Bump the cargo group with 4 updates

[dependabot]

Bumps the cargo group with 4 updates: git2, reqwest, tokio and tempfile.

Updates git2 from 0.20.0 to 0.20.1

Changelog

Sourced from git2's changelog.

0.20.1 - 2025-03-17

0.20.0...0.20.1

Added

• Added Repository::branch_upstream_merge() #1131
• Added Index::conflict_get() #1134
• Added Index::conflict_remove() #1133
• Added opts::set_cache_object_limit() #1118
• Added Repo::merge_file_from_index() and associated MergeFileOptions and MergeFileResult. #1062

Changed

• The url dependency minimum raised to 2.5.4 #1128
• Changed the tracing callback to abort the process if the callback panics instead of randomly detecting the panic in some other function. #1121
• Credential helper config (loaded with CredentialHelper::config) now checks for helpers that start with something that looks like an absolute path, rather than checking for a / or \ anywhere in the helper string (which resolves an issue if the helper had arguments with / or \). #1137

Fixed

• Fixed panic in Remote::url_bytes if the url is empty. #1120
• Fixed incorrect lifetimes on Patch::delta, Patch::hunk, and Patch::line_in_hunk. The return values must not outlive the Patch. #1141
• Bumped requirement to libgit2-sys 0.18.1, which fixes linking of advapi32 on Windows. #1143

Commits

• 62d353e Merge pull request #1144 from ehuss/bump-version
• 8980c61 Bump versions of git2 and libgit2-sys
• 1e1687e Merge pull request #1137 from aibaars/fix-credential-helper
• 258d3b6 Merge pull request #1062 from MikeJerred/master
• d1b40aa Drop lifetime for MergeFileResult
• 197106b Drop Copy/Clone from git_merge_file_result
• 8381b72 Make MergeFileOptions::raw pub(crate)
• 3cc3e25 fix: type mismatch error
• e1e933b fix: mark to_raw as unsafe
• b76c8be fix: use correct typings for git_merge_file_flag_t
• Additional commits viewable in compare view

Updates reqwest from 0.12.12 to 0.12.14

Release notes

Sourced from reqwest's releases.

v0.12.14

What's Changed

• re-add fetch_mode_no_cors shim when not in wasm, but deprecated by @​seanmonstar in seanmonstar/reqwest#2598

Full Changelog: seanmonstar/reqwest@v0.12.13...v0.12.14

v0.12.13

What's Changed

• Add Form::into_reader() for blocking multipart forms.
• Add Form::into_stream() for async multipart forms.
• Add support for SOCKS4a proxies.
• Fix decoding responses with multiple zstd frames.
• Fix RequestBuilder::form() from overwriting a previously set Content-Type header, like the other builder methods.
• Fix cloning of request timeout in blocking::Request.
• Fix http3 synchronization of connection creation, reducing unneccesary extra connections.
• Fix Windows system proxy to use ProxyOverride as a NO_PROXY value.
• Fix blocking read to correctly reserve and zero read buffer.
• (wasm) Add support for request timeouts.
• (wasm) Fix Error::is_timeout() to return true when from a request timeout.

New Contributors

• @​obi1kenobi made their first contribution in seanmonstar/reqwest#2524
• @​decathorpe made their first contribution in seanmonstar/reqwest#2529
• @​flisky made their first contribution in seanmonstar/reqwest#1760
• @​0x676e67 made their first contribution in seanmonstar/reqwest#2527
• @​maximevtush made their first contribution in seanmonstar/reqwest#2534
• @​Property404 made their first contribution in seanmonstar/reqwest#2554
• @​G1gg1L3s made their first contribution in seanmonstar/reqwest#2544
• @​coastalwhite made their first contribution in seanmonstar/reqwest#2562
• @​Fizcko made their first contribution in seanmonstar/reqwest#2559
• @​markussilvan made their first contribution in seanmonstar/reqwest#2573
• @​aunovis-heidrich made their first contribution in seanmonstar/reqwest#2593

Thanks!

• @​seanmonstar
• @​paolobarbolini
• @​Nuhvi
• @​Andrey36652

Full Changelog: seanmonstar/reqwest@v0.12.12...v0.12.13

Changelog

Sourced from reqwest's changelog.

v0.12.14

• Fix missing fetch_mode_no_cors(), marking as deprecated when not on WASM.

v0.12.13

• Add Form::into_reader() for blocking multipart forms.
• Add Form::into_stream() for async multipart forms.
• Add support for SOCKS4a proxies.
• Fix decoding responses with multiple zstd frames.
• Fix RequestBuilder::form() from overwriting a previously set Content-Type header, like the other builder methods.
• Fix cloning of request timeout in blocking::Request.
• Fix http3 synchronization of connection creation, reducing unneccesary extra connections.
• Fix Windows system proxy to use ProxyOverride as a NO_PROXY value.
• Fix blocking read to correctly reserve and zero read buffer.
• (wasm) Add support for request timeouts.
• (wasm) Fix Error::is_timeout() to return true when from a request timeout.

Commits

• cf50f11 v0.12.14
• f63c631 re-add fetch_mode_no_cors shim when not in wasm, but deprecated (#2598)
• e44e371 v0.12.13
• e83e138 Added osv-scanner.toml file to ignore npm packages in wasm examples during vu...
• 7e85d2f ci: pin once-cell in msrv job (#2594)
• c4a9fb0 test HTTP connection reuse with new zstd fix (#2587)
• 6f9d0ee fix: support HTTP responses containing multiple ZSTD frames (#2583)
• 44ac897 perf(decoder): compile-time validation of decoder header value (#2580)
• 0bcba46 chore: remove empty wasm shell function (#2573)
• 00b15b9 fix using Windows ProxyOverride registry value as a NO_PROXY (#2559)
• Additional commits viewable in compare view

Updates tokio from 1.44.0 to 1.44.1

Release notes

Sourced from tokio's releases.

Tokio v1.44.1

1.44.1 (March 13th, 2025)

Fixed

• rt: skip defer queue in block_in_place context (#7216)

#7216: tokio-rs/tokio#7216

Commits

• d413c9c chore: prepare Tokio v1.44.1 (#7217)
• addbfb9 rt: skip defer queue in block_in_place context (#7216)
• See full diff in compare view

Updates tempfile from 3.18.0 to 3.19.0

Changelog

Sourced from tempfile's changelog.

3.19.0

• Remove direct dependency on cfg-if. It's still in the tree, but we didn't really need to use it in this crate.
• Add an unstable feature (unstable-windows-keep-open-tempfile) to test a potential fix to #339.

Commits

• 42fff68 chore: release v3.19.0
• 61b4283 feat(windows): add a feature to immediate tempfile deletion (#340)
• c2d16b3 ci: downgrade once-cell on old rustc versions (#342)
• 35c204d chore: remove cfg-if dependency (#338)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.58%. Comparing base (ae35567) to head (875bf0d).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #121   +/-   ##
=======================================
  Coverage   97.58%   97.58%           
=======================================
  Files          14       14           
  Lines        3430     3430           
=======================================
  Hits         3347     3347           
  Misses         83       83           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codspeed-hq]

CodSpeed Performance Report

Merging #121 will not alter performance

_{Comparing dependabot/cargo/cargo-bcfa1acb8f (875bf0d) with main (ae35567)}

Summary

✅ 1 untouched benchmarks

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.