cargo: bump the cargo-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the cargo-dependencies group with 10 updates in the / directory:

Package	From	To
clap	4.5.48	4.5.53
indexmap	2.11.4	2.12.1
open	5.3.2	5.3.3
rust-embed	8.7.2	8.9.0
tokio	1.47.1	1.48.0
toml	0.9.7	0.9.8
tracing-subscriber	0.3.20	0.3.22
indoc	2.0.6	2.0.7
insta	1.43.2	1.44.3
tauri-plugin-process	2.3.0	2.3.1

Updates clap from 4.5.48 to 4.5.53

Release notes

Sourced from clap's releases.

v4.5.53

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

v4.5.52

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

v4.5.51

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

v4.5.50

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

Changelog

Sourced from clap's changelog.

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

[4.5.49] - 2025-10-13

Fixes

• (help) Correctly wrap when ANSI escape codes are present

Commits

• 3716f9f chore: Release
• 613b69a docs: Update changelog
• d117f7a Merge pull request #6028 from epage/arg
• cb8255d feat(builder): Allow quoted id's for arg macro
• 1036060 Merge pull request #6025 from AldaronLau/typos-in-faq
• 2fcafc0 docs: Fix minor grammar issues in FAQ
• a380b65 Merge pull request #6023 from epage/template
• 4d7ab14 chore: Update from _rust/main template
• b8a7ea4 chore(deps): Update Rust Stable to v1.87 (#18)
• f9842b3 chore: Avoid MSRV problems out of the box
• Additional commits viewable in compare view

Updates indexmap from 2.11.4 to 2.12.1

Changelog

Sourced from indexmap's changelog.

2.12.1 (2025-11-20)

• Simplified a lot of internals using hashbrown's new bucket API.

2.12.0 (2025-10-17)

• MSRV: Rust 1.82.0 or later is now required.
• Updated the hashbrown dependency to 0.16 alone.
• Error types now implement core::error::Error.
• Added pop_if methods to IndexMap and IndexSet, similar to the method for Vec added in Rust 1.86.

Commits

• cfad758 Merge pull request #424 from cuviper/buckets
• a96b9c7 Release 2.12.1
• 6245ee5 Use the bucket API from hashbrown v0.16.1
• 0e68f8a Merge pull request #422 from cuviper/msrv-1.82
• 61c9c94 ci: only run full miri in the merge queue
• db43f19 Release 2.12.0
• b46a32a Move more to the lints table
• 4849b16 Make use of RFC2145 type privacy for sealed traits
• cfff4b7 Use bounds in associated type position
• c7178d7 Use core::error::Error
• Additional commits viewable in compare view

Updates open from 5.3.2 to 5.3.3

Release notes

Sourced from open's releases.

v5.3.3

Documentation

• point to webbrowser crate for users that seek this specific functionality.

Bug Fixes

• pass canonicalized path to ILCreateFromPathW

Other

• remove whitespace.

Commit Statistics

• 8 commits contributed to the release.
• 316 days passed between releases.
• 3 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge pull request #116 from Legend-Master/canonicalize-ILCreateFromPathW (a1ca334)
  • Fix CI by using a more recent Windows image (c84cade)
  • Pass canonicalized path to ILCreateFromPathW (abcd0f4)
  • Merge pull request #111 from bjones1/docs (335146b)
  • Remove whitespace. (314d80a)
  • Point to webbrowser crate for users that seek this specific functionality. (07b246c)
  • Merge pull request #110 from bjones1/codespaces (1c4a952)
  • Add Codespaces setup. (43b6a2d)

Changelog

Sourced from open's changelog.

5.3.3 (2025-11-17)

Documentation

• point to webbrowser crate for users that seek this specific functionality.

Bug Fixes

• pass canonicalized path to ILCreateFromPathW

Other

• remove whitespace.

Commit Statistics

• 8 commits contributed to the release.
• 316 days passed between releases.
• 3 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge pull request #116 from Legend-Master/canonicalize-ILCreateFromPathW (a1ca334)
  • Fix CI by using a more recent Windows image (c84cade)
  • Pass canonicalized path to ILCreateFromPathW (abcd0f4)
  • Merge pull request #111 from bjones1/docs (335146b)
  • Remove whitespace. (314d80a)
  • Point to webbrowser crate for users that seek this specific functionality. (07b246c)
  • Merge pull request #110 from bjones1/codespaces (1c4a952)
  • Add Codespaces setup. (43b6a2d)

Commits

• ab1b306 Release open v5.3.3
• a1ca334 Merge pull request #116 from Legend-Master/canonicalize-ILCreateFromPathW
• c84cade Fix CI by using a more recent Windows image
• abcd0f4 fix(windows): pass canonicalized path to ILCreateFromPathW
• 335146b Merge pull request #111 from bjones1/docs
• 314d80a clean: remove whitespace.
• 07b246c docs: point to webbrowser crate for users that seek this specific functionality.
• 1c4a952 Merge pull request #110 from bjones1/codespaces
• 43b6a2d Add Codespaces setup.
• See full diff in compare view

Updates rust-embed from 8.7.2 to 8.9.0

Updates tokio from 1.47.1 to 1.48.0

Release notes

Sourced from tokio's releases.

Tokio v1.48.0

1.48.0 (October 14th, 2025)

The MSRV is increased to 1.71.

Added

• fs: add File::max_buf_size (#7594)
• io: export Chain of AsyncReadExt::chain (#7599)
• net: add SocketAddr::as_abstract_name (#7491)
• net: add TcpStream::quickack and TcpStream::set_quickack (#7490)
• net: implement AsRef<Self> for TcpStream and UnixStream (#7573)
• task: add LocalKey::try_get (#7666)
• task: implement Ord for task::Id (#7530)

Changed

• deps: bump windows-sys to version 0.61 (#7645)
• fs: preserve max_buf_size when cloning a File (#7593)
• macros: suppress clippy::unwrap_in_result in #[tokio::main] (#7651)
• net: remove PollEvented noise from Debug formats (#7675)
• process: upgrade Command::spawn_with to use FnOnce (#7511)
• sync: remove inner mutex in SetOnce (#7554)
• sync: use UnsafeCell::get_mut in Mutex::get_mut and RwLock::get_mut (#7569)
• time: reduce the generated code size of Timeout<T>::poll (#7535)

Fixed

• macros: fix hygiene issue in join! and try_join! (#7638)
• net: fix copy/paste errors in udp peek methods (#7604)
• process: fix error when runtime is shut down on nightly-2025-10-12 (#7672)
• runtime: use release ordering in wake_by_ref() even if already woken (#7622)
• sync: close the broadcast::Sender in broadcast::Sender::new() (#7629)
• sync: fix implementation of unused RwLock::try_* methods (#7587)

Unstable

• tokio: use cargo features instead of --cfg flags for taskdump and io_uring (#7655, #7621)
• fs: support io_uring in fs::write (#7567)
• fs: support io_uring with File::open() (#7617)
• fs: support io_uring with OpenOptions (#7321)
• macros: add local runtime flavor (#7375, #7597)

Documented

• io: clarify the zero capacity case of AsyncRead::poll_read (#7580)
• io: fix typos in the docs of AsyncFd readiness guards (#7583)
• net: clarify socket gets closed on drop (#7526)
• net: clarify the behavior of UCred::pid() on Cygwin (#7611)
• net: clarify the supported platform of set_reuseport() and reuseport() (#7628)

... (truncated)

Commits

• 556820f chore: prepare Tokio v1.48.0 (#7677)
• fd1659a chore: prepare tokio-macros v2.6.0 (#7676)
• 53e8aca ci: update nightly version to 2025-10-12 (#7670)
• 9e5527d process: fix error when runtime is shut down on nightly-2025-10-12 (#7672)
• 25a24de net: remove PollEvented noise from Debug formats (#7675)
• c1fa25f task: clarify the behavior of several spawn_local methods (#7669)
• e7e02fc fs: use FileOptions inside fs::File to support uring (#7617)
• f7a7f62 ci: remove cargo-deny Unicode-DFS-2016 license exception config (#7619)
• d1f1499 tokio: use cargo feature for taskdump support instead of cfg (#7655)
• ad6f618 runtime: clarify the behavior of Handle::block_on (#7665)
• Additional commits viewable in compare view

Updates toml from 0.9.7 to 0.9.8

Commits

• 93e9146 chore: Release
• 7de1b4e docs: Update changelog
• 1b579c3 feat(serde): Support integer, bools, and chars as keys (#1050)
• ac1e077 feat(serde): Support chars as keys
• f3dec32 feat(serde): Support bools as keys
• 139b30a feat(serde): Support integer keys
• 2d65a88 test(serde): Show existing key behavior
• 80217f8 chore(deps): Update actions/checkout action to v5 (#1047)
• b36e351 chore(deps): Update actions/checkout action to v5
• 7d2c649 chore(deps): Update actions/setup-python action to v6 (#1048)
• Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.20 to 0.3.22

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.22

Important

The previous release [0.3.21] was yanked as it depended explicitly on [tracing-0.1.42], which was yanked due to a breaking change (see #3424 for details). This release contains all the changes from the previous release, plus an update to the newer version of tracing.

Changed

• tracing: updated to 0.1.43 (#3427)

#3424: tokio-rs/tracing#3424 #3427: tokio-rs/tracing#3427 [0.3.21]: https://github.com/tokio-rs/tracing/releases/tag/tracing-subscriber-0.3.21 [tracing-0.1.42]: https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.42

tracing-subscriber 0.3.21

Fixed

• Change registry exit to decrement local span ref only (#3331)
• Make Layered propagate on_register_dispatch (#3379)

Changed

• tracing: updated to 0.1.42 (#3418)

Performance

• Remove clone_span on enter (#3289)

Documented

• Fix a few small things in the format module (#3339)
• Fix extra closing brace in layer docs (#3350)
• Fix link in FmtSpan docs (#3411)

#3289: tokio-rs/tracing#3289 #3331: tokio-rs/tracing#3331 #3339: tokio-rs/tracing#3339 #3350: tokio-rs/tracing#3350 #3379: tokio-rs/tracing#3379 #3411: tokio-rs/tracing#3411 #3418: tokio-rs/tracing#3418

Commits

• cc44064 chore: prepare tracing-subscriber 0.3.22 (#3428)
• 64e1c8d chore: prepare tracing 0.1.43 (#3427)
• 7c44f7b tracing: revert "make valueset macro sanitary" (#3425)
• cdaf661 chore: prepare tracing-mock 0.1.0-beta.2 (#3422)
• a164fd3 chore: prepare tracing-journald 0.3.2 (#3421)
• 405397b chore: prepare tracing-appender 0.2.4 (#3420)
• a9eeed7 chore: prepare tracing-subscriber 0.3.21 (#3419)
• 5bd5505 chore: prepare tracing 0.1.42 (#3418)
• 5508623 chore: prepare tracing-attributes 0.1.31 (#3417)
• d92b4c0 chore: prepare tracing-core 0.1.35 (#3414)
• Additional commits viewable in compare view

Updates indoc from 2.0.6 to 2.0.7

Release notes

Sourced from indoc's releases.

2.0.7

• Support C-string literals indoc! {c"..."}, indoc! {cr"..."} (#67)

Commits

• 8d78216 Release 2.0.7
• 23472ff Merge pull request #67 from dtolnay/cstring
• 8d05562 Hide C-string tests from old toolchain versions
• 7c92efb Recognize C-string literals
• fe39de4 Generalize Error constructors
• 27e0151 Add C-string tests
• 57f6fbb Sort tests
• 170a079 Raise minimum tested compiler to rust 1.76
• 2f6ef04 Opt in to generate-macro-expansion when building on docs.rs
• ce1bed4 Update ui test suite to nightly-2025-09-12
• Additional commits viewable in compare view

Updates insta from 1.43.2 to 1.44.3

Release notes

Sourced from insta's releases.

1.44.3

Release Notes

• Fix a regression in 1.44.2 where merge conflict detection was too aggressive, incorrectly flagging snapshot content containing ====== or similar patterns as conflicts. #832
• Fix a regression in 1.42.2 where inline snapshot updates would corrupt the file when code preceded the macro (e.g., let output = assert_snapshot!(...)). #833

Install cargo-insta 1.44.3

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.44.3/cargo-insta-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.44.3/cargo-insta-installer.ps1 | iex"

Download cargo-insta 1.44.3

File	Platform	Checksum
cargo-insta-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
cargo-insta-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
cargo-insta-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
cargo-insta-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum
cargo-insta-x86_64-unknown-linux-musl.tar.xz	x64 MUSL Linux	checksum

1.44.2

Release Notes

• Fix a rare backward compatibility issue where inline snapshots using an uncommon legacy format (single-line content stored in multiline raw strings) could fail to match after 1.44.0. #830
• Handle merge conflicts in snapshot files gracefully. When a snapshot file contains git merge conflict markers, insta now detects them and treats the snapshot as missing, allowing tests to continue and create a new pending snapshot for review. #829
• Skip nextest_doctest tests when cargo-nextest is not installed. #826
• Fix functional tests failing under nextest due to inherited NEXTEST_RUN_ID environment variable. #824

Install cargo-insta 1.44.2

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.44.2/cargo-insta-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.44.2/cargo-insta-installer.ps1 | iex"
</tr></table> 

... (truncated)

Changelog

Sourced from insta's changelog.

1.44.3

• Fix a regression in 1.44.2 where merge conflict detection was too aggressive, incorrectly flagging snapshot content containing ====== or similar patterns as conflicts. #832
• Fix a regression in 1.42.2 where inline snapshot updates would corrupt the file when code preceded the macro (e.g., let output = assert_snapshot!(...)). #833

1.44.2

• Fix a rare backward compatibility issue where inline snapshots using an uncommon legacy format (single-line content stored in multiline raw strings) could fail to match after 1.44.0. #830
• Handle merge conflicts in snapshot files gracefully. When a snapshot file contains git merge conflict markers, insta now detects them and treats the snapshot as missing, allowing tests to continue and create a new pending snapshot for review. #829
• Skip nextest_doctest tests when cargo-nextest is not installed. #826
• Fix functional tests failing under nextest due to inherited NEXTEST_RUN_ID environment variable. #824

1.44.1

• Add --dnd alias for --disable-nextest-doctest flag to make it easier to silence the deprecation warning. #822
• Update cargo-dist to 0.30.2 and fix Windows runner to use windows-2022. #821

1.44.0

• Added non-interactive snapshot review and reject modes for use in non-TTY environments (LLMs, CI pipelines, scripts). cargo insta review --snapshot <path> and cargo insta reject --snapshot <path> now work without a terminal. Enhanced pending-snapshots output with usage instructions and workspace-relative paths. #815
• Add --disable-nextest-doctest flag to cargo insta test to disable running doctests with nextest. Shows a deprecation warning when nextest is used with doctests without this flag, to prepare cargo insta to no longer run a separate doctest process when using nextest in the future. #803
• Add ergonomic --test-runner-fallback / --no-test-runner-fallback flags to cargo insta test. #811
• Apply redactions to snapshot metadata. #813
• Remove confusing 'previously unseen snapshot' message. #812
• Speed up JSON float rendering. #806 (@​nyurik)
• Allow globset version up to 0.4.16. #810 (@​g0hl1n)
• Improve documentation. #814 (@​tshepang)
• We no longer trim starting newlines during assertions, which allows asserting the number of leading newlines match. Existing assertions with different leading newlines will pass and print a warning suggesting running with --force-update-snapshots. They may fail in the future. (Note that we still currently allow differing trailing newlines, though may adjust this in the future). #563

Commits

• dcbb11f Prepare release 1.44.3 (#838)
• 3b9ec12 Refine test name & description (#837)
• ee4e1ea Handle unparsable snapshot files gracefully (#836)
• 778f733 Fix for code before macros, such as let foo = assert_snapshot! (#835)
• 6cb41af Prepare release 1.44.2 (#831)
• 8838b2f Handle merge conflicts in snapshot files gracefully (#829)
• e55ce99 Fix backward compatibility for legacy inline snapshot format (#830)
• d44dd42 Skip nextest_doctest tests when cargo-nextest is not installed (#826)
• a711baf Fix functional tests failing under nextest (#824)
• ba9ea51 Prepare release 1.44.1 (#823)
• Additional commits viewable in compare view

Updates tauri-plugin-process from 2.3.0 to 2.3.1

Release notes

Sourced from tauri-plugin-process's releases.

notification-js v2.3.1

[2.3.1]

• 8abb31ee (#2905 by @​ChristianPavilonis) Fix notification scheduling on iOS.
• 2d03e2ea (#2678 by @​Keerthi421) Added sound support for desktop notifications which was previously only available on mobile platforms.

npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-notification@2.3.1
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 4.2kB README.md
npm notice 9.1kB dist-js/index.cjs
npm notice 12.5kB dist-js/index.d.ts
npm notice 8.6kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 662B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-notification
npm notice version: 2.3.1
npm notice filename: tauri-apps-plugin-notification-2.3.1.tgz
npm notice package size: 6.7 kB
npm notice unpacked size: 36.0 kB
npm notice shasum: c01bead36ff2ce24344077aab860e027ac6f6190
npm notice integrity: sha512-7gqgfANSREKhh[...]PLqIPTySggGgg==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=417180273
+ @tauri-apps/plugin-notification@2.3.1

notification v2.3.1

[2.3.1]

• 8abb31ee (#2905 by @​ChristianPavilonis) Fix notification scheduling on iOS.
• 2d03e2ea (#2678 by @​Keerthi421) Added sound support for desktop notifications which was previously only available on mobile platforms.

... (truncated)

Commits

• 2371804 publish new versions (#2888)
• 90f9b93 chore: fix cli version in deep-link package.json
• 1c58f33 chore(deps): update dependency rollup to v4.46.4 (v2) (#2935)
• 75617a6 fix(mobile): deeplinks (#2870)
• 5a963a0 chore(deps): update dependency @​tauri-apps/cli to v2.8.1 (#2930)
• 76f4e7b chore(deps): update eslint monorepo to v9.33.0 (#2903)
• 670ac1d chore(deps): update dependency typescript-eslint to v8.40.0 (#2923)
• ed0deef chore(deps): update dependency @​tauri-apps/api to v2.8.0 (#2929)
• 50cebdb chore(deps): update to tauri 2.8.0 (#2925)
• dd2ea9c chore(deps): update dependency rollup to v4.46.3 (#2920)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.