas)

1.0.24

• Optimize Ord impls for semver::Prerelease and semver::BuildMetadata (#328, thanks @​Eh2406)

Commits

• b1e2848 Release 1.0.25
• 1fb55fc Merge pull request 330 from jofas/serde-on-playground
• 2bf9708 Enabled 'serde' feature on playground
• 6f4069d Release 1.0.24
• d03aba3 Touch up PR 328
• 238757d Merge pull request #328 from Eh2406/master
• 75856ef faster Ord when Eq
• 89504eb Prevent upload-artifact step from causing CI failure
• d1b17a9 Upload CI Cargo.lock for reproducing failures
• 4ea60ae Resolve doc_lazy_continuation clippy lint
• Additional commits viewable in compare view

Updates serde from 1.0.215 to 1.0.217

Release notes

Sourced from serde's releases.

v1.0.217

• Support serializing externally tagged unit variant inside flattened field (#2786, thanks @​Mingun)

v1.0.216

• Mark all generated impls with #[automatically_derived] to exclude from code coverage (#2866, #2868, thanks @​tdittr)

Commits

• 930401b Release 1.0.217
• cb6eaea Fix roundtrip inconsistency:
• b6f339c Resolve repr_packed_without_abi clippy lint in tests
• 2a5caea Merge pull request #2872 from dtolnay/ehpersonality
• b9f93f9 Add no-std CI on stable compiler
• eb5cd47 Drop #[lang = "eh_personality"] from no-std test
• 8478a3b Merge pull request #2871 from dtolnay/nostdstart
• dbb9091 Replace #[start] with extern fn main
• ad8dd41 Release 1.0.216
• f91d2ed Merge pull request #2868 from dtolnay/automaticallyderived
• Additional commits viewable in compare view

Updates thiserror from 2.0.3 to 2.0.11

Release notes

Sourced from thiserror's releases.

2.0.11

• Add feature gate to tests that use std (#409, #410, thanks @​Maytha8)

2.0.10

• Support errors containing a generic type parameter's associated type in a field (#408)

2.0.9

• Work around missing_inline_in_public_items clippy restriction being triggered in macro-generated code (#404)

2.0.8

• Improve support for macro-generated derive(Error) call sites (#399)

2.0.7

• Work around conflict with #[deny(clippy::allow_attributes)] (#397, thanks @​zertosh)

2.0.6

• Suppress deprecation warning on generated From impls (#396)

2.0.5

• Prevent deprecation warning on generated impl for deprecated type (#394)

2.0.4

• Eliminate needless_lifetimes clippy lint in generated From impls (#391, thanks @​matt-phylum)

Commits

• 0f532e3 Release 2.0.11
• 3d15543 Merge pull request #410 from dtolnay/testnostd
• 1a226ae Disable two more integration tests in no-std mode
• 8b5f2d7 Fix unused import in test when built without std
• eecd247 Add CI step to test with "std" disabled
• 8f2a76b Merge pull request #409 from Maytha8/std-tests
• 693a6cd Add feature gate to tests that use std
• 349f696 Release 2.0.10
• 6cd87bc Merge pull request #408 from dtolnay/assoctype
• 6b3e1e5 Generate trait bounds on associated types
• Additional commits viewable in compare view

Updates libcnb-test from 0.21.0 to 0.22.0

Changelog

Sourced from libcnb-test's changelog.

[0.22.0] - 2024-06-18

Added

• libcnb:
  • A new API for working with layers has been added. See the BuildContext::cached_layer and BuildContext::uncached_layer docs for examples of how to use this API. (#814)

Changed

• libcnb:
  • The Layer trait and related types and functions have been deprecated. Please migrate to the new API. (#814)
  • Errors related to layers have been restructured. While this is technically a breaking change, buildpacks usually don't have to be modified in practice. (#814)

Fixed

• libcnb-data:
  • The working directory for launch processes specifying a WorkingDirectory::Directory value is now respected. (#831)

Commits

• 8f74590 Prepare release v0.22.0 (#835)
• 8058f4c Bump buildpacks/github-actions from 5.7.1 to 5.7.2 (#834)
• aa3268b Migrate examples and test buildpacks to struct layer API (#833)
• fa568d4 Struct Layer API (#814)
• b1065a8 Replace '**' with '`' in libherokubuildpack README (#832)
• 5d59632 Serialize process working directory as working-dir (#831)
• 6dc72cb Bump buildpacks/github-actions from 5.6.0 to 5.7.1 (#830)
• f7223a8 Update cyclonedx-bom requirement from 0.5.0 to 0.6.0 (#829)
• df5bb10 Bump softprops/action-gh-release from 2.0.4 to 2.0.5 (#826)
• 097bef0 Test helpers to match against regular expressions. (#813)
• See full diff in compare view

Updates tempfile from 3.14.0 to 3.16.0

Changelog

Sourced from tempfile's changelog.

3.16.0

• Update getrandom to 0.3.0 (thanks to @​paolobarbolini).
• Allow windows-sys versions 0.59.x in addition to 0.59.0 (thanks @​ErichDonGubler).
• Improved security documentation (thanks to @​n0toose for collaborating with me on this).

3.15.0

Re-seed the per-thread RNG from system randomness when we repeatedly fail to create temporary files (#314). This resolves a potential DoS vector (#178) while avoiding getrandom in the common case where it's necessary. The feature is optional but enabled by default via the getrandom feature.

For libc-free builds, you'll either need to disable this feature or opt-in to a different getrandom backend.

Commits

• 6ecd9f1 chore: release 3.16.0
• 3693c01 build: upgrade getrandom to v0.3.0 (#320)
• a4596e5 build: allow windows-sys 0.59 (#319)
• 3ac6d4e chore: fix clippy lifetime warning (#318)
• 3a722e8 docs: improve & expand security documentation (#317)
• e7a40e3 Release v3.15.0
• ea45f47 feat: re-seed from system randomness on collision (#314)
• 16209da Fix link to ticket in changelog (#310)
• ae22b27 docs: add owasp link on insecure temporary files (#309)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions