- update dirs from v4 to v5 (no code changes)
- update term_grid from v0.1 to v0.2 (small code changes)
- update terminal_size from v0.1 to v0.3 (no code changes)
- update lscolors from v0.15 to v0.16 (no code changes)
- update serde_yaml from v0.8 to v0.9 (no code changes)
The term_grid update required small changes to the use of
`term_grid::Cell` because with v0.2, it is possible to specify the
alignment within the cell. Adding `Alignment::Left` should preserve
the current behaviour.
This commit also includes the changes generated by "cargo update",
which seems not to have been run in a long time, causing very old
versions to be pulled in.
Bumps [libgit2-sys](https://github.com/rust-lang/git2-rs) from
0.16.1+1.7.1 to 0.16.2+1.7.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/rust-lang/git2-rs/commits">compare
view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=libgit2-sys&package-manager=cargo&previous-version=0.16.1+1.7.1&new-version=0.16.2+1.7.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/lsd-rs/lsd/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
I'm the maintainer of lsd for Fedora Linux, and some outdated
dependencies are making maintenance increasingly difficult.
- deps: update chrono-humanize to v0.2
We have this patched for almost two years in Fedora and it has not
caused issues.
- deps: update assert_cmd to v2
Same here, this patch has been in the Fedora package for a while.
- deps: update sys-locale to v0.3
This dependency seems to have been added recently, not sure why an old
version was chosen.
- deps: update vsort to v0.2
Same here, this was added recently but 0.1 was used instead of 0.2, not
sure why.
- deps: update git2 to v0.18
Using old versions of git2 is not a good idea, since the bundled libgit2
C library often has CVE issues.
- deps: migrate from users to uzers
The "users" crate is unmaintained. The "uzers" crate is an
API-compatible fork that also fixes some bugs and security issues.
- deps: update serial_test to v2
The current dependency (v0.5) is **reeeeeally** old. Not sure why this
was never updated.
- deps: update predicates to v3
Same here, predicates v1 is **reaally** old.
- deps: allow newer versions of url, wild, and xdg crates
Not sure why strange `x.0.*` style dependencies were used here. It's
holding back various updates for both url and xdg crates, and makes
maintaining lsd in Fedora more difficult. We have built lsd against the
latest versions of all three crates forever, and it has not caused
issues.