chore(deps): bump the cargo group with 8 updates

[dependabot]

Bumps the cargo group with 8 updates:

Package	From	To
clap	4.6.0	4.6.1
console	0.15.11	0.16.3
toml	0.8.23	1.1.2+spec-1.1.0
toml_edit	0.22.27	0.25.11+spec-1.1.0
cargo_metadata	0.19.2	0.20.0
petgraph	0.7.1	0.8.3
rand	0.9.4	0.10.1
ureq	2.12.1	3.3.0

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates console from 0.15.11 to 0.16.3

Release notes

Sourced from console's releases.

0.16.3

What's Changed

• Use std::sync::OnceLock instead of once_cell by @​cuviper in console-rs/console#281
• Bump version to 0.16.3 by @​cuviper in console-rs/console#282

0.16.2

What's Changed

• Implement basic support for true colors by @​lord-haffi in console-rs/console#271
• docs: add note about clicolors by @​philbucher in console-rs/console#274
• chore: minor improvement for docs by @​spuradage in console-rs/console#276
• Exclude development scripts from published package by @​weiznich in console-rs/console#278

0.16.1

What's Changed

• Add WithoutAnsi struct that implements Display by @​ChocolateLoverRaj in console-rs/console#258
• Tweak style for new WithAnsi code by @​djc in console-rs/console#266
• Fix QNX 7.1 patch for libc::cfmakeraw by @​rafaeling in console-rs/console#267
• Upgrade windows-sys to 0.61 by @​djc in console-rs/console#272

0.16.0

What's Changed

The 0.15.12 release was yanked after it turned out to be semver-incompatible with existing usage by several of the most popular dependent crates, because it introduced a std feature -- and those crates used default-features = false but relied on the std-guarded features.

The 0.16.0 API should be semver-compatible with the 0.15.x API except for the need for the std feature.

• Prepare 0.16.0 by @​djc in console-rs/console#265

Refer to the 0.15.12 release notes for more information.

0.15.12

What's Changed

• Use EnumSet instead of a full-blown btreemap for the attributes by @​jwiesler in console-rs/console#244
• Tweak Attributes bit set API by @​djc in console-rs/console#245
• Implement measure_text_width with no allocation by @​remi-dupre in console-rs/console#246
• fix(utils): surprising behavior in truncate_str when tail is larger than width by @​remi-dupre in console-rs/console#250
• fix spelling mistake by @​Axlefublr in console-rs/console#253
• feat(part): add NO_COLOR env support for windows terminal by @​L-Chao in console-rs/console#254
• Update windows-sys requirement from 0.59 to 0.60 by @​dependabot in console-rs/console#259
• Add features to work with no_std, and with alloc in no_std by @​ChocolateLoverRaj in console-rs/console#256
• Fix CI badge and license URL by @​atouchet in console-rs/console#261
• Bump version to 0.15.12 by @​felstead in console-rs/console#262

Commits

• 70ea3d0 Bump version to 0.16.3
• 6bd8894 Remove make msrv-lock
• 499e5f6 Use std::sync::OnceLock instead of once_cell
• 0bf645d Bump version
• 0b789b9 Fix clippy warnings
• bb1cbdb Exclude development scripts from published package
• 12281c1 chore: minor improvement for docs
• e611fbc docs: add note about clicolors
• e9b9a44 Apply clippy suggestion
• 9cf0c5f ci: enable all workflows for pull requests
• Additional commits viewable in compare view

Updates toml from 0.8.23 to 1.1.2+spec-1.1.0

Commits

• a3d0047 chore: Release
• cc37615 docs: Update changelog
• 7f5e9e1 fix(parser): Consolidate invalid unquoted key into one error (#1138)
• 52feb90 fix(parser): Consolidate invalid unquoted key into one error
• aad85d4 chore(deps): Update j178/prek-action action to v2 (#1136)
• 8b1ac44 chore(deps): Update compatible (dev) (#1135)
• 9effd79 chore(deps): Update j178/prek-action action to v2
• 9db8aad chore: Release
• e55a663 docs: Update changelog
• c11d7d7 Optimisations (#1133)
• Additional commits viewable in compare view

Updates toml_edit from 0.22.27 to 0.25.11+spec-1.1.0

Commits

• 45456ab chore: Release
• b100851 docs: Update changelog
• 165302f fix(edit): Preserve outer spans for malformed containers (#1141)
• 1b0bd02 fix(edit): Preserve outer spans for malformed arrays
• 9eb4dab test(parse): Cover malformed array parse error
• 57ea4b4 fix(edit): Preserve outer spans for malformed inline tables
• 92e8001 test(parse): Cover malformed inline table parse error
• 36e558e docs: Fix spelling mistake
• a3d0047 chore: Release
• cc37615 docs: Update changelog
• Additional commits viewable in compare view

Updates cargo_metadata from 0.19.2 to 0.20.0

Commits

• fa60b98 Merge pull request #293 from oli-obk/push-orzyoroqpxpu
• 61345fb required features have a different format from normal feature names
• 19f4203 Bump MSRV
• 6861466 Fix build on with builder feature
• a21b7a1 Update examples
• 5895dd6 Merge pull request #261 from zetanumbers/docsrs-features
• e3373d0 refactor: NodeDep::name: PackageName
• 2f0142d Merge pull request #291 from gear-tech/fix-cross-compilation
• 95d4a36 update changelog
• 9cd40e6 append docs
• Additional commits viewable in compare view

Updates petgraph from 0.7.1 to 0.8.3

Release notes

Sourced from petgraph's releases.

petgraph-v0.8.3

Bug Fixes

• Infinite subgraph_isomorphisms_iter for empty isomorphisms (#780)
• Algos don't work on UndirectedAdaptor (#870) (#871)
• use a queue for SPFA (#893)
• StableGraph::reverse breaks free lists (#890)

Documentation

• Fix examples link in README and unify typesetting of one word (#823)
• Add link to multigraph definition to isomorphism algos (#824)
• Fix auxiliary space (and time) complexity of bron-kerbosch (#825)
• Fix Typo in Operator Module Documentation (#831)
• Sync the crate feature flags in the README and docs (#832)
• Remove all [Generic] tags from algo docstrings (#835)
• Fix typos in comments (#836)
• Revamp CONTRIBUTING.md (#833)
• Update GraphMap link in README (#857)
• Add doc comment for Dot::with_attr_getters (#850)
• Specify iteration order for neighbors and edges and their variants (#790)
• Collection of Doc fixes (#856)

New Features

• Add into_nodes_edges_iters to StableGraph (#841)
• Add methods to reserve & shrink StableGraph capacity (#846)
• Add Dinic's Maximum Flow Algorithm (#739)
• make Csr::from_sorted_edges generic over edge type and properly increase edge_count in Csr::from_sorted_edges (#861)
• Add map_owned and filter_map_owned for Graph and StableGraph (#863)
• Add dijkstra::with_dynamic_goal (#855)
• Fix self-loop bug in all_simple_paths and enable multiple targets (#865)
• mark petgraph::dot::Dot::graph_fmt as public (#866)
• Add bidirectional Dijkstra algorithm (#782)

Performance

• Make A* tie break on lower h-values (#882)

Refactor

• add examples for scc algorithms and reorganize into dedicated module (#830)
• Remove unnecessary trait bounds from impls/methods (#828)
• replace uses of 'crate::util::zip' with 'core::iter::zip' (#849)
• Fix clippy (and other) lints (#851)
• Cleanup repo (#854)
• replace crate::util::enumerate with Iterator::enumerate (#881)

Testing

... (truncated)

Changelog

Sourced from petgraph's changelog.

0.8.3 - 2025-09-30

Bug Fixes

• Infinite subgraph_isomorphisms_iter for empty isomorphisms (#780)
• Algos don't work on UndirectedAdaptor (#870) (#871)
• use a queue for SPFA (#893)
• StableGraph::reverse breaks free lists (#890)

Documentation

• Fix examples link in README and unify typesetting of one word (#823)
• Add link to multigraph definition to isomorphism algos (#824)
• Fix auxiliary space (and time) complexity of bron-kerbosch (#825)
• Fix Typo in Operator Module Documentation (#831)
• Sync the crate feature flags in the README and docs (#832)
• Remove all [Generic] tags from algo docstrings (#835)
• Fix typos in comments (#836)
• Revamp CONTRIBUTING.md (#833)
• Update GraphMap link in README (#857)
• Add doc comment for Dot::with_attr_getters (#850)
• Specify iteration order for neighbors and edges and their variants (#790)
• Collection of Doc fixes (#856)

New Features

• Add into_nodes_edges_iters to StableGraph (#841)
• Add methods to reserve & shrink StableGraph capacity (#846)
• Add Dinic's Maximum Flow Algorithm (#739)
• make Csr::from_sorted_edges generic over edge type and properly increase edge_count in Csr::from_sorted_edges (#861)
• Add map_owned and filter_map_owned for Graph and StableGraph (#863)
• Add dijkstra::with_dynamic_goal (#855)
• Fix self-loop bug in all_simple_paths and enable multiple targets (#865)
• mark petgraph::dot::Dot::graph_fmt as public (#866)
• Add bidirectional Dijkstra algorithm (#782)

Performance

• Make A* tie break on lower h-values (#882)

Refactor

• add examples for scc algorithms and reorganize into dedicated module (#830)
• Remove unnecessary trait bounds from impls/methods (#828)
• replace uses of 'crate::util::zip' with 'core::iter::zip' (#849)
• Fix clippy (and other) lints (#851)
• Cleanup repo (#854)
• replace crate::util::enumerate with Iterator::enumerate (#881)

Testing

... (truncated)

Commits

• 1629035 chore: release v0.8.3 (#826)
• ce23445 ci: Use new cargo resolver when running CI with MSRV (#887)
• ef5d17d docs: Collection of Doc fixes (#856)
• b682695 fix: StableGraph::reverse breaks free lists (#890)
• 29f4c92 fix: use a queue for SPFA (#893)
• b87dbc5 perf: Make A* tie break on lower h-values (#882)
• 49d2740 refactor: replace crate::util::enumerate with Iterator::enumerate (#881)
• 0a0efbe docs: Specify iteration order for neighbors and edges and their variants (#790)
• 5c7e0fb ci: Fix Hashbrown dependencies (#878)
• aa53dbe feat: Add bidirectional Dijkstra algorithm (#782)
• Additional commits viewable in compare view

Updates rand from 0.9.4 to 0.10.1

Changelog

Sourced from rand's changelog.

[0.10.1] — 2026-02-11

This release includes a fix for a soundness bug; see #1763.

Changes

• Document panic behavior of make_rng and add #[track_caller] (#1761)
• Deprecate feature log (#1763)

#1761: rust-random/rand#1761 #1763: rust-random/rand#1763

[0.10.0] - 2026-02-08

Changes

• The dependency on rand_chacha has been replaced with a dependency on chacha20. This changes the implementation behind StdRng, but the output remains the same. There may be some API breakage when using the ChaCha-types directly as these are now the ones in chacha20 instead of rand_chacha (#1642).
• Rename fns IndexedRandom::choose_multiple -> sample, choose_multiple_array -> sample_array, choose_multiple_weighted -> sample_weighted, struct SliceChooseIter -> IndexedSamples and fns IteratorRandom::choose_multiple -> sample, choose_multiple_fill -> sample_fill (#1632)
• Use Edition 2024 and MSRV 1.85 (#1653)
• Let Fill be implemented for element types, not sliceable types (#1652)
• Fix OsError::raw_os_error on UEFI targets by returning Option<usize> (#1665)
• Replace fn TryRngCore::read_adapter(..) -> RngReadAdapter with simpler struct RngReader (#1669)
• Remove fns SeedableRng::from_os_rng, try_from_os_rng (#1674)
• Remove Clone support for StdRng, ReseedingRng (#1677)
• Use postcard instead of bincode to test the serde feature (#1693)
• Avoid excessive allocation in IteratorRandom::sample when amount is much larger than iterator size (#1695)
• Rename os_rng -> sys_rng, OsRng -> SysRng, OsError -> SysError (#1697)
• Rename Rng -> RngExt as upstream rand_core has renamed RngCore -> Rng (#1717)

Additions

• Add fns IndexedRandom::choose_iter, choose_weighted_iter (#1632)
• Pub export Xoshiro128PlusPlus, Xoshiro256PlusPlus prngs (#1649)
• Pub export ChaCha8Rng, ChaCha12Rng, ChaCha20Rng behind chacha feature (#1659)
• Fn rand::make_rng() -> R where R: SeedableRng (#1734)

Removals

• Removed ReseedingRng (#1722)
• Removed unused feature "nightly" (#1732)
• Removed feature small_rng (#1732)

#1632: rust-random/rand#1632 #1642: rust-random/rand#1642 #1649: rust-random/rand#1649 #1652: rust-random/rand#1652 #1653: rust-random/rand#1653 #1659: rust-random/rand#1659 #1665: rust-random/rand#1665 #1669: rust-random/rand#1669 #1674: rust-random/rand#1674 #1677: rust-random/rand#1677 #1693: rust-random/rand#1693 #1695: rust-random/rand#1695 #1697: rust-random/rand#1697

... (truncated)

Commits

• 27ff4cb Prepare v0.10.1: deprecate feature log (#1763)
• 98d0638 make_rng: document panic and add #[track_caller] (#1761)
• 54e5eaa Fix doc error (#1758)
• 1ce4c08 Bump itoa from 1.0.17 to 1.0.18 in the all-deps group (#1756)
• ccb734b docs: fix typo in doc comment (#1754)
• 357eb7d Bump libc from 0.2.182 to 0.2.183 in the all-deps group (#1753)
• 5e77fe5 Fix trait references in documentation (#1752)
• da89185 Bump the all-deps group with 3 updates (#1751)
• 50516ff Bump the all-deps group with 2 updates (#1749)
• fd71de9 Bump the all-deps group with 2 updates (#1747)
• Additional commits viewable in compare view

Updates ureq from 2.12.1 to 3.3.0

Changelog

Sourced from ureq's changelog.

3.3.0

• Bump MSRV 1.71 -> 1.85, edition 2024 #1167

3.2.1

• Switch archived utf-8 crate for utf8-zero #1163

3.2.0

• Strip Content-Encoding/Content-Length headers after decompression #1156
• Timeout per resolved ip for try_connect #1152
• Fix body header bug on redirect #1140
• ureq-proto 0.5.3 to fix unsolicited 100-continue #1139
• Make socks5:// locally resolve before calling proxy #1138
• Add socks5h:// which DOESN'T locally resolve before calling proxy #1138

3.1.4

• Set content-type with new Multipart form #1133

3.1.3

• Fix short read with multi-byte charset #1131
• Replace rustls-pemfile usage with rustls-pki-types #1122
• Support for env NO_PROXY and proxy config #1118
• Experimental multi-part form support #1102

3.1.2

• Fix bug when query is after host "example.com?query" #1115

3.1.1

• Fix regression in MSRV (hold back native-tls) #1113
• Fix edge case regression when setting request header Content-Length: 0 #1109

3.1.0

DECISION: webpki-roots and webpki-root-certs goes from pre-release (0.26) to stable release (1.0.0). This is potentially a big change for ureq users. We release this as semver minor.

• Bump all deps to latest #1104
• Fixes to CONNECT to follow spec #1103
• Send Content-Length for File #1100
• native-tls transport capture and surface underlying errors #1093
• Bump webpki-roots/webpki-root-certs to 1.0.0 #1089
• Bump rustls-platform-verifier to 0.6.0 #1089
• Allow the license CDLA-Permissive-2.0 #1089

... (truncated)

Commits

• b2adbf0 3.3.0
• 7662219 Bump MSRV 1.71 -> 1.85, edition 2024
• eb51f2c 3.2.1
• ad49981 Bump deps to fix cargo-deny RUSTSEC
• 08785cb Switch out utf-8 crate with utf8-zero
• 9ef2153 Clarify that json feature is disabled by default
• eb2539d Fix misleading unsafe wording in crate docs
• b45d3d2 Fix cargo-deny advisory failures
• 852b804 3.2.0
• 378f768 Update deny.toml given current dependencies
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/​petgraph@​0.7.1 ⏵ 0.8.3			-3
	cargo/​ureq@​2.12.1 ⏵ 3.3.0	-15
	cargo/​toml@​1.1.2%2Bspec-1.1.0
	cargo/​toml_edit@​0.25.11%2Bspec-1.1.0
	cargo/​cargo_metadata@​0.19.2 ⏵ 0.20.0
	cargo/​clap@​4.6.0 ⏵ 4.6.1
	cargo/​console@​0.15.11 ⏵ 0.16.3
	cargo/​rand@​0.9.4 ⏵ 0.10.1

View full report

[github-actions]

⚠️ Changelog not found.

A changelog entry is required before merging. We've generated a suggested changelog based on your changes:

Preview

---
changelogs: patch
---

Updated multiple dependencies to their latest major versions (ureq 3, rand 0.10, cargo_metadata 0.20, petgraph 0.8, toml 1.1, toml_edit 0.25, console 0.16) and adapted source code to their new APIs. Also added a CI skip condition for Dependabot PRs and allowed the Zlib license in deny.toml.

Add changelog to commit this to your branch.