build(deps): bump the cargo group across 1 directory with 6 updates

[dependabot]

Bumps the cargo group with 6 updates in the / directory:

Package	From	To
clap	4.5.45	4.5.46
fast-glob	0.4.5	1.0.0
quick-xml	0.38.1	0.38.3
regex	1.11.1	1.11.2
tempfile	3.20.0	3.21.0
pyo3	0.25.1	0.26.0

Updates clap from 4.5.45 to 4.5.46

Release notes

Sourced from clap's releases.

v4.5.46

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

Changelog

Sourced from clap's changelog.

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

Commits

• acf9abb chore: Release
• 9186a18 docs: Update changelog
• 233c316 Merge pull request #5926 from sorairolake/feature/value-parser-factory-for-sa...
• 13931a2 Merge pull request #5923 from Reverier-Xu/master
• 536e29f feat(builder): Add ValueParserFactory for Saturating\<T>
• 45ed71c chore: Avoid using gen for rust 2024 preserved keyword
• 5029bb3 chore: Avoid using gen for rust 2024 preserved keyword
• 8a1d59b chore(deps): Update Rust Stable to v1.85 (#5921)
• 9caee53 docs(changelog): Clarify 5.0.0
• cb2352f Merge pull request #5918 from epage/test
• Additional commits viewable in compare view

Updates fast-glob from 0.4.5 to 1.0.0

Release notes

Sourced from fast-glob's releases.

v1.0.0

Other

• clean up workflow files
• (release) enable trusted publishing
• (deps) update github-actions (#33)
• (deps) update marcoieni/release-plz-action digest to 068d76d (#32)
• (deps) update codspeedhq/action action to v3.7.0 (#31)
• Add wax to benchmark (#24)
• (deps) update dependency rust to v1.88.0 (#30)
• (deps) update marcoieni/release-plz-action digest to 8724d33 (#29)
• (deps) update marcoieni/release-plz-action digest to dde7b63 (#26)
• (deps) update dependency rust to v1.87.0 (#28)
• (deps) update dependency rust to v1.86.0 (#27)
• (deps) update dependency rust to v1.85.1 (#25)
• (deps) update github-actions (#23)
• (deps) update marcoieni/release-plz-action digest to 476794e (#22)
• (deps) update rust crate criterion2 to v3 (#21)
• (deps) update github-actions (#18)
• (deps) update github-actions (#19)
• without any performance compromise (#17)

Changelog

Sourced from fast-glob's changelog.

1.0.0 - 2025-07-27

Other

• clean up workflow files
• (release) enable trusted publishing
• (deps) update github-actions (#33)
• (deps) update marcoieni/release-plz-action digest to 068d76d (#32)
• (deps) update codspeedhq/action action to v3.7.0 (#31)
• Add wax to benchmark (#24)
• (deps) update dependency rust to v1.88.0 (#30)
• (deps) update marcoieni/release-plz-action digest to 8724d33 (#29)
• (deps) update marcoieni/release-plz-action digest to dde7b63 (#26)
• (deps) update dependency rust to v1.87.0 (#28)
• (deps) update dependency rust to v1.86.0 (#27)
• (deps) update dependency rust to v1.85.1 (#25)
• (deps) update github-actions (#23)
• (deps) update marcoieni/release-plz-action digest to 476794e (#22)
• (deps) update rust crate criterion2 to v3 (#21)
• (deps) update github-actions (#18)
• (deps) update github-actions (#19)
• without any performance compromise (#17)

Commits

• ca4d09b chore: release v1.0.0 (#20)
• 5cced0b chore: clean up workflow files
• 811a332 ci(release): enable trusted publishing
• ea303ee chore(deps): update github-actions (#33)
• b9f141e chore(deps): update marcoieni/release-plz-action digest to 068d76d (#32)
• d50545a chore(deps): update codspeedhq/action action to v3.7.0 (#31)
• 9bc8856 Add wax to benchmark (#24)
• 44d9c53 chore(deps): update dependency rust to v1.88.0 (#30)
• 0fd4df1 chore(deps): update marcoieni/release-plz-action digest to 8724d33 (#29)
• 5073e0e chore(deps): update marcoieni/release-plz-action digest to dde7b63 (#26)
• Additional commits viewable in compare view

Updates quick-xml from 0.38.1 to 0.38.3

Release notes

Sourced from quick-xml's releases.

v0.38.3 - Fix EOL normalization in some cases

What's Changed

Bug Fixes

• #895: Fix incorrect normalization of \rX EOL sequences where X is a char which is UTF-8 encoded as [c2 xx], except [c2 85].

Misc Changes

• #895: Add new xml10_content() and xml11_content() methods which behaves the same as html_content() and xml_content() methods, but express intention more clearly.

Full Changelog: tafia/quick-xml@v0.38.2...v0.38.3

v0.38.2 - Make NamespaceResolver public

What's Changed

New Features

• #893: Implement FusedIterator for NamespaceBindingsIter.
• #893: Make NamespaceResolver public.
• #893: Add NsReader::resolver() for access to namespace resolver.

Misc Changes

• #893: Rename PrefixIter to NamespaceBindingsIter.

New Contributors

• @​decathorpe made their first contribution in tafia/quick-xml#891

Full Changelog: tafia/quick-xml@v0.38.1...v0.38.2

Changelog

Sourced from quick-xml's changelog.

0.38.3 -- 2025-08-24

Bug Fixes

• #895: Fix incorrect normalization of \rX EOL sequences where X is a char which is UTF-8 encoded as [c2 xx], except [c2 85].

Misc Changes

• #895: Add new xml10_content() and xml11_content() methods which behaves the same as html_content() and xml_content() methods, but express intention more clearly.

#895: tafia/quick-xml#895

0.38.2 -- 2025-08-19

New Features

• #893: Implement FusedIterator for NamespaceBindingsIter.
• #893: Make NamespaceResolver public.
• #893: Add NsReader::resolver() for access to namespace resolver.

Misc Changes

• #893: Rename PrefixIter to NamespaceBindingsIter.

#893: tafia/quick-xml#893

Commits

• 655691c Release 0.38.3
• e7fa0ce Merge pull request #895 from Mingun/fix-eol-normalization
• cd6f813 XML 1.0 rules for EOL normalization equals to HTML rules, so rename correspon...
• 66d8fa2 Fix incorrect normalization of \rX EOL sequences where X is a char which is U...
• f8a8364 Release 0.38.2
• 3b0f237 Remove unused header from changelog
• cbf7fa3 Fix some misprints
• 8559e19 Do not deprecate PrefixIter because that may lead to compilation errors in do...
• b6b9ead Merge pull request #893 from Mingun/public-ns-resolver
• b12ef9f Use and recommend NamespaceResolver methods instead of NsReader methods
• Additional commits viewable in compare view

Updates regex from 1.11.1 to 1.11.2

Changelog

Sourced from regex's changelog.

1.11.2 (2025-08-24)

This is a new patch release of regex with some minor fixes. A larger number of typo or lint fix patches were merged. Also, we now finally recommend using std::sync::LazyLock.

Improvements:

• [BUG #1217](rust-lang/regex#1217): Switch recommendation from once_cell to std::sync::LazyLock.
• [BUG #1225](rust-lang/regex#1225): Add DFA::set_prefilter to regex-automata.

Bug fixes:

• [BUG #1165](rust-lang/regex#1150): Remove std dependency from perf-literal-multisubstring crate feature.
• [BUG #1165](rust-lang/regex#1165): Clarify the meaning of (?R)$ in the documentation.
• [BUG #1281](rust-lang/regex#1281): Remove fuzz/ and record/ directories from published crate on crates.io.

Commits

• d0aa586 1.11.2
• a3bf4ad regex-cli-0.2.2
• 25a15e2 rure-0.2.3
• 45c3da7 regex-lite-0.1.7
• 873ed80 regex-automata-0.4.10
• ea834f8 regex-syntax-0.8.6
• 86836fb changelog: 1.11.2
• 63a26c1 cargo: ensure that 'perf' doesn't enable 'std' implicitly (#1150)
• dd96592 doc: clarify CRLF mode effect
• 931dae0 cargo: point repository metadata to clonable URLs
• Additional commits viewable in compare view

Updates tempfile from 3.20.0 to 3.21.0

Changelog

Sourced from tempfile's changelog.

3.21.0

• Updated windows-sys requirement to allow version 0.60.x

Commits

• 48bff5f test(tempdir): configure tempdir on wasi
• 704a1d2 test(tempdir): cleanup tempdir tests and run more tests on wasi
• a0dc80d Add Android CI target (#367)
• 4ad1ae6 chore(release): release 3.21.0
• 3849edd build(deps): bump actions/checkout from 4 to 5 (#368)
• 0657fdf build(deps): update windows-sys requirement <0.61 (#360)
• 69b95c7 ci: fix was tests in CI (#361)
• See full diff in compare view

Updates pyo3 from 0.25.1 to 0.26.0

Release notes

Sourced from pyo3's releases.

PyO3 0.26.0

This version solidifies support for Python 3.14 and free-threaded Python 3.14t. A number of PyO3 APIs have been renamed to reflect the fact the GIL is no longer a universal feature of all Python implementations. For example:

• Python::with_gil is now known as Python::attach
• Python::allow_threads is now known as Python::detach
• pyo3::prepare_freethreaded_python is now known as Python::initialize()

The minimum supported Rust version has been increased to Rust 1.74.

An optional dependency on the bytes crate has been added to allow support for converting bytes::Bytes to / from Python.

The PyObject type alias for Py<PyAny> has also been deprecated; the Py and Bound smart pointers have been the primary interface for all Python-facing types since PyO3 0.21 and the PyObject type alias had been a frequent source of confusion.

There are also many other incremental improvements, bug fixes and smaller features.

Please consult the migration guide for help upgrading.

Thank you to everyone who contributed code, documentation, design ideas, bug reports, and feedback. The following contributors' commits are included in this release:

@​ahlinc @​alex @​anilbey @​bschoenmaeckers @​Cheukting @​codeguru42 @​davidhewitt @​decathorpe @​dependabot[bot] @​drewkett @​FlickerSoul @​Icxolu @​jder @​jessekrubin @​jjmarchewitz @​kemingy @​msimacek @​musicinmybrain @​ngoldbaum @​Nnamdi-sys @​nucccc @​olp-cs @​robsdedude @​rrricharrrd @​sxlijin @​timfel @​tonybaloney @​Tpt @​wxianxin @​xushiyan @​yogevm15

Changelog

Sourced from pyo3's changelog.

[0.26.0] - 2025-08-29

Packaging

• Bump hashbrown dependency to 0.15. #5152
• Update MSRV to 1.74. #5171
• Set the same maximum supported version for alternative interpreters as for CPython. #5192
• Add optional bytes dependency to add conversions for bytes::Bytes. #5252
• Publish new crate pyo3-introspection to pair with the experimental-inspect feature. #5300
• The PYO3_BUILD_EXTENSION_MODULE now causes the same effect as the extension-module feature. Eventually we expect maturin and setuptools-rust to set this environment variable automatically. Users with their own build systems will need to do the same. #5343

Added

• Add #[pyo3(warn(message = "...", category = ...))] attribute for automatic warnings generation for #[pyfunction] and #[pymethods]. #4364
• Add PyMutex, available on Python 3.13 and newer. #4523
• Add FFI definition PyMutex_IsLocked, available on Python 3.14 and newer. #4523
• Add PyString::from_encoded_object. #5017
• experimental-inspect: add basic input type annotations. #5089
• Add FFI function definitions for PyFrameObject from CPython 3.13. #5154
• experimental-inspect: tag modules created using #[pymodule] or #[pymodule_init] functions as incomplete. #5207
• experimental-inspect: add basic return type support. #5208
• Add PyCode::compile and PyCodeMethods::run to create and execute code objects. #5217
• Add PyOnceLock type for thread-safe single-initialization. #5223
• Add PyClassGuard(Mut) pyclass holders. In the future they will replace PyRef(Mut). #5233
• experimental-inspect: allow annotations in #[pyo3(signature)] signature attribute. #5241
• Implement MutexExt for parking_lot's/lock_api ReentrantMutex. #5258
• experimental-inspect: support class associated constants. #5272
• Add Bound::cast family of functions superseding the PyAnyMethods::downcast family. #5289
• Add FFI definitions Py_Version and Py_IsFinalizing. #5317
• experimental-inspect: add output type annotation for #[pyclass]. #5320
• experimental-inspect: support #[pyclass(eq, eq_int, ord, hash, str)]. #5338
• experimental-inspect: add basic support for #[derive(FromPyObject)] (no struct fields support yet). #5339
• Add Python::try_attach. #5342

Changed

• Use Py_TPFLAGS_DISALLOW_INSTANTIATION instead of a __new__ which always fails for a #[pyclass] without a #[new] on Python 3.10 and up. #4568
• PyModule::from_code now defaults file_name to <string> if empty. #4777
• Deprecate PyString::from_object in favour of PyString::from_encoded_object. #5017
• When building with abi3 for a Python version newer than pyo3 supports, automatically fall back to an abi3 build for the latest supported version. #5144
• Change is_instance_of trait bound from PyTypeInfo to PyTypeCheck. #5146
• Many PyO3 proc macros now report multiple errors instead of only the first one. #5159
• Change MutexExt return type to be an associated type. #5201
• Use PyCallArgs for Py::call and friends so they're equivalent to their Bound counterpart. #5206
• Rename Python::with_gil to Python::attach. #5209
• Rename Python::allow_threads to Python::detach #5221
• Deprecate GILOnceCell type in favour of PyOnceLock. #5223
• Rename pyo3::prepare_freethreaded_python to Python::initialize. #5247
• Convert PyMemoryError into/from io::ErrorKind::OutOfMemory. #5256
• Deprecate GILProtected. #5285

... (truncated)

Commits

• 4502c2e ci: fix release job token permissions (#5374)
• a43cf79 release: 0.26.0 (#5367)
• f4d533f Clarity and grammar fixes in free-threading guide (#5369)
• ed030a7 fixes #5202 -- treat the PYO3_BUILD_EXTENSION_MODULE env var the same as te...
• 1775baf Use links to latest CPython stable release in docs (#5366)
• acaa2be Update free-threading docs for 0.26 (#5355)
• 9cc0bb6 fix "no constructor defined" messages on PyPy (#5329)
• 9aa53f4 Generate introspection for #[pyclass(eq, eq_int, ord, hash, str)] (#5338)
• a0c7d2c fixup Py::cast_bound (#5361)
• 50b0193 fix warning leaking out of test in test_methods (#5362)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

❌ Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 96.90%. Comparing base (9663a04) to head (14efcc8).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
cpp-linter/src/clang_tools/mod.rs	50.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #176   +/-   ##
=======================================
  Coverage   96.90%   96.90%           
=======================================
  Files          14       14           
  Lines        3132     3132           
=======================================
  Hits         3035     3035           
  Misses         97       97           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codspeed-hq]

CodSpeed Performance Report

Merging #176 will not alter performance

_{Comparing dependabot/cargo/cargo-14700fc289 (14efcc8) with main (9663a04)¹}

Summary

✅ 1 untouched benchmarks

Footnotes

1. No successful run was found on main (f481ec2) during the generation of this report, so 9663a04 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩