chore(deps): bump the rust-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the rust-dependencies group with 5 updates in the / directory:

Package	From	To
js-sys	0.3.98	0.3.102
memchr	2.8.0	2.8.2
napi	3.9.0	3.9.2
smallvec	1.15.1	1.15.2
insta	1.47.2	1.48.0

Updates js-sys from 0.3.98 to 0.3.102

Commits

• See full diff in compare view

Updates memchr from 2.8.0 to 2.8.2

Commits

• a61ac1a 2.8.2
• a08bf90 arch: fix undefined behavior in lower level (but public) APIs
• b41293b rebar: update memchr to latest
• 87467c9 impl: remove unnecessary clones in into_owned impls
• ff7dca7 2.8.1
• 016878a target: fix aarch64_be endianness bug
• ee18717 docs: add AI policy for contributors
• db1a77d build(deps): bump actions/checkout in the actions group (#212)
• c8abbe1 Hash-pin all actions, drop persisted credentials (#210)
• 24f5daa lint: fix clippy get_first
• Additional commits viewable in compare view

Updates napi from 3.9.0 to 3.9.2

Release notes

Sourced from napi's releases.

napi-v3.9.2

Fixed

• (napi) ReadableStream Reader loses chunks and aborts on errored streams (#3328)

napi-v3.9.1

Fixed

• (napi) unify Reference finalize callbacks on Arc (Rc/Arc type confusion) (#3313)
• (napi) zero-copy external strings, fix WASI double-free (#3308)
• (napi) experimental node_api_create_object_with_properties (#3304)

Commits

• 529a78d chore(napi): release v3.9.2 (#3329)
• 88f4b97 fix(napi): ReadableStream Reader loses chunks and aborts on errored streams (...
• ebb3cf8 chore(release): publish
• 4ec817b chore(deps): group emnapi updates and bump to 1.11.1 (#3326)
• 0108423 chore(deps): update dependency esbuild to v0.28.1 [security] (#3323)
• 4931225 fix(cli): emit Node 12 compatible CJS binding loader (#3312)
• dea608e chore: release (#3306)
• 670e5d3 chore(release): publish
• a9abc61 fix(sys): restore napi_create_object_with_properties as compat alias (#3321)
• 3e5a09f chore(deps): update release-plz/action action to v0.5.130 (#3320)
• Additional commits viewable in compare view

Updates smallvec from 1.15.1 to 1.15.2

Release notes

Sourced from smallvec's releases.

v1.15.2

What's Changed

• Exclude development script from cargo packaging by @​weiznich in servo/rust-smallvec#397
• Fix use-after-free in DrainFilter::keep_rest for SmallVec with capacity 0 by @​Shnatsel in servo/rust-smallvec#407
• Work around rustc 1.93 perf regression with MaybeUninit by @​glandium in servo/rust-smallvec#410

New Contributors

• @​Shnatsel made their first contribution in servo/rust-smallvec#407
• @​glandium made their first contribution in servo/rust-smallvec#410

Full Changelog: servo/rust-smallvec@v1.15.1...v1.15.2

Commits

• c469051 Bump version.
• 9fe422b Fix Windows CI.
• 51b965f Work around rustc 1.93 perf regression with MaybeUninit
• 9da26a5 Fix use-after-free in DrainFilter::keep_rest for zero-capacity SmallVecs
• 79184f1 Add Miri test for use-after-free in DrainFilter::keep_rest
• f59fb36 Merge pull request #397 from GiGainfosystems/exclude_scripts
• 28b6ed7 Exclude development script
• See full diff in compare view

Updates wasm-bindgen from 0.2.121 to 0.2.125

Release notes

Sourced from wasm-bindgen's releases.

0.2.125

Added

• Added the --force-enable-abort-handler CLI flag, which emits the hard-abort detection and set_on_abort machinery on panic=abort builds. With panic=unwind this machinery is generated automatically; the flag does nothing there. #5191

Changed

• Made the internal __wbindgen_destroy_closure export private in the Rust API. #5196

0.2.123

Added

• Added the maxAge attribute to the CookieInit dictionary in web-sys, matching the current Cookie Store API specification. #5169

• The js-sys futures codegen opt-in can now also be enabled via the WASM_BINDGEN_USE_JS_SYS=1 environment variable, in addition to --cfg=wasm_bindgen_use_js_sys. This works on stable when --target is in use, where Cargo does not propagate the cfg to host proc-macros. #5164

Changed

• JsOption<T> now treats only undefined as empty, aligning it with TypeScript's strict T | undefined semantics and with Option<T>'s wire shape (None ↔ undefined). Previously is_empty, as_option, into_option, unwrap, expect, unwrap_or_default, and unwrap_or_else treated both null and undefined as absent; JS null is now a distinct present value. The impl<T> UpcastFrom<Null> for JsOption<T> is removed (Undefined still models absence), and the Debug/Display absent placeholder changed from "null" to "undefined". Code relying on null → None should return undefined from the JS side, or check explicitly with val.as_option().filter(|v| !v.is_null()). #5170

Fixed

• Removed invalid js_sys::Array<T> to js_sys::ArrayTuple<(...)> upcasts. ArrayTuple encodes a fixed tuple arity, while a plain JavaScript array does not prove that arity statically.

• Fixed incorrect variance in &mut reference upcasting. &mut T upcasts were covariant in the pointee, so a &mut T could be widened to a &mut

... (truncated)

Changelog

Sourced from wasm-bindgen's changelog.

0.2.125

Added

• Added the --force-enable-abort-handler CLI flag, which emits the hard-abort detection and set_on_abort machinery on panic=abort builds. With panic=unwind this machinery is generated automatically; the flag does nothing there. #5191

Changed

• Made the internal __wbindgen_destroy_closure export private in the Rust API. #5196

0.2.123

Added

• Added the maxAge attribute to the CookieInit dictionary in web-sys, matching the current Cookie Store API specification. #5169

• The js-sys futures codegen opt-in can now also be enabled via the WASM_BINDGEN_USE_JS_SYS=1 environment variable, in addition to --cfg=wasm_bindgen_use_js_sys. This works on stable when --target is in use, where Cargo does not propagate the cfg to host proc-macros. #5164

Changed

• JsOption<T> now treats only undefined as empty, aligning it with TypeScript's strict T | undefined semantics and with Option<T>'s wire shape (None ↔ undefined). Previously is_empty, as_option, into_option, unwrap, expect, unwrap_or_default, and unwrap_or_else treated both null and undefined as absent; JS null is now a distinct present value. The impl<T> UpcastFrom<Null> for JsOption<T> is removed (Undefined still models absence), and the Debug/Display absent placeholder changed from "null" to "undefined". Code relying on null → None should return undefined from the JS side, or check explicitly with val.as_option().filter(|v| !v.is_null()). #5170

Fixed

• Removed invalid js_sys::Array<T> to js_sys::ArrayTuple<(...)> upcasts. ArrayTuple encodes a fixed tuple arity, while a plain JavaScript array does not prove that arity statically.

... (truncated)

Commits

• 6ff7f1c Release 0.2.125 (#5200)
• 1ae2b88 Release 0.2.124 (#5199)
• 197f576 Wrapped fatal JS Error in panic=abort + abort handlers path (#5198)
• 9f77521 build(deps): bump codecov/codecov-action (#5187)
• 18c4e33 Fix flaky abort-handler CLI tests by isolating build dirs (#5197)
• 98df86b Make abort handler work when panic=abort via --force-enable-abort-handler(#...
• 9b6d186 fix: make __wbindgen_destroy_closure private (#5196)
• 4f17390 Fix incorrect abort_handler ptr comparison (#5192)
• c7b8dce Remove cast from fn() to usize in set_on_abort (#5189)
• 861696a Release 0.2.123 (#5188)
• Additional commits viewable in compare view

Updates insta from 1.47.2 to 1.48.0

Release notes

Sourced from insta's releases.

1.48.0

Release Notes

• Add strip_ansi_escape_codes setting which removes ANSI escape sequences (color codes, cursor movement, etc.) from snapshot content before comparison. Requires the filters feature. #899 (@​pierluigilenoci)
• Add opt-in support for YAML literal blocks for multiline strings in snapshot metadata fields such as description and expression. Set INSTA_YAML_BLOCK_STYLE=1 to enable. #851 (@​ivov)
• Setting CI=true normally makes cargo insta test behave as though --check was passed. Explicit snapshot handling options such as --accept now take precedence over this environment variable, allowing users to override this behavior if they want to. #924
• Fix cargo insta test --profile being forwarded to nextest as the nextest profile instead of the cargo build profile; it now translates to --cargo-profile for the nextest runner. Add --nextest-profile to select the nextest profile. #910
• Fix cargo insta pending-snapshots printing unusable \\?\-prefixed paths on Windows. The --snapshot filter now also accepts partial paths: any trailing path suffix of the snapshot file matches, so a bare --snapshot my_test.snap works. #904
• Accepting a binary snapshot no longer fails with os error 2 when its data file is missing (e.g. gitignored and not committed). #914

Install cargo-insta 1.48.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.48.0/cargo-insta-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.48.0/cargo-insta-installer.ps1 | iex"

Download cargo-insta 1.48.0

File	Platform	Checksum
cargo-insta-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
cargo-insta-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
cargo-insta-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
cargo-insta-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum
cargo-insta-x86_64-unknown-linux-musl.tar.xz	x64 MUSL Linux	checksum

Changelog

Sourced from insta's changelog.

1.48.0

• Add strip_ansi_escape_codes setting which removes ANSI escape sequences (color codes, cursor movement, etc.) from snapshot content before comparison. Requires the filters feature. #899 (@​pierluigilenoci)
• Add opt-in support for YAML literal blocks for multiline strings in snapshot metadata fields such as description and expression. Set INSTA_YAML_BLOCK_STYLE=1 to enable. #851 (@​ivov)
• Setting CI=true normally makes cargo insta test behave as though --check was passed. Explicit snapshot handling options such as --accept now take precedence over this environment variable, allowing users to override this behavior if they want to. #924
• Fix cargo insta test --profile being forwarded to nextest as the nextest profile instead of the cargo build profile; it now translates to --cargo-profile for the nextest runner. Add --nextest-profile to select the nextest profile. #910
• Fix cargo insta pending-snapshots printing unusable \\?\-prefixed paths on Windows. The --snapshot filter now also accepts partial paths: any trailing path suffix of the snapshot file matches, so a bare --snapshot my_test.snap works. #904
• Accepting a binary snapshot no longer fails with os error 2 when its data file is missing (e.g. gitignored and not committed). #914

Commits

• 7f23d2e Release 1.48.0 (#925)
• ee9cae1 Allow CI=true to be overridden by an explicitly passed --accept CLI flag ...
• 043cf82 fix: translate --profile to --cargo-profile for nextest (#913)
• 9c77f13 test: cover deep-wildcard redaction through arrays (#915)
• 362f432 Fix --snapshot filter on Windows; allow partial paths (#904)
• a436836 fix: tolerate a missing binary snapshot data file (#914)
• bf5fcdf fix: regenerate Cargo.lock and guard it with --locked in CI (#912)
• a761a9c feat: Support YAML literal blocks for multiline strings (#851)
• f9633f3 ci: pin check-minver to nightly-2026-04-25 (#905)
• c7b98b8 feat: add strip_ansi_escape_codes setting (#899)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions