Bump the non-critical group with 6 updates

[dependabot]

Bumps the non-critical group with 6 updates:

Package	From	To
anyhow	1.0.86	1.0.87
gix-path	0.10.10	0.10.11
ignore	0.4.22	0.4.23
serde	1.0.209	1.0.210
serde_json	1.0.127	1.0.128
similar-asserts	1.5.0	1.6.0

Updates anyhow from 1.0.86 to 1.0.87

Release notes

Sourced from anyhow's releases.

1.0.87

• Support more APIs, including Error::new and Error::chain, in no-std mode on Rust 1.81+ (#383)

Commits

• afe93e7 Release 1.0.87
• d58fa4b Fix outdated html_root_url
• c18d807 Disable unused doc_cfg feature
• 8ecfcdf Merge pull request #383 from dtolnay/nostd
• bee814a Support error sources in no-std on Rust 1.81+
• 1eabf69 Merge pull request #382 from dtolnay/corerequest
• 3e70139 Access generic_member_access APIs through core
• c378a2c Upload CI Cargo.lock for reproducing failures
• e38edc0 Raise rustc required for backtrace feature to 1.67
• eb976a4 Merge pull request #378 from dtolnay/ttpretty
• Additional commits viewable in compare view

Updates gix-path from 0.10.10 to 0.10.11

Release notes

Sourced from gix-path's releases.

gix-path v0.10.11

Bug Fixes

• Don't require usable temp dir to get installation config When running git config -l ... to find the configuration file path associated with the git installation itself, the current working directory for the subprocess was set to the current directory prior to #1523, and to /tmp or a /tmp-like directory since #1523 (which improved performance and security).

  This builds on #1523, as well as on subsequent changes to run git in a way that its behavior depends less on its CWD, by making an even more robust choice of CWD for the subprocess, so that the CWD is less likely to be deeply nested or on network storage; more likely to exist; and, on Unix-like systems, less likely to contain a .git entry (though a git with security updates should refuse to take any configuration from such a repository unless it is owned by the user).

  Due to a combination of other measures that harden against malicious or unusual contents (especially setting GIT_DIR), the most significant benefit of this change is to fix the problem that a nonexistent temp dir would prevent the command from succeeding.

  The main way that could happen is if TMPDIR on Unix-like systems, or TMP or TEMP on Windows, is set to an incorrect value. Because these variables are sometimes reasonable to customize for specific purposes, it is plausible for them to be set to incorrect values by accident.

  Except on Windows, this always uses / as the CWD for the subprocess.

  On Windows, we use the Windows directory (usually C:\Windows) rather than the root of the system drive (usually C:\), because:

  • We are currently obtaining this information from environment variables, and it is possible for our own parent process to pass down an overly sanitized environment.

  Although this can be so sanitized we cannot find the Windows directory, this is less likely to occur than being unable to find the root of the system drive.

  This due to moderately broad awareness that the SystemRoot environment variable (which, somewhat confusingly, holds the path of the Windows directory, not the root of the system drive) should be preserved even when clearing most other variables.

  Some libraries will even automatically preserve SystemRoot when

... (truncated)

Commits

• 012a754 Release gix-trace v0.1.10, gix-path v0.10.11
• c759819 prepare changelogs prior to release.
• d69c617 Merge pull request #1566 from Byron/merge
• b91d909 thanks clippy
• dfbc732 feat!: optionally store objects new objects in memory only.
• ca5294a feat: add InMemoryPassThrough implementation.
• b279957 feat: add tree-editing capabilities to Tree and Repository.
• 7c48556 feat: TreeRef::to_owned() and Tree::into_owned() for a convenient way to ...
• 39d8e03 Use a standard HashMap instead of one based on SHA1
• b5dc45f Add benchmarks for the tree editor and the tree-editor cursor
• Additional commits viewable in compare view

Updates ignore from 0.4.22 to 0.4.23

Commits

• See full diff in compare view

Updates serde from 1.0.209 to 1.0.210

Release notes

Sourced from serde's releases.

v1.0.210

• Support serializing and deserializing IpAddr and SocketAddr in no-std mode on Rust 1.77+ (#2816, thanks @​MathiasKoch)
• Make serde::ser::StdError and serde::de::StdError equivalent to core::error::Error on Rust 1.81+ (#2818)

Commits

• 89c4b02 Release 1.0.210
• eeb8e44 Merge pull request #2818 from dtolnay/coreerror
• 785c2d9 Stabilize no-std StdError trait
• d549f04 Reformat parse_ip_impl definition and calls
• 4c0dd63 Delete attr support from core::net deserialization macros
• 26fb134 Relocate cfg attrs out of parse_ip_impl and parse_socket_impl
• 07e614b Merge pull request #2817 from dtolnay/corenet
• b1f899f Delete doc(cfg) attribute from impls that are supported in no-std
• b4f860e Merge pull request #2816 from MathiasKoch/chore/core-net
• d940fe1 Reuse existing Buf wrapper as replacement for std::io::Write
• Additional commits viewable in compare view

Updates serde_json from 1.0.127 to 1.0.128

Release notes

Sourced from serde_json's releases.

1.0.128

• Support serializing maps containing 128-bit integer keys to serde_json::Value (#1188, thanks @​Mrreadiness)

Commits

• d96b1d9 Release 1.0.128
• 599228d Merge pull request #1188 from Mrreadiness/feat/add-hashmap-key-128-serializer
• 5416cee feat: add support for 128 bit HashMap key serialization
• 27a4ca9 Upload CI Cargo.lock for reproducing failures
• See full diff in compare view

Updates similar-asserts from 1.5.0 to 1.6.0

Changelog

Sourced from similar-asserts's changelog.

1.6.0

• Loosen static lifetime bounds for labels. #9

Commits

• c5110ea Make clippy happy
• b7a86e1 Prepare 1.6.0
• cdadae6 Loosen static lifetime bound for labels (#9)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions