Skip to content

chore(deps): cargo update — refresh lockfile, supersede Dependabot #3 and #4#16

Merged
nedseb merged 1 commit into
mainfrom
chore/cargo-update
Apr 28, 2026
Merged

chore(deps): cargo update — refresh lockfile, supersede Dependabot #3 and #4#16
nedseb merged 1 commit into
mainfrom
chore/cargo-update

Conversation

@nedseb
Copy link
Copy Markdown
Contributor

@nedseb nedseb commented Apr 28, 2026

Summary

Mechanical cargo update covering all semver-compatible bumps that have accumulated. Touches Cargo.lock only — no Cargo.toml changes.

Notable bumps

Crate From → To Why
bytes (transitive via iced_core) 1.7.2 → 1.11.1 Includes integer-overflow fix in BytesMut::reserve (security-relevant). Supersedes #3.
rand (transitive via zbus → dark-light → iced_core) 0.8.5 → 0.8.6 Backport patch from the 0.10 line. Supersedes #4.
async-io (direct) 2.3.4 → 2.6.0 Used by our Timer for non-blocking sleeps and the OpenOCD polling loop.
serde / serde_json (direct) 1.0.210 → 1.0.228 / 1.0.128 → 1.0.149 Routine.
serialport (direct) 4.7.1 → 4.9.0 Routine.
rfd (direct) 0.15.0 → 0.15.4 Routine.

About 180 transitive crates updated overall.

Held back for follow-up PRs

Major-version bumps that need code changes — out of scope for a lockfile refresh:

  • iced 0.13.1 → 0.14.0
  • iced_aw 0.11.0 → 0.14.1
  • iced_fonts 0.1.1 → 0.3.0
  • directories 5.0.1 → 6.0.0
  • sysinfo 0.31.4 → 0.38.4

Test plan

  • cargo build --release --locked green locally on Linux.
  • cargo test --release --locked green (4 tests pass).
  • CI matrix (ubuntu-22.04 + ubuntu-24.04) green on this PR.

Cleanup after merge

Close Dependabot PRs #3 and #4 with a "superseded by #16" comment.

@nedseb
chore(deps): cargo update — refresh Cargo.lock to latest semver-compa…
659f203 
…tible

Mechanical refresh covering 180+ transitive bumps. Notable highlights:

- bytes 1.7.2 -> 1.11.1 (transitive via iced_core): includes a fix
  for an integer overflow in `BytesMut::reserve` that originated from
  a security advisory — this also supersedes the 30-day-old Dependabot
  PR #3.
- rand 0.8.5 -> 0.8.6 (transitive): backport patch from 0.10 line.
  Supersedes Dependabot PR #4.
- async-io 2.3.4 -> 2.6.0 (direct dep used by our timer + io flush).
- serde 1.0.210 -> 1.0.228, serde_json 1.0.128 -> 1.0.149.
- serialport 4.7.1 -> 4.9.0.
- rfd 0.15.0 -> 0.15.4.

Major-version bumps held back for a follow-up: iced 0.14, iced_aw
0.14, iced_fonts 0.3, directories 6, sysinfo 0.38 — each requires
code changes.

`cargo build --release --locked` and `cargo test --release --locked`
both green locally.
Copilot AI review requested due to automatic review settings April 28, 2026 11:32
Copilot AI reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@nedseb nedseb merged commit 3ff4c78 into main Apr 28, 2026
3 checks passed
@nedseb nedseb deleted the chore/cargo-update branch April 28, 2026 12:01
This was referenced Apr 28, 2026
Closed
Closed
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nedseb