build(deps): bump the all-cargo group with 5 updates

[dependabot]

Bumps the all-cargo group with 5 updates:

Package	From	To
toml	0.8.23	1.1.2+spec-1.1.0
quick-xml	0.37.5	0.40.0
indicatif	0.17.11	0.18.4
console	0.15.11	0.16.3
rand	0.9.4	0.10.1

Updates toml from 0.8.23 to 1.1.2+spec-1.1.0

Commits

• a3d0047 chore: Release
• cc37615 docs: Update changelog
• 7f5e9e1 fix(parser): Consolidate invalid unquoted key into one error (#1138)
• 52feb90 fix(parser): Consolidate invalid unquoted key into one error
• aad85d4 chore(deps): Update j178/prek-action action to v2 (#1136)
• 8b1ac44 chore(deps): Update compatible (dev) (#1135)
• 9effd79 chore(deps): Update j178/prek-action action to v2
• 9db8aad chore: Release
• e55a663 docs: Update changelog
• c11d7d7 Optimisations (#1133)
• Additional commits viewable in compare view

Updates quick-xml from 0.37.5 to 0.40.0

Release notes

Sourced from quick-xml's releases.

v0.40.0 - UTF-16 and ISO-2022-JP encodings supported

What's Changed

MSRV bumped to 1.79.

Now quick-xml supports the UTF-16 and ISO-2022-JP encoded documents. See the new DecodingReader type.

New Features

• #956: Add DecodingReader, a BufRead adapter that auto-detects encoding from BOM or XML declaration and transcodes to UTF-8. Enabled by the encoding feature.

• #938: Add new enumeration XmlVersion and typified getter BytesDecl::xml_version().

• #938: Add new error variant IllFormedError::UnknownVersion.

• #371: Add new error variant EscapeError::TooManyNestedEntities.

• #371: Improved compliance with the XML attribute value normalization process by adding

  • Attribute::normalized_value()
  • Attribute::normalized_value_with()
  • Attribute::decoded_and_normalized_value()
  • Attribute::decoded_and_normalized_value_with()

  which ought to be used in place of deprecated

  • Attribute::unescape_value()
  • Attribute::unescape_value_with()
  • Attribute::decode_and_unescape_value()
  • Attribute::decode_and_unescape_value_with()

  Deprecated functions now behaves the same as newly added.

Bug Fixes

• #938: Use correct rules for EOL normalization in Deserializer when parse XML 1.0 documents. Previously XML 1.1. rules was applied.

Misc Changes

• #914: Remove deprecated .prefixes(), .resolve(), .resolve_attribute(), and .resolve_element() of NsReader. Use .resolver().<...> methods instead.
• #938: Now BytesText::xml_content, BytesCData::xml_content and BytesRef::xml_content accepts XmlVersion parameter to apply correct EOL normalization rules.
• #944: read_text() now returns BytesText which allows you to get the content with properly normalized EOLs. To get the previous behavior use .read_text().decode()?.
• #956: Bumped MSRV from 1.59 (Feb 2022) to 1.79 (June 2024)

#371: tafia/quick-xml#371 #914: tafia/quick-xml#914 #938: tafia/quick-xml#938 #944: tafia/quick-xml#944 #956: tafia/quick-xml#956

New Contributors

• @​dobermai made their first contribution in tafia/quick-xml#958

Full Changelog: tafia/quick-xml@v0.39.4...v0.40.0

v0.39.4 - Fix another panics when parse malformed DTD

... (truncated)

Changelog

Sourced from quick-xml's changelog.

0.40.0 -- 2026-05-11

MSRV bumped to 1.79.

Now quick-xml supports the UTF-16 encoded documents. See the new DecodingReader type.

New Features

• #956: Add DecodingReader, a BufRead adapter that auto-detects encoding from BOM or XML declaration and transcodes to UTF-8. Enabled by the encoding feature.

• #938: Add new enumeration XmlVersion and typified getter BytesDecl::xml_version().

• #938: Add new error variant IllFormedError::UnknownVersion.

• #371: Add new error variant EscapeError::TooManyNestedEntities.

• #371: Improved compliance with the XML attribute value normalization process by adding

  • Attribute::normalized_value()
  • Attribute::normalized_value_with()
  • Attribute::decoded_and_normalized_value()
  • Attribute::decoded_and_normalized_value_with()

  which ought to be used in place of deprecated

  • Attribute::unescape_value()
  • Attribute::unescape_value_with()
  • Attribute::decode_and_unescape_value()
  • Attribute::decode_and_unescape_value_with()

  Deprecated functions now behaves the same as newly added.

Bug Fixes

• #938: Use correct rules for EOL normalization in Deserializer when parse XML 1.0 documents. Previously XML 1.1. rules was applied.

Misc Changes

• #914: Remove deprecated .prefixes(), .resolve(), .resolve_attribute(), and .resolve_element() of NsReader. Use .resolver().<...> methods instead.
• #938: Now BytesText::xml_content, BytesCData::xml_content and BytesRef::xml_content accepts XmlVersion parameter to apply correct EOL normalization rules.
• #944: read_text() now returns BytesText which allows you to get the content with properly normalized EOLs. To get the previous behavior use .read_text().decode()?.
• #956: Bumped MSRV from 1.59 (Feb 2022) to 1.79 (June 2024)

#371: tafia/quick-xml#371 #914: tafia/quick-xml#914 #938: tafia/quick-xml#938 #944: tafia/quick-xml#944 #956: tafia/quick-xml#956

0.39.4 -- 2026-05-08

... (truncated)

Commits

• 2778564 Release 0.40.0
• 393db03 Merge pull request #962 from Mingun/prepare-0.40
• a27709a Fix misprint in code example
• 0c0c914 Make some functions const and enable clippy::missing_const_for_fn lint
• bf4ffe5 Fix clippy warning: use .first() instead of .get(0)
• d69baad Fix clippy warning: remove unnecessary after 241f01e20ff679e9248f2ae424c9ba82...
• 8e0ae4f Fix clippy warning: use strip_prefix instead of manual stripping
• b795a5d Remove outdated documentation line that accidentally remained after 99d2870a3...
• 94e61ed Merge pull request #956 from dralley/decode
• b918b0b Expand tests using DecodingReader
• Additional commits viewable in compare view

Updates indicatif from 0.17.11 to 0.18.4

Release notes

Sourced from indicatif's releases.

0.18.4

What's Changed

• initial draft oft hold_max with heuristic by @​djugei in console-rs/indicatif#657
• Fix duration after finish by @​luolong in console-rs/indicatif#748
• Add refresh rate warning for ProgressDrawTarget::term_like() by @​djc in console-rs/indicatif#750
• Seeking heuristic tweaks by @​djc in console-rs/indicatif#751
• Expose the current tab width by @​alexisfontaine in console-rs/indicatif#754
• Make WASM support optional via a feature flag by @​SvenFinn in console-rs/indicatif#761
• fix: respect NO_COLOR and TERM=dumb environment variables by @​shaanmajid in console-rs/indicatif#764

0.18.3

What's Changed

• Add ProgressBar::set_elapsed by @​sunshowers in console-rs/indicatif#742

0.18.2

What's Changed

• Fix wide_msg truncation with a colored message by @​glehmann in console-rs/indicatif#740
• style: tweak write_ansi_range() style by @​djc in console-rs/indicatif#741

0.18.1

What's Changed

• Do not render "current" char if no "current" char is configured by @​Finomnis in console-rs/indicatif#719
• Update vt100 requirement from 0.15.1 to 0.16.1 by @​dependabot[bot] in console-rs/indicatif#723
• Bump MSRV to 1.71 with versioned lockfile by @​djc in console-rs/indicatif#735
• Fix wide_bar width computation with a multiline message by @​glehmann in console-rs/indicatif#738

0.18.0

Unfortunately 0.17.12 had to be yanked because the console upgrade was a semver-incompatible change. Rerelease as 0.18.0 instead.

What's Changed

• Bump version to 0.18.0 by @​djc in console-rs/indicatif#715

0.17.12

What's Changed

• Add ProgressBar::force_draw by @​jaheba in console-rs/indicatif#689
• Use width to truncate HumanFloatCount values by @​ReagentX in console-rs/indicatif#696
• ProgressStyle enable/disable colors based on draw target by @​tonywu6 in console-rs/indicatif#699
• Switch dep number_prefix to unit_prefix by @​kimono-koans in console-rs/indicatif#709
• draw_target: inline the format arg to silence clippy by @​chris-laplante in console-rs/indicatif#711
• Upgrade to console 0.16 by @​djc in console-rs/indicatif#712

Commits

• 4de2f60 Bump version to 0.18.4
• 8e0ab0e fix: respect NO_COLOR and TERM=dumb environment variables
• 781b2d0 Take semver-compatible dependency updates
• 34aee07 Introduce unicode-width feature
• 51d284f Introduce wasmbind feature
• ee057e5 Bump tokio from 1.48.0 to 1.49.0
• 31bcea3 Bump portable-atomic from 1.11.1 to 1.12.0
• dbd26eb Bump console from 0.16.1 to 0.16.2
• 7ac4a0d Expose the current tab width
• 95088ff iter: clean up variable names, casting
• Additional commits viewable in compare view

Updates console from 0.15.11 to 0.16.3

Release notes

Sourced from console's releases.

0.16.3

What's Changed

• Use std::sync::OnceLock instead of once_cell by @​cuviper in console-rs/console#281
• Bump version to 0.16.3 by @​cuviper in console-rs/console#282

0.16.2

What's Changed

• Implement basic support for true colors by @​lord-haffi in console-rs/console#271
• docs: add note about clicolors by @​philbucher in console-rs/console#274
• chore: minor improvement for docs by @​spuradage in console-rs/console#276
• Exclude development scripts from published package by @​weiznich in console-rs/console#278

0.16.1

What's Changed

• Add WithoutAnsi struct that implements Display by @​ChocolateLoverRaj in console-rs/console#258
• Tweak style for new WithAnsi code by @​djc in console-rs/console#266
• Fix QNX 7.1 patch for libc::cfmakeraw by @​rafaeling in console-rs/console#267
• Upgrade windows-sys to 0.61 by @​djc in console-rs/console#272

0.16.0

What's Changed

The 0.15.12 release was yanked after it turned out to be semver-incompatible with existing usage by several of the most popular dependent crates, because it introduced a std feature -- and those crates used default-features = false but relied on the std-guarded features.

The 0.16.0 API should be semver-compatible with the 0.15.x API except for the need for the std feature.

• Prepare 0.16.0 by @​djc in console-rs/console#265

Refer to the 0.15.12 release notes for more information.

0.15.12

What's Changed

• Use EnumSet instead of a full-blown btreemap for the attributes by @​jwiesler in console-rs/console#244
• Tweak Attributes bit set API by @​djc in console-rs/console#245
• Implement measure_text_width with no allocation by @​remi-dupre in console-rs/console#246
• fix(utils): surprising behavior in truncate_str when tail is larger than width by @​remi-dupre in console-rs/console#250
• fix spelling mistake by @​Axlefublr in console-rs/console#253
• feat(part): add NO_COLOR env support for windows terminal by @​L-Chao in console-rs/console#254
• Update windows-sys requirement from 0.59 to 0.60 by @​dependabot in console-rs/console#259
• Add features to work with no_std, and with alloc in no_std by @​ChocolateLoverRaj in console-rs/console#256
• Fix CI badge and license URL by @​atouchet in console-rs/console#261
• Bump version to 0.15.12 by @​felstead in console-rs/console#262

Commits

• 70ea3d0 Bump version to 0.16.3
• 6bd8894 Remove make msrv-lock
• 499e5f6 Use std::sync::OnceLock instead of once_cell
• 0bf645d Bump version
• 0b789b9 Fix clippy warnings
• bb1cbdb Exclude development scripts from published package
• 12281c1 chore: minor improvement for docs
• e611fbc docs: add note about clicolors
• e9b9a44 Apply clippy suggestion
• 9cf0c5f ci: enable all workflows for pull requests
• Additional commits viewable in compare view

Updates rand from 0.9.4 to 0.10.1

Changelog

Sourced from rand's changelog.

[0.10.1] — 2026-02-11

This release includes a fix for a soundness bug; see #1763.

Changes

• Document panic behavior of make_rng and add #[track_caller] (#1761)
• Deprecate feature log (#1763)

#1761: rust-random/rand#1761 #1763: rust-random/rand#1763

[0.10.0] - 2026-02-08

Changes

• The dependency on rand_chacha has been replaced with a dependency on chacha20. This changes the implementation behind StdRng, but the output remains the same. There may be some API breakage when using the ChaCha-types directly as these are now the ones in chacha20 instead of rand_chacha (#1642).
• Rename fns IndexedRandom::choose_multiple -> sample, choose_multiple_array -> sample_array, choose_multiple_weighted -> sample_weighted, struct SliceChooseIter -> IndexedSamples and fns IteratorRandom::choose_multiple -> sample, choose_multiple_fill -> sample_fill (#1632)
• Use Edition 2024 and MSRV 1.85 (#1653)
• Let Fill be implemented for element types, not sliceable types (#1652)
• Fix OsError::raw_os_error on UEFI targets by returning Option<usize> (#1665)
• Replace fn TryRngCore::read_adapter(..) -> RngReadAdapter with simpler struct RngReader (#1669)
• Remove fns SeedableRng::from_os_rng, try_from_os_rng (#1674)
• Remove Clone support for StdRng, ReseedingRng (#1677)
• Use postcard instead of bincode to test the serde feature (#1693)
• Avoid excessive allocation in IteratorRandom::sample when amount is much larger than iterator size (#1695)
• Rename os_rng -> sys_rng, OsRng -> SysRng, OsError -> SysError (#1697)
• Rename Rng -> RngExt as upstream rand_core has renamed RngCore -> Rng (#1717)

Additions

• Add fns IndexedRandom::choose_iter, choose_weighted_iter (#1632)
• Pub export Xoshiro128PlusPlus, Xoshiro256PlusPlus prngs (#1649)
• Pub export ChaCha8Rng, ChaCha12Rng, ChaCha20Rng behind chacha feature (#1659)
• Fn rand::make_rng() -> R where R: SeedableRng (#1734)

Removals

• Removed ReseedingRng (#1722)
• Removed unused feature "nightly" (#1732)
• Removed feature small_rng (#1732)

#1632: rust-random/rand#1632 #1642: rust-random/rand#1642 #1649: rust-random/rand#1649 #1652: rust-random/rand#1652 #1653: rust-random/rand#1653 #1659: rust-random/rand#1659 #1665: rust-random/rand#1665 #1669: rust-random/rand#1669 #1674: rust-random/rand#1674 #1677: rust-random/rand#1677 #1693: rust-random/rand#1693 #1695: rust-random/rand#1695 #1697: rust-random/rand#1697

... (truncated)

Commits

• 27ff4cb Prepare v0.10.1: deprecate feature log (#1763)
• 98d0638 make_rng: document panic and add #[track_caller] (#1761)
• 54e5eaa Fix doc error (#1758)
• 1ce4c08 Bump itoa from 1.0.17 to 1.0.18 in the all-deps group (#1756)
• ccb734b docs: fix typo in doc comment (#1754)
• 357eb7d Bump libc from 0.2.182 to 0.2.183 in the all-deps group (#1753)
• 5e77fe5 Fix trait references in documentation (#1752)
• da89185 Bump the all-deps group with 3 updates (#1751)
• 50516ff Bump the all-deps group with 2 updates (#1749)
• fd71de9 Bump the all-deps group with 2 updates (#1747)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions