Skip to content

deps(cargo): bump the cargo group with 3 updates#335

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/cargo-ba3c42e3ab
Closed

deps(cargo): bump the cargo group with 3 updates#335
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/cargo-ba3c42e3ab

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps the cargo group with 3 updates: ureq, napi and napi-derive.

Updates ureq from 2.12.1 to 3.3.0

Changelog

Sourced from ureq's changelog.

3.3.0

  • Bump MSRV 1.71 -> 1.85, edition 2024 #1167

3.2.1

  • Switch archived utf-8 crate for utf8-zero #1163

3.2.0

  • Strip Content-Encoding/Content-Length headers after decompression #1156
  • Timeout per resolved ip for try_connect #1152
  • Fix body header bug on redirect #1140
  • ureq-proto 0.5.3 to fix unsolicited 100-continue #1139
  • Make socks5:// locally resolve before calling proxy #1138
  • Add socks5h:// which DOESN'T locally resolve before calling proxy #1138

3.1.4

  • Set content-type with new Multipart form #1133

3.1.3

  • Fix short read with multi-byte charset #1131
  • Replace rustls-pemfile usage with rustls-pki-types #1122
  • Support for env NO_PROXY and proxy config #1118
  • Experimental multi-part form support #1102

3.1.2

  • Fix bug when query is after host "example.com?query" #1115

3.1.1

  • Fix regression in MSRV (hold back native-tls) #1113
  • Fix edge case regression when setting request header Content-Length: 0 #1109

3.1.0

DECISION: webpki-roots and webpki-root-certs goes from pre-release (0.26) to stable release (1.0.0). This is potentially a big change for ureq users. We release this as semver minor.

  • Bump all deps to latest #1104
  • Fixes to CONNECT to follow spec #1103
  • Send Content-Length for File #1100
  • native-tls transport capture and surface underlying errors #1093
  • Bump webpki-roots/webpki-root-certs to 1.0.0 #1089
  • Bump rustls-platform-verifier to 0.6.0 #1089
  • Allow the license CDLA-Permissive-2.0 #1089

... (truncated)

Commits
  • b2adbf0 3.3.0
  • 7662219 Bump MSRV 1.71 -> 1.85, edition 2024
  • eb51f2c 3.2.1
  • ad49981 Bump deps to fix cargo-deny RUSTSEC
  • 08785cb Switch out utf-8 crate with utf8-zero
  • 9ef2153 Clarify that json feature is disabled by default
  • eb2539d Fix misleading unsafe wording in crate docs
  • b45d3d2 Fix cargo-deny advisory failures
  • 852b804 3.2.0
  • 378f768 Update deny.toml given current dependencies
  • Additional commits viewable in compare view

Updates napi from 2.16.17 to 3.9.1

Release notes

Sourced from napi's releases.

napi-v3.9.1

Fixed

  • (napi) unify Reference finalize callbacks on Arc (Rc/Arc type confusion) (#3313)
  • (napi) zero-copy external strings, fix WASI double-free (#3308)
  • (napi) experimental node_api_create_object_with_properties (#3304)

napi-v3.9.0

Added

  • (napi) add ThreadsafeFunction::call_async_catch to handle errors in callback functions (#3291)

Fixed

  • (deps) update rust crate ctor to v1 (#3276)
  • (deps) update rust crate ctor to 0.13.0 (#3275)
  • (deps) update rust crate ctor to 0.12.0 (#3271)

napi-v3.8.6

Fixed

  • (deps) update rust crate ctor to 0.11.0 (#3270)
  • (napi) Convert #[ctor] calls to declarative form to remove all features (#3257)

Other

  • (napi) skip duplicate validation (#3268)
  • (napi) clarify unsafe function invariants (#3267)

napi-v3.8.5

Fixed

  • (napi) preserve generator class methods (#3231)
  • (deps) update rust crate ctor to v0.10.0 (#3224)
  • (deps) disable ctor priority feature (#3209)
  • (deps) update rust crate ctor to v0.9.1 (#3204)
  • (napi) handle ThreadsafeFunction callback errors gracefully during shutdown (#3188)
  • (napi) populate Error::cause from ThreadsafeFunction callee-handled callbacks (#3162)
  • correct typo in Either error message ("non" → "none") (#3183)

napi-v3.8.4

Fixed

  • (deps) update rust crate ctor to v0.8.0 (#3170)
  • (deps) update rust crate ctor to v0.7.0 (#3169)
  • (napi) check for null error_message in ExtendedErrorInfo::try_from (#3158)
  • (napi) skip nullish error causes when converting from Unknown (#3143)

napi-v3.8.3

Fixed

... (truncated)

Commits
  • dea608e chore: release (#3306)
  • 670e5d3 chore(release): publish
  • a9abc61 fix(sys): restore napi_create_object_with_properties as compat alias (#3321)
  • 3e5a09f chore(deps): update release-plz/action action to v0.5.130 (#3320)
  • 09c9d97 ci: fix Electron install on Node 24.16+/26, add Node 26 to matrix (#3319)
  • ed5b5ab fix(napi): unify Reference finalize callbacks on Arc (Rc/Arc type confusion) ...
  • ad7b1c8 chore(deps): lock file maintenance (#3318)
  • 718eb1f chore(deps): lock file maintenance (#3310)
  • 2938a9e fix(deps): update dependency @​emnapi/core to v1.11.0 (#3316)
  • 31b38d4 fix(deps): update dependency @​emnapi/runtime to v1.11.0 (#3317)
  • Additional commits viewable in compare view

Updates napi-derive from 2.16.13 to 3.5.6

Release notes

Sourced from napi-derive's releases.

napi-derive-v3.5.6

Fixed

  • (napi) invalid TypeScript generic syntax for type aliases (#3289)
  • (deps) update rust crate ctor to v1 (#3276)
  • (deps) update rust crate ctor to 0.13.0 (#3275)
  • (deps) update rust crate ctor to 0.12.0 (#3271)

napi-derive-v3.5.5

Fixed

  • (deps) update rust crate ctor to 0.11.0 (#3270)
  • (napi) Convert #[ctor] calls to declarative form to remove all features (#3257)

napi-derive-v3.5.4

Fixed

  • (deps) update rust crate ctor to v0.10.0 (#3224)
  • (deps) disable ctor priority feature (#3209)
  • (deps) update rust crate ctor to v0.9.1 (#3204)

napi-derive-v3.5.3

Fixed

  • (deps) update rust crate ctor to v0.8.0 (#3170)
  • (deps) update rust crate ctor to v0.7.0 (#3169)

napi-derive-v3.5.2

Fixed

  • (deps) update rust crate convert_case to 0.11 (#3114)

napi-derive-v3.5.1

Other

  • updated the following local packages: napi-derive-backend

napi-derive-v3.5.0

Added

  • (napi-derive) add #[napi(async_iterator)] macro attribute (#3072)

napi-derive-v3.4.1

Other

  • clippy fix for Rust 1.92.0 (#3058)

napi-derive-v3.4.0

Added

... (truncated)

Commits
  • e9c50bb chore: release (#3272)
  • a2744da fix(build): on openbsd, work around local thread storage destructor crash aft...
  • 3456eff feat(napi): add ThreadsafeFunction::call_async_catch to handle errors in ca...
  • 5f70bd5 chore(deps): upgrade typescript to v6 (#3292)
  • 16e48d1 fix(napi): invalid TypeScript generic syntax for type aliases (#3289)
  • 159395b chore(deps): update dependency oxc-parser to ^0.130.0 (#3290)
  • 86381bc feat(cli): opt-in runtime enum for #[napi(string_enum)] via --runtime-string-...
  • 66893f1 chore(deps): update release-plz/action action to v0.5.129 (#3288)
  • e3cc8e6 build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#3285)
  • 0e6e5f6 build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#3286)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(cargo): bump the cargo group with 3 updates
0468383 
Bumps the cargo group with 3 updates: [ureq](https://github.com/algesten/ureq), [napi](https://github.com/napi-rs/napi-rs) and [napi-derive](https://github.com/napi-rs/napi-rs).


Updates `ureq` from 2.12.1 to 3.3.0
- [Changelog](https://github.com/algesten/ureq/blob/main/CHANGELOG.md)
- [Commits](algesten/ureq@2.12.1...3.3.0)

Updates `napi` from 2.16.17 to 3.9.1
- [Release notes](https://github.com/napi-rs/napi-rs/releases)
- [Commits](https://github.com/napi-rs/napi-rs/compare/napi@2.16.17...napi-v3.9.1)

Updates `napi-derive` from 2.16.13 to 3.5.6
- [Release notes](https://github.com/napi-rs/napi-rs/releases)
- [Commits](https://github.com/napi-rs/napi-rs/compare/napi-derive@2.16.13...napi-derive-v3.5.6)

---
updated-dependencies:
- dependency-name: ureq
  dependency-version: 3.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: cargo
- dependency-name: napi
  dependency-version: 3.9.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: cargo
- dependency-name: napi-derive
  dependency-version: 3.5.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jun 19, 2026
@kingchenc

kingchenc commented Jun 21, 2026

Copy link
Copy Markdown
Collaborator

Closing: not mergeable. ureq 2 -> 3 removes ureq::AgentBuilder (used in crates/wickra-data/src/live/binance_rest.rs), so the workspace no longer compiles, and the group also pulls the deferred napi 2.16 -> 3.9 major bump. Both belong to the napi-3 migration and need a deliberate port (ureq 3 API + napi 3 binding code), not an automated lockfile bump.

@kingchenc kingchenc closed this Jun 21, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/cargo/cargo-ba3c42e3ab branch June 21, 2026 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kingchenc