fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
age	dependencies	minor	0.10.0 -> 0.11.0
clap	dependencies	patch	4.5.20 -> 4.5.26
dirs	dependencies	major	^5.0.1 -> ^6.0.0
promkit	dependencies	minor	0.5.0 -> 0.6.0
serde (source)	dependencies	patch	1.0.213 -> 1.0.217
serde_derive (source)	dependencies	patch	1.0.213 -> 1.0.217
serde_json	dependencies	patch	1.0.132 -> 1.0.135

---

Release Notes

str4d/rage (age)

v0.11.1: rage v0.11.1

Compare Source

Security

Fixed a security vulnerability that could allow an attacker to execute an arbitrary binary under certain conditions. See GHSA-4fg7-vxc8-qx5w. Plugin names are now required to only contain alphanumeric characters or the four special characters +-._. Thanks to ⬡-49016 for reporting this issue.

v0.11.0: rage v0.11.0

Compare Source

rage

Added

• Partial French translation!

Fixed

• [Unix] Files can now be encrypted with rage --passphrase when piped over stdin, without requiring an explicit - argument as INPUT.

age

Added

• New streamlined APIs for use with a single recipient or identity and a small amount of data (that can fit entirely in memory):
  • age::encrypt
  • age::encrypt_and_armor
  • age::decrypt
• age::Decryptor::{decrypt, decrypt_async, is_scrypt}
• age::IdentityFile::to_recipients
• age::IdentityFile::with_callbacks
• age::IdentityFile::write_recipients_file
• age::IdentityFileConvertError
• age::NoCallbacks
• age::scrypt, providing recipient and identity types for passphrase-based encryption.
• Partial French translation!

Changed

• Migrated to i18n-embed 0.15, secrecy 0.10.
• age::Encryptor::with_recipients now takes recipients by reference instead of by value. This aligns it with age::Decryptor (which takes identities by reference), and also means that errors with recipients are reported earlier. This causes the following changes to the API:
  • Encryptor::with_recipients takes impl Iterator<Item = &'a dyn Recipient> instead of Vec<Box<dyn Recipient + Send>>.
  • Verification of recipients and generation of stanzas now happens in Encryptor::with_recipients instead of Encryptor::wrap_output and Encryptor::wrap_async_output.
  • Encryptor::with_recipients returns Result<Self, EncryptError> instead of Option<Self>, and Encryptor::{wrap_output, wrap_async_output} return io::Result<StreamWriter<W>> instead of Result<StreamWriter<W>, EncryptError>.
  • age::EncryptError has a new variant MissingRecipients, taking the place of the None that Encryptor::with_recipients could previously return.
• age::Decryptor is now an opaque struct instead of an enum with Recipients and Passphrase variants.
• age::IdentityFile now has a C: Callbacks generic parameter, which defaults to NoCallbacks.
• age::IdentityFile::into_identities now returns Result<Vec<Box<dyn crate::Identity>>, DecryptError> instead of Vec<IdentityFileEntry>.
• age::Recipient::wrap_file_key now returns (Vec<Stanza>, HashSet<String>): a tuple of the stanzas to be placed in an age file header, and labels that constrain how the stanzas may be combined with those from other recipients.
• age::plugin::RecipientPluginV1 now supports the labels extension.

Fixed

• age::cli_common::read_identities once again correctly parses identity files that are a single line without a trailing newline. This broke in 0.10.0 due to an unrelated refactor.

Removed

• age::decryptor::PassphraseDecryptor (use age::Decryptor with age::scrypt::Identity instead).
• age::decryptor::RecipientsDecryptor (use age::Decryptor instead).
• age::IdentityFileEntry

age-plugin 0.6.0

Added

• age_plugin::PluginHandler
• impl age_plugin::identity::IdentityPluginV1 for std::convert::Infallible
• impl age_plugin::recipient::RecipientPluginV1 for std::convert::Infallible

Changed

• Migrated to age-core 0.11.
• age_plugin::recipient::RecipientPluginV1 has a new labels method. Existing implementations of the trait should either return HashSet::new() to maintain existing compatibility, or return labels that apply the desired constraints.
• age_plugin::run_state_machine now supports the recipient-v1 labels extension.

Fixed

• age_plugin::run_state_machine now takes an impl age_plugin::PluginHandler argument, instead of its previous arguments.
  • This fixes the change from the previous release, because the type parameters were basically impossible to set correctly when attempting to pass None.

age-core

Added

• age_core::format:
  • FileKey::new
  • FileKey::init_with_mut
  • FileKey::try_init_with_mut
  • is_arbitrary_string

Changed

• Migrated to secrecy 0.10.
• age::plugin::Connection::unidir_receive now takes an additional argument to enable handling an optional fourth command.

New Contributors

• @​AnomalRoil made their first contribution in https://github.com/str4d/rage/pull/499
• @​pavelzw made their first contribution in https://github.com/str4d/rage/pull/492
• @​BoostCookie made their first contribution in https://github.com/str4d/rage/pull/513

Full Changelog: str4d/rage@v0.10.0...v0.11.0

clap-rs/clap (clap)

v4.5.26

Compare Source

Fixes

• (error) Reduce binary size with the suggestions feature

v4.5.25

Compare Source

Fixes

• (help) Reduce binary size

v4.5.24

Compare Source

Fixes

• (parser) Correctly handle defaults with ignore_errors(true) and when a suggestion is provided for an unknown argument

v4.5.23

Compare Source

Fixes

• (parser) When check allow_negative_numbers, allow E again

v4.5.22

Compare Source

Fixes

• (assert) Catch bugs with arguments requiring themself

v4.5.21

Compare Source

Fixes

• (parser) Ensure defaults are filled in on error with ignore_errors(true)

ynqa/promkit (promkit)

v0.6.2

Compare Source

What's Changed

• v0.6.2 by @​ynqa in https://github.com/ynqa/promkit/pull/47

Full Changelog: ynqa/promkit@v0.6.1...v0.6.2

v0.6.1

Compare Source

What's Changed

• v0.6.1 by @​ynqa in https://github.com/ynqa/promkit/pull/46

Full Changelog: ynqa/promkit@v0.6.0...v0.6.1

v0.6.0

Compare Source

What's Changed

• Move promkit-async to ynqa/promkit-async repo by @​ynqa in https://github.com/ynqa/promkit/pull/39
• v0.6.0: Row for large JSON by @​ynqa in https://github.com/ynqa/promkit/pull/42
• v0.6.0 by @​ynqa in https://github.com/ynqa/promkit/pull/41

Full Changelog: ynqa/promkit@v0.5.1...v0.6.0

v0.5.1

Compare Source

What's Changed

• v0.5.1 by @​ynqa in https://github.com/ynqa/promkit/pull/38

Full Changelog: ynqa/promkit@v0.5.0...v0.5.1

serde-rs/serde (serde)

v1.0.217

Compare Source

• Support serializing externally tagged unit variant inside flattened field (#​2786, thanks @​Mingun)

v1.0.216

Compare Source

• Mark all generated impls with #[automatically_derived] to exclude from code coverage (#​2866, #​2868, thanks @​tdittr)

v1.0.215

Compare Source

• Produce warning when multiple fields or variants have the same deserialization name (#​2855, #​2856, #​2857)

v1.0.214

Compare Source

• Implement IntoDeserializer for all Deserializers in serde::de::value module (#​2568, thanks @​Mingun)

serde-rs/json (serde_json)

v1.0.135

Compare Source

• Add serde_json::Map::into_values method (#​1226, thanks @​tisonkun)

v1.0.134

Compare Source

• Add RawValue associated constants for literal null, true, false (#​1221, thanks @​bheylin)

v1.0.133

Compare Source

• Implement From<[T; N]> for serde_json::Value (#​1215)

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.