Bump the cargo group with 3 updates

[dependabot]

Bumps the cargo group with 3 updates: quick-xml, reqwest and napi-build.

Updates quick-xml from 0.37.5 to 0.38.0

Changelog

Sourced from quick-xml's changelog.

0.38.0 -- 2025-06-28

Significant changes

Now references to entities (as predefined, such as <, as user-defined) reported as a new Event::GeneralRef. Caller can parse the content of the entity and stream events from it as it is required by the XML specification. See the updated custom_entities example!

Implement whitespace behavior in the standard in Deserializer, which says string primitive types should preserve whitespace, while all other primitives have collapse behavior.

New Features

• #863: Add Attributes::into_map_access(&str) and Attributes::into_deserializer() when serialize feature is enabled. This will allow do deserialize serde types right from attributes. Both methods returns the same type which implements serde's Deserializer and MapAccess traits.
• #766: Allow to parse resolved entities as XML fragments and stream events from them.
• #766: Added new event Event::GeneralRef with content of [general entity].
• #766: Added new configuration option allow_dangling_amp which allows to have a & not followed by ; in the textual data which is required for some applications for compatibility reasons.
• #285: Add ability to quick_xml::de::Text to access text with trimmed spaces

Bug Fixes

• #868: Allow to have both $text and $value special fields in one struct. Previously any text will be recognized as $value field even when $text field is also presented.
• #868: Skip text events when deserialize a sequence of items overlapped with text (including CDATA).
• #841: Do not strip xml prefix from the attributes when map them to struct fields in Deserializer.

Misc Changes

• #863: Remove From<QName<'a>> for BytesStart<'a> because now BytesStart stores the encoding in which its data is encoded, but QName is a simple wrapper around byte slice.
• #766: BytesText::unescape and BytesText::unescape_with replaced by BytesText::decode. Now Text events does not contain escaped parts which are reported as Event::GeneralRef.

#285: tafia/quick-xml#285 #766: tafia/quick-xml#766 #841: tafia/quick-xml#841 #863: tafia/quick-xml#863 #868: tafia/quick-xml#868 [general entity]: https://www.w3.org/TR/xml11/#gen-entity

Commits

• e8806e0 Release 0.38.0
• 7c4b702 Fix incorrect references in the documentation
• 2cbb2b8 Merge pull request #873 from curatorsigma/serde_roundtrip_xml_attrs
• bc18c57 serde: allow xml: attributes to roundtrip
• 899d573 Skip unwanted text events in sequences
• 5942a13 Add regression test for #868
• f152aec Allow both &text and $value fields in the same struct
• d6dfeed Merge pull request #872 from Mingun/update-compare
• 6017acf Merge pull request #865 from ggodlewski/untrim
• 15a3e86 compare: Put each group into its own file to be able to run them independentl...
• Additional commits viewable in compare view

Updates reqwest from 0.12.20 to 0.12.21

Changelog

Sourced from reqwest's changelog.

v0.12.21

• Fix socks proxy to use socks4a:// instead of socks4h://.
• Fix Error::is_timeout() to check for hyper and IO timeouts too.
• Fix request Error to again include URLs when possible.
• Fix socks connect error to include more context.
• (wasm) implement Default for Body.

Commits

• See full diff in compare view

Updates napi-build from 2.2.1 to 2.2.2

Release notes

Sourced from napi-build's releases.

[email protected]

What's Changed

• fix(build): increase wasi stack size by @​CPunisher in napi-rs/napi-rs#2748

Full Changelog: https://github.com/napi-rs/napi-rs/compare/[email protected]@2.2.2

Commits

• 0a8de79 Release independent packages
• caf0400 Release independent packages
• 092f887 fix(napi-derive): generate object key types properly (#2752)
• b5e9c41 fix(napi): remove DerefMut impl for all TypedArray types (#2750)
• 56998d5 fix(napi): callback should be Fn rather than FnOnce (#2749)
• b25c5de fix(build): increase wasi stack size (#2748)
• 2273031 test(napi): add fixture for #2746 (#2747)
• 3898211 Release independent packages
• 9a376fe test(cli): prevent path error on Windows (#2745)
• 8c3db48 style: run clippy on nightly Rust (#2744)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.90%. Comparing base (ada1fbc) to head (57090b1).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #154      +/-   ##
==========================================
- Coverage   97.53%   96.90%   -0.64%     
==========================================
  Files          14       14              
  Lines        3406     3132     -274     
==========================================
- Hits         3322     3035     -287     
- Misses         84       97      +13     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codspeed-hq]

CodSpeed Performance Report

Merging #154 will not alter performance

_{Comparing dependabot/cargo/cargo-5334453f05 (57090b1) with main (ada1fbc)}

Summary

✅ 1 untouched benchmarks

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.