chore(deps): Bump the all-cargo-version-updates group across 1 directory with 6 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the all-cargo-version-updates group with 6 updates in the / directory:

Package	From	To
insta	1.44.3	1.46.0
object_store	0.12.4	0.13.0
rustls	0.23.35	0.23.36
serde_json	1.0.148	1.0.149
tiff	0.10.3	0.11.0
url	2.5.7	2.5.8

Updates insta from 1.44.3 to 1.46.0

Release notes

Sourced from insta's releases.

1.46.0

Release Notes

• Add INSTA_PENDING_DIR environment variable for Bazel and other hermetic build systems. When set, pending snapshots are written to a separate directory while keeping the source tree read-only. We are very open to feedback on this feature. #852
• Fix documentation for test.runner_fallback config key. #853

Install cargo-insta 1.46.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.46.0/cargo-insta-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.46.0/cargo-insta-installer.ps1 | iex"

Download cargo-insta 1.46.0

File	Platform	Checksum
cargo-insta-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
cargo-insta-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
cargo-insta-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
cargo-insta-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum
cargo-insta-x86_64-unknown-linux-musl.tar.xz	x64 MUSL Linux	checksum

1.45.1

Release Notes

• Fix backward compatibility with TOML format produced by insta < 1.45.0. #849 (@​chitoku-k)

Install cargo-insta 1.45.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.45.1/cargo-insta-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.45.1/cargo-insta-installer.ps1 | iex"

Download cargo-insta 1.45.1

... (truncated)

Changelog

Sourced from insta's changelog.

1.46.0

• Add INSTA_PENDING_DIR environment variable for Bazel and other hermetic build systems. When set, pending snapshots are written to a separate directory while keeping the source tree read-only. We are very open to feedback on this feature. #852
• Fix documentation for test.runner_fallback config key. #853

1.45.1

• Fix backward compatibility with TOML format produced by insta < 1.45.0. #849 (@​chitoku-k)

1.45.0

• Add external diff tool support via INSTA_DIFF_TOOL environment variable. When set, insta uses the specified tool (e.g., delta, difftastic) to display snapshot diffs instead of the built-in diff. The tool is invoked as <tool> <old_file> <new_file>. #844
• Add test.disable_nextest_doctest config option to insta.yaml, allowing users to silence the nextest doctest warning via config instead of passing --dnd every time. #842
• Skip non-insta snapshot files in unreferenced detection. Projects using both insta and other snapshot tools (like vitest or jest) can now use --unreferenced=reject without false positives on .snap files from other tools. #846
• Collect warnings from tests for display after run. Ensures deprecation warnings are visible even when nextest suppresses stdout/stderr from passing tests. #840
• Update TOML serialization to be up-to-date and backwards-compatible. #834 (@​spoutn1k)
• Support clippy::needless_raw_strings lint by only using raw strings when content contains backslashes or quotes. #828

Commits

• 7d27e3a Release 1.46.0 (#855)
• 3aa59d6 Add INSTA_PENDING_DIR environment variable for hermetic builds (#852)
• fd40cf7 Fix docs for test.runner_fallback config key (#853)
• ac191ba Add test for multiline snapshots without special characters (#848)
• 55f6999 Release 1.45.1 (#850)
• 00b1cd4 Fix backward compatibility with TOML format produced by insta < 1.45.0 (#849)
• 681a026 Release 1.45.0 (#847)
• ad233cd Skip non-insta snapshot files in unreferenced detection (#846)
• d8e8dfe Collect warnings from tests for display after run (#840)
• 521812c Support clippy::needless_raw_strings lint (#828)
• Additional commits viewable in compare view

Updates object_store from 0.12.4 to 0.13.0

Changelog

Sourced from object_store's changelog.

v0.13.0 (2025-12-19)

Full Changelog

Breaking changes:

• fix: Add fields to Error::NotImplemented with more details on what isn't implemented #575 (carols10cents)
• refactor!: copy & copy_if_not_exists => copy_opts #548 (crepererum)
• refactor!: move head to ObjectStoreExt #543 (crepererum)
• fix: wrappers and default trait methods #537 (crepererum)
• refactor!: move get_range to ObjectStoreExt #536 (crepererum)
• refactor!: move get to ObjectStoreExt #532 (crepererum)
• refactor: move put_multipart to ObjectStoreExt #530 (crepererum)
• feat!: use 'static lifetime for delete_stream #524 (linhr)
• Bump rust edition to 2024, rust version to 1.85 #515 (AdamGS)
• reapply: remove AWS dynamo integration (#407), try 2 #494 (alamb)
• refactor: introduce ObjectStoreExt trait #405 (crepererum)

Implemented enhancements:

• NotImplemented error should say what method wasn't implemented by what implementation #572
• Allow explicitly specifying the GCS base URL #566
• Detailed error messages for Generic #560
• Include reqwest/hyper error sources in error messages #554
• Improve Path ergonomics #545
• [Suggestion] Move ObjectStore API to use arrow-rs' Buffer #544
• Implement ObjectStore for Arc<T> and Box<T> #525
• Refactor GetOptions with a builder pattern #516
• Better support for Tags #508
• Error 411 (Length Required) when using Multipart PUT on GCP with S3Store #495
• Deprecate and Remove DynamoCommit #373
• Add CopyOptions #116

Fixed bugs:

• RequestError exposes underlying reqwest::Error rather than the nicer HttpError #579
• SpawnService panics tokio-runtime-worker threads #578
• local path filtering has different semantics #573
• AWS: using Checksum::SHA256 causes copy_if_not_exists with S3CopyIfNotExists::Multipart to fail #568
• Cargo Audit Produces a Warning for rustls-pemfile being unmaintained #564
• AmazonS3ConfigKey::WebIdentityTokenFile is ignored #538
• Cannot parse AWS S3 HTTP URLs without region #522
• Signature mismatch (sigv4) when using attribute values with double whitespace #510
• Generic S3 error: Metadata value for ""x-amz-meta-.."" contained non UTF-8 characters #509
• Inconsistent documentation of "Supported Keys" #497

Documentation updates:

• Update release date for version 0.13.0 in README #521 (alamb)
• feat: refactor GetOptions with builder, add binary examples #517 (peasee)

... (truncated)

Commits

• eedbf3d Prepare for 0.13.0 release (#581)
• 44e258c Add A "upgrading to 0.13.0" guide in docs (#584)
• 24e5fbc Update release schedule on README (#583)
• 378bfe7 correctly expose HttpError through RetryError::source (#580)
• fa40170 Path improvements (#546)
• 493a5d0 fix: Add more details on what isn't implemented (#575)
• 7b09e4e Documentation for backend support of bulk delete (#571)
• 65ad88b Remove dev dependency on openssl (#577)
• de4a30e Allow explicitly specifying GCS base URL (#567)
• 92b1378 refactor!: move delete to ObjectStoreExt (#549)
• Additional commits viewable in compare view

Updates rustls from 0.23.35 to 0.23.36

Commits

• b47bf54 Prepare 0.23.36
• 99308d2 Bump nightly toolchain for cargo-check-external-types
• ba00982 Support P256+SHA512 and P384+SHA512 signatures in certificates
• See full diff in compare view

Updates serde_json from 1.0.148 to 1.0.149

Release notes

Sourced from serde_json's releases.

v1.0.149

• Align arbitrary_precision number strings with zmij's formatting (#1306, thanks @​b41sh)

Commits

• 4f6dbfa Release 1.0.149
• f3df680 Touch up PR 1306
• e16730f Merge pull request #1306 from b41sh/fix-float-number-display
• eeb2bcd Align arbitrary_precision number strings with zmij’s formatting
• See full diff in compare view

Updates tiff from 0.10.3 to 0.11.0

Changelog

Sourced from tiff's changelog.

Version 0.11.0

• Directory now implements FromIterator<(Tag, Value)>.

Changes:

• The decoder now interprets the ExtraSamples tag. The sample count must now more strict match the expected value with alpha channels only allowing for explicitly denoted unassociated or associated alpha. This effects the indicated color type when decoding images with additional samples indicated as unspecified relation. Previously, these may have been interpreted as alpha by the total sample count (e.g. RgbA if 4 samples under a photometric interpretation of RGB).
• The decoder handles planar data, current limited to non-subsampled channels. The Decoder::read_image method return planes one-after-another depending on the size of the buffer that was passed.
• Decoder::read_image_to_buffer now takes &mut DecodingResult and resizes it according to the required layout. Previously, a borrowed DecodingBuffer was passed which can be replaced by calling as_bytes_mut and read_image_bytes.
• Several methods of tags are now const. Note that does not guarantee any particular value when calling these methods.

Fixes:

• Fix a bug in the uncompressed encoder that could lead to short writes, i.e. data silently dropped when the underlying writer did not accept all data in a single write call.
• Encoding YCbCr data now writes the ChromaSubsampling tag as (1, 1) to indicate no subsampling, instead of leaving it at its default of (2, 2).
• The decoder will reject subsampled YCbCr data as there is no upsampling routine, except for JPEG compressed images where the JPEG decoders handles this. Since the buffer in that case indicates a full-sized plane for all color samples any future support for the tag will upsample all planes (at least within this major version).

Additions:

• Added support for the CieLab color type.
• Added DecodingResult::resize_to to create a buffer with a matching sample type and dimensions.
• Added ByteOrder::native to access the platform's native endianness.
• Added ByteOrder::convert to change the byte-order of values in a byte buffer, depending on their Type as described at runtime.
• Added DirectoryOffset::new to encode a directory whose offset is known to the caller but that has not been written through the encoder itself.
• Added Encoder::extra_samples to encode images with more samples than their color's trait implementation would otherwise suggest.
• Added DirectoryEncoder::extend_from to encode multiple tag entries from a directory whose values were written to the file by means outside the encoder's control.
• Added Decoder::read_coding_unit_bytes to retrieve data of corresponding coordinates from potentially planar data, which is encoded in multiple chunks

... (truncated)

Commits

• 5b21bcc Merge pull request #320 from image-rs/release-0.11
• fe305ec Bump version to 0.11
• a3ab252 Merge pull request #319 from image-rs/ycbcr-subsampling
• bd64e43 Add note about subsampling support to decoder
• fa225e8 Exempt JPEG compression from upsampling restriction
• ea373ba Fix YCbCr encoding not having subsampling
• 23d1867 Recognize YCbCr/Chomra subsampling tags
• 234b2ba Merge pull request #318 from image-rs/release-0.11
• a63a013 Made Tag::from_u16, from_u16_exhaustive and to_u16 const
• efd2a6d Nit: documentation links to wrong item
• Additional commits viewable in compare view

Updates url from 2.5.7 to 2.5.8

Commits

• d6ea13c Bump to 2.5.8
• 8269ac3 ci: update cargo-deny config, bump cargo-deny-action to v2 (#1092)
• 6dfdf17 chore: fix some typos in comments (#1090)
• b06048d Attempt to fix 1.82 CI (#1085)
• 9771ab5 Fix roundtripping issue (#1079)
• 22b925f Improve Compile Times with serde_derive (#1075)
• 0afccc9 fix outdated docs for ParseError (#1074)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/​url@​2.5.7 ⏵ 2.5.8

View full report