Update crates (#8301)

Semver-compatible dependency updates (~200 transitive crates in
`Cargo.lock`), plus housekeeping of the version pins in `Cargo.toml`.

## Changes
* Normalize version strings in `[workspace.dependencies]`
(`similar-asserts = "2.0"`, `unicode_names2 = "3.1"`)
* `cargo update`: bump all semver-compatible transitive dependencies
* `itertools` 0.14 → 0.15; the duplicate with puffin's 0.14 /
criterion's 0.13 is now allowed in `deny.toml`
* `rand_core` duplicate (0.6 via phf_generator's rand 0.8, 0.10 via
getrandom 0.4/chacha20) also allowed in `deny.toml` — rand ecosystem is
mid-migration
* `toml` lock moved to 1.1.2 — the old winnow-duplicate blocker is gone
(winit's `toml_edit` now uses winnow 1.x), so the stale comment is
removed
* `wgpu` got a lock-only patch bump 29.0.1 → 29.0.4 (still on the 29.x
line; wgpu 30 intentionally not taken)

## Held back (would fail `cargo deny` with duplicate crates)
* `env_logger` 0.11.8 — newer pulls env_filter 1.x, duplicating the
0.1.x that android_logger needs
* `image` 0.25.6 — needs png 0.18, blocked on resvg
* `smithay-clipboard` 0.7.2 — pulls calloop 0.14, duplicating winit's
0.13
* accesskit platform adapters — newer ones need accesskit_consumer
0.36/0.37, duplicating the 0.35 that kittest 0.4 pins (comments added
for `accesskit_consumer`/`accesskit_winit`)
* wasm-bindgen family kept at 0.2.108 per the sync comment

Majors still blocked (documented in `Cargo.toml`):
`font-types`/`skrifa`/`harfrust` (vello_cpu 0.0.9), `resvg` (winit
0.30).

Verified: `scripts/cargo_deny.sh` green on all targets, `cargo clippy
--all-features --all-targets` clean.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Emil Ernerfeldt
2026-07-07 10:34:44 -07:00
committed by GitHub
parent 765d5ea8a8
commit d3850a9ca7
3 changed files with 463 additions and 564 deletions
+454 -557
View File
File diff suppressed because it is too large Load Diff
+7 -7
View File
@@ -71,8 +71,8 @@ egui_kittest = { version = "0.35.0", path = "crates/egui_kittest", default-featu
eframe = { version = "0.35.0", path = "crates/eframe", default-features = false }
accesskit = "0.24.1"
accesskit_consumer = "0.35.0"
accesskit_winit = "0.32.0"
accesskit_consumer = "0.35.0" # Can't update to 0.36+: kittest 0.4 pins accesskit_consumer 0.35, so bumping splits it into two versions
accesskit_winit = "0.32.0" # Can't update to 0.33: it needs accesskit_macos 0.26.2, which pulls accesskit_consumer 0.37, duplicating the 0.35 that kittest 0.4 needs
ahash = { version = "0.8.12", default-features = false, features = [
"no-rng", # we don't need DOS-protection, so we let users opt-in to it instead
"std",
@@ -97,10 +97,10 @@ font-types = { version = "0.11.3", default-features = false, features = [
glow = "0.17.0"
glutin = { version = "0.32.3", default-features = false }
glutin-winit = { version = "0.5.0", default-features = false }
harfrust = "0.7.0" # Can't update to 0.10: it needs read-fonts 0.40/font-types 0.12, but vello_cpu's glifo 0.1.1 pins read-fonts 0.39/font-types 0.11, so bumping duplicates them
harfrust = "0.7.0" # Can't update to 0.8+: newer versions need read-fonts 0.40+/font-types 0.12, but vello_cpu's glifo 0.1.1 pins read-fonts 0.39/font-types 0.11, so bumping duplicates them
home = "0.5.12"
image = { version = "0.25.6", default-features = false } # Can't update to 0.25.7+: it needs png 0.18, which only matches resvg once resvg moves to tiny-skia 0.12 — blocked, see resvg below
itertools = "0.14.0" # 0.15 splits us from puffin 0.20's itertools 0.14, adding a cargo-deny duplicate
itertools = "0.15.0"
jiff = { version = "0.2.29", default-features = false }
js-sys = "0.3.77"
kittest = { version = "0.4.0" }
@@ -132,7 +132,7 @@ ron = "0.12.2"
self_cell = "1.2"
serde = { version = "1.0", features = ["derive"] }
serde_bytes = "0.11.19"
similar-asserts = "2.0.0"
similar-asserts = "2.0"
skrifa = { version = "0.42.1", default-features = false, features = [
"std",
"autohint_shaping",
@@ -144,9 +144,9 @@ syntect = { version = "5.3", default-features = false }
tempfile = "3.27"
thiserror = "2.0"
tokio = "1.52"
toml = { version = "1.0", default-features = false } # 1.1+ pulls winnow 1.x, duplicating the winnow 0.7 that winit's toml_edit needs
toml = { version = "1.0", default-features = false }
type-map = "0.5.1"
unicode_names2 = { version = "3.1.0", default-features = false }
unicode_names2 = { version = "3.1", default-features = false }
unicode-general-category = "1.1"
unicode-segmentation = "1.13"
vello_cpu = { version = "0.0.9", default-features = false, features = [
+2
View File
@@ -55,11 +55,13 @@ skip = [
{ name = "foldhash" }, # pulled by the duplicated hashbrown versions
{ name = "getrandom" }, # ring / rustls (and thus ehttp) still depend on getrandom 0.2
{ name = "hashbrown" }, # wgpu's naga depends on 0.16, accesskit depends on 0.15
{ name = "itertools" }, # puffin 0.20 depends on 0.14, criterion 0.8 on 0.13
{ name = "jni-sys" }, # 0.3.1 depends on 0.4
{ name = "kurbo" }, # Old version because of resvg
{ name = "phf" }, # mime_guess2 -> 0.11, unicode_names2 -> 0.13
{ name = "phf_generator" }, # same phf split as phf
{ name = "phf_shared" }, # same phf split as phf
{ name = "rand_core" }, # rand ecosystem is migrating 0.8 -> 0.10; phf_generator's rand 0.8 needs rand_core 0.6, getrandom 0.4/chacha20 need rand_core 0.10
{ name = "redox_syscall" }, # old version via winit
{ name = "rustc-hash" }, # Small enough
{ name = "thiserror" }, # ecosystem is in the process of migrating from 1.x to 2.x