Sourced from quick-xml's releases.

Fix an infinite loop in some circumstates

What's Changed

Bug Fixes

• #530: Fix an infinite loop leading to unbounded memory consumption that occurs when skipping events on malformed XML with the overlapped-lists feature active.
• #530: Fix an error in the Deserializer::read_to_end when overlapped-lists feature is active and malformed XML is parsed

#530: tafia/quick-xml#530

Full Changelog: https://github.com/tafia/quick-xml/compare/v0.27.0...v0.27.1

Improvements in serde deserializer and MSRV bumped to 1.52

What's Changed

MSRV was increased from 1.46 to 1.52 in #521.

New Features

• #521: Implement Clone for all error types. This required changing Error::Io to contain Arc<std::io::Error> instead of std::io::Error since std::io::Error does not implement Clone.

Bug Fixes

• #490: Ensure that serialization of map keys always produces valid XML names. In particular, that means that maps with numeric and numeric-like keys (for example, "42") no longer can be serialized because [XML name] cannot start from a digit
• #500: Fix deserialization of top-level sequences of enums, like

  <?xml version="1.0" encoding="UTF-8"?>
  <!-- list of enum Enum { A, B, С } -->
  <A/>
  <B/>
  <C/>
  

• #514: Fix wrong reporting Error::EndEventMismatch after disabling and enabling .check_end_names
• #517: Fix swapped codes for \r and \n characters when escaping them
• #523: Fix incorrect skipping text and CDATA content before any map-like structures in serde deserializer, like

  unwanted text<struct>...</struct>
  

• #523: Fix incorrect handling of xs:lists with encoded spaces: they still act as delimiters, which is confirmed also by mature XmlBeans Java library
• #473: Fix a hidden requirement to enable serde's derive feature to get

... (truncated)

Sourced from quick-xml's changelog.

0.27.1 -- 2022-12-28

Bug Fixes

• #530: Fix an infinite loop leading to unbounded memory consumption that occurs when skipping events on malformed XML with the overlapped-lists feature active.
• #530: Fix an error in the Deserializer::read_to_end when overlapped-lists feature is active and malformed XML is parsed

#530: tafia/quick-xml#530

0.27.0 -- 2022-12-25

New Features

• #521: Implement Clone for all error types. This required changing Error::Io to contain Arc<std::io::Error> instead of std::io::Error since std::io::Error does not implement Clone.

Bug Fixes

• #490: Ensure that serialization of map keys always produces valid XML names. In particular, that means that maps with numeric and numeric-like keys (for example, "42") no longer can be serialized because [XML name] cannot start from a digit
• #500: Fix deserialization of top-level sequences of enums, like

  <?xml version="1.0" encoding="UTF-8"?>
  <!-- list of enum Enum { A, B, С } -->
  <A/>
  <B/>
  <C/>
  

• #514: Fix wrong reporting Error::EndEventMismatch after disabling and enabling .check_end_names
• #517: Fix swapped codes for \r and \n characters when escaping them
• #523: Fix incorrect skipping text and CDATA content before any map-like structures in serde deserializer, like

  unwanted text<struct>...</struct>
  

• #523: Fix incorrect handling of xs:lists with encoded spaces: they still act as delimiters, which is confirmed also by mature XmlBeans Java library
• #473: Fix a hidden requirement to enable serde's derive feature to get quick-xml's serialize feature for edition = 2021 or resolver = 2 crates

Misc Changes

• #490: Removed $unflatten= special prefix for fields for serde (de)serializer, because:
  • it is useless for deserializer

... (truncated)

• 89fa620 Release 0.27.1 - fix for #530
• b99adec Remove excess test. That test is duplicated by read_to_end::complex
• 88455b4 Fix an error in the Deserializer::read_to_end when feature "overlapped-list...
• 75ae6c7 Add test for reading invalid XML to the end
• 85eeb2e Fix infinity loop in skip when parsing malformed XML
• f63910d Release 0.27.0
• d1908e6 Merge pull request #528 from Mingun/doc
• 66275cc Add an example for deserializing wrapped lists
• c521a2f Add documentation for mapping from XML to Rust used by deserializer
• 44a4c69 Merge pull request #524 from Mingun/serde
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from futures's releases.

0.3.27

• Add TryFlattenUnordered (#2577, #2590, #2606, #2607)
• Add AbortHandle::is_aborted (#2710)
• Add AbortRegistration::handle (#2712)
• Make BiLock strict-provenance compatible (#2716)

Sourced from futures's changelog.

0.3.27 - 2023-03-11

• Add TryFlattenUnordered (#2577, #2590, #2606, #2607)
• Add AbortHandle::is_aborted (#2710)
• Add AbortRegistration::handle (#2712)
• Make BiLock strict-provenance compatible (#2716)

• cfc501c Release 0.3.27
• 335b431 Automatically cancel outdated CI runs on PR
• 4b9dddf Remove dead code
• d1acf08 tests: restore disabled tests and benches for BiLock (#2715)
• 0ffaaa0 Make BiLock strict-provenance compatible (#2716)
• 4266221 Add AbortRegistration::handle (#2712)
• 9c44e14 add AbortHandle::is_aborted() (#2710)
• 5b64af3 Ensure unreachable branch is eliminated (#2708)
• bc85d23 Simplify Fuse::poll to use a match expression instead of return (#2694)
• b0d2c56 Poll Select futures without moving them (#2704)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from serde's releases.

v1.0.155

• Support Serialize and Deserialize impls for core::ffi::CStr and alloc::ffi::CString without "std" feature (#2374, thanks @​safarir)

v1.0.154

• Fix "undeclared lifetime" error in generated code when deriving Deserialize for an enum with both flatten and 'static fields (#2383, thanks @​Mingun)

v1.0.153

• Support serde(alias = "…") attribute used inside of flattened struct (#2387, thanks @​bebecue)

• 2ba4067 Release 1.0.155
• 7e9826e Add link to core CStr stabilization announcement
• f4dcc5c Merge pull request #2374 from safarir/master
• 8b1887c Remove unneeded attr_name argument when parsing borrow attr
• bbfb1d3 Merge pull request #2399 from dtolnay/borrow
• e106feb Eagerly parse variant-level borrow attribute instead of deferring entire Meta
• 696f6f5 Merge pull request #2398 from dtolnay/borrow
• b7b636a Treat field-level borrow attr as duplicate of variant-level borrow attr
• 183b917 Fix some comments in parsing of from/try_from/into attributes
• 0e70f59 Merge pull request #2396 from dtolnay/msg
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from clap's releases.

v4.1.11

[4.1.11] - 2023-03-17

Internal

• Update bitflags

v4.1.10

[4.1.10] - 2023-03-17

Fixes

• (help) On Windows, avoid underlined text artifacts

Sourced from clap's changelog.

[4.1.11] - 2023-03-17

Internal

• Update bitflags

[4.1.10] - 2023-03-17

Fixes

• (help) On Windows, avoid underlined text artifacts

[4.1.9] - 2023-03-16

Fixes

• (assert) Improve the assert when using the wrong action with get_count / get_flag

• b69cf08 chore: Release
• 4f2f702 docs: Update changelog
• 4c05dfb Merge pull request #4771 from nicholasbishop/bishop-update-bitflags
• 6878a19 chore: Update bitflags dep to 2.0
• 9aee6d3 chore: Release
• 9777625 docs: Update changelog
• cdff815 Merge pull request #4767 from epage/win-ansi
• fcd6a65 fix(help): Don't style newlines
• e78bba0 chore: Release
• 84ea5b8 docs: Update changelog
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from quick-xml's releases.

Relax requirements in ElementWriter.write_inner_content

What's Changed

Misc Changes

• #579: ElementWriter.write_inner_content now uses a FnOnce instead of a more restrictive Fn closure

#579: tafia/quick-xml#579

New Contributors

• @​Tpt made their first contribution in tafia/quick-xml#579

Full Changelog: https://github.com/tafia/quick-xml/compare/v0.28.0...v0.28.1

Improvements in serde and async

What's Changed

New Features

• #541: (De)serialize specially named $text enum variant in [externally tagged] enums to / from textual content
• #556: to_writer and to_string now accept ?Sized types
• #556: Add new to_writer_with_root and to_string_with_root helper functions
• #520: Add methods BytesText::inplace_trim_start and BytesText::inplace_trim_end to trim leading and trailing spaces from text events
• #565: Allow deserialize special field names $value and $text into borrowed fields when use serde deserializer
• #568: Rename Writter::inner into Writter::get_mut
• #568: Add method Writter::get_ref
• #569: Rewrite the Reader::read_event_into_async as an async fn, making the future Send if possible.
• #571: Borrow element names (<element>) when deserialize with serde. This change allow to deserialize into HashMap<&str, T>, for example
• #573: Add basic support for async byte writers via tokio's AsyncWrite.

Bug Fixes

• #537: Restore ability to deserialize attributes that represents XML namespace mappings (xmlns:xxx) that was broken since #490
• #510: Fix an error of deserialization of Option<T> fields where T is some sequence type (for example, Vec or tuple)
• #540: Fix a compilation error (probably a rustc bug) in some circumstances. Serializer::new and Serializer::with_root now accepts only references to Writer.
• #520: Merge consequent (delimited only by comments and processing instructions) texts and CDATA when deserialize using serde deserializer. DeEvent::Text and DeEvent::CData events was replaced by DeEvent::Text with merged content. The same behavior for the Reader does not implemented (yet?) and should be implemented manually
• #562: Correctly set minimum required version of memchr dependency to 2.1
• #565: Correctly set minimum required version of tokio dependency to 1.10
• #565: Fix compilation error when build with serde <1.0.139

... (truncated)

Sourced from quick-xml's changelog.

0.28.1 -- 2023-03-19

Misc Changes

• #579: ElementWriter.write_inner_content now uses a FnOnce instead of a more restrictive Fn closure

#579: tafia/quick-xml#579

0.28.0 -- 2023-03-13

New Features

• #541: (De)serialize specially named $text enum variant in externally tagged enums to / from textual content
• #556: to_writer and to_string now accept ?Sized types
• #556: Add new to_writer_with_root and to_string_with_root helper functions
• #520: Add methods BytesText::inplace_trim_start and BytesText::inplace_trim_end to trim leading and trailing spaces from text events
• #565: Allow deserialize special field names $value and $text into borrowed fields when use serde deserializer
• #568: Rename Writter::inner into Writter::get_mut
• #568: Add method Writter::get_ref
• #569: Rewrite the Reader::read_event_into_async as an async fn, making the future Send if possible.
• #571: Borrow element names (<element>) when deserialize with serde. This change allow to deserialize into HashMap<&str, T>, for example
• #573: Add basic support for async byte writers via tokio's AsyncWrite.

Bug Fixes

• #537: Restore ability to deserialize attributes that represents XML namespace mappings (xmlns:xxx) that was broken since #490
• #510: Fix an error of deserialization of Option<T> fields where T is some sequence type (for example, Vec or tuple)
• #540: Fix a compilation error (probably a rustc bug) in some circumstances. Serializer::new and Serializer::with_root now accepts only references to Writer.
• #520: Merge consequent (delimited only by comments and processing instructions) texts and CDATA when deserialize using serde deserializer. DeEvent::Text and DeEvent::CData events was replaced by DeEvent::Text with merged content. The same behavior for the Reader does not implemented (yet?) and should be implemented manually
• #562: Correctly set minimum required version of memchr dependency to 2.1
• #565: Correctly set minimum required version of tokio dependency to 1.10
• #565: Fix compilation error when build with serde <1.0.139

#490: tafia/quick-xml#490 #510: tafia/quick-xml#510 #520: tafia/quick-xml#520

... (truncated)

• 2e9123a Release v0.28.1
• 5614b9d Follow-up of #579 -- add a reference to changelog
• dd4c89e Makes ElementWriter.write_inner_content take FnOnce instead of Fn
• 642de0a Release 0.28.0
• fe9b040 Get rid warning when compile without "serialize" feature
• 42e2350 Fix incorrect name of event in error variant documentation
• 1ec074d Add path argument to an example otherwise cargo package complains
• 1a967a6 Update introduction text with information about features and a quick link to ...
• 180f828 Give more descriptive names to some variables
• b1a23a1 Add some documentation to internal macros and functions that implements parser
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from anyhow's releases.

1.0.70

• Update syn dependency to 2.x

• e4db1f9 Release 1.0.70
• 10f5994 Merge pull request #302 from dtolnay/syn
• 4a6b90c Update to syn 2
• 553ed38 Update clippy.toml msrv to match rust-version in Cargo.toml
• d30b027 Ignore let_underscore_untyped pedantic clippy lint
• 2c2803f Merge pull request #298 from dtolnay/constblock
• b249287 Support const block syntax in ensure! macro
• 80d4c8d Retitle the randomize-layout CI step
• 4804a78 Support a manual trigger on CI workflow
• 347b473 Test with randomized type layout on nightly
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from serde's releases.

v1.0.157

• Update syn dependency to 2.x

v1.0.156

• Documentation improvements

• 479a00a Release 1.0.157
• c42e7c8 Reflect serde_derive required compiler in build script and rust-version metadata
• 5b8e065 Ignore single_match_else pedantic clippy lint in serde_derive_internals
• 9fc0d13 Merge pull request #2406 from dtolnay/nestedmeta
• bc22641 Rewrite attribute parser using parse_nested_meta
• 0509810 Update compiler version for serde_derive in readme
• 5b23634 Merge pull request #2405 from dtolnay/syn
• 32f0d00 Update to syn 2
• 9d87851 Merge pull request #2404 from dtolnay/attributeexpr
• c0296ee Add ui test of malformed attribute containing expression
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from base64's changelog.

0.21.0

Migration

Functions

< 0.20 function	0.21 equivalent
encode()	engine::general_purpose::STANDARD.encode() or prelude::BASE64_STANDARD.encode()
encode_config()	engine.encode()
encode_config_buf()	engine.encode_string()
encode_config_slice()	engine.encode_slice()
decode()	engine::general_purpose::STANDARD.decode() or prelude::BASE64_STANDARD.decode()
decode_config()	engine.decode()
decode_config_buf()	engine.decode_vec()
decode_config_slice()	engine.decode_slice()

The short-lived 0.20 functions were the 0.13 functions with config replaced with engine.

Padding

If applicable, use the preset engines engine::STANDARD, engine::STANDARD_NO_PAD, engine::URL_SAFE, or engine::URL_SAFE_NO_PAD. The NO_PAD ones require that padding is absent when decoding, and the others require that canonical padding is present .

If you need the < 0.20 behavior that did not care about padding, or want to recreate < 0.20.0's predefined Configs precisely, see the following table.

0.13.1 Config	0.20.0+ alphabet	encode_padding	decode_padding_mode
STANDARD	STANDARD	true	Indifferent
STANDARD_NO_PAD	STANDARD	false	Indifferent
URL_SAFE	URL_SAFE	true	Indifferent
URL_SAFE_NO_PAD	URL_SAFE	false	Indifferent

0.21.0-rc.1

• Restore the ability to decode into a slice of precisely the correct length with Engine.decode_slice_unchecked.
• Add Engine as a pub use in prelude.

0.21.0-beta.2

Breaking changes

• Re-exports of preconfigured engines in engine are removed in favor of base64::prelude::... that are better suited to those who wish to use the entire path to a name.

0.21.0-beta.1

Breaking changes

... (truncated)

• d7fb31c v0.21.0
• 8350376 Merge pull request #207 from marshallpierce/mp/api-rework
• 726f784 v0.21.0-rc.1
• b29ab01 Add Engine in prelude
• 64bbcc0 Remove no longer needed test helpers
• 0f981bd Add decode_slice_unchecked to restore ability to decode into a precisely size...
• a51e822 v0.21.0-beta.2
• 936569a Move re-exports from engine to prelude
• 53e1091 Fix release notes typo
• b03eb5a v0.21.0-beta.1
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)