deps(cargo)(deps): bump the yaml-competitors group across 1 directory with 2 updates

[dependabot]

Bumps the yaml-competitors group with 2 updates in the / directory: yaml-rust2 and rust-yaml.

Updates yaml-rust2 from 0.9.0 to 0.11.0

Release notes

Sourced from yaml-rust2's releases.

v0.10.4

• Parse True, TRUE, False and FALSE as bools instead of strings. This is in line with the core schema.
• Fixed build with --no-default-features (#60)

v0.10.3

Changes

• Exclude yaml-test-suite from the Cargo package. This reverts the license changes from last version.
• 399f481: Bump libtest-mimic from dev-dependencies

v0.10.2

Bug fixes

• Parse (?i)[+-]?(?:inf|infinity|nan) as strings instead of floats

Changes

• Merge license files and respect yaml-test-suite MIT license. This means we now correctly state that this crate can not be licensed under only the Apache-2.0 license.

Please review your license requirement following this release.

v0.10.1

Bug fixes

• Parse .NaN as float instead of NaN.

v0.10.0

Breaking Changes

• Update dependencies. hashlink had a bogus requirement of >= 0.8, < 0.10, sorry. As mentioned here, range requirements shouldn't be used and I haven't been vigilant enough when reviewing. The requirement is now set to 0.10.

Changes

• Force quotes on y and n to appease the YAML 1.1 lords.

Changelog

Sourced from yaml-rust2's changelog.

v0.11.0

Changes

• The actions/checkout github actions dependency was updated.
• The hashlink dependency was updated to v0.11.

v0.10.4

Bug fixes

• Parse True, TRUE, False and FALSE as bools instead of strings. This is in line with the core schema.

v0.10.3

Changes

• Exclude yaml-test-suite from the Cargo package. This reverts the license changes from last version.
• 399f481: Bump libtest-mimic from dev-dependencies

v0.10.2

Bug fixes

• Parse (?i)[+-]?(?:inf|infinity|nan) as strings instead of floats

Changes

• Merge license files and respect yaml-test-suite MIT license. This means we now correctly state that this crate can not be licensed under only the Apache-2.0 license.

v0.10.1

Bug fixes

• Parse .NaN as float instead of NaN.

v0.10.0

Breaking Changes

• Update dependencies.

  hashlink had a bogus requirement of >= 0.8, < 0.10, sorry. As mentioned here, range requirements shouldn't be used and I haven't been vigilant enough when reviewing. The requirement is now set to 0.10.

Changes

• Force quotes on y and n to appease the YAML 1.1 lords.

Commits

• 635ffd1 Release v0.11.0.
• a018d65 Merge pull request #65 from renovate/hashlink-0.x
• 390d176 cargo: update dependencies
• 23a6b02 .gitignore: anchor the "target" entry and add "docs" + "pages"
• a714686 CHANGELOG: update release notes draft
• 68be997 Merge pull request #66 from glorenzop/master
• ad53a0c garden: add glorenzop remote
• 4ec5f06 Merge pull request #67 from renovate/actions-checkout-6.x
• 9561bd4 chore(deps): Update Rust crate hashlink to 0.11
• 95a37b7 chore(deps): Update actions/checkout action to v6
• Additional commits viewable in compare view

Updates rust-yaml from 0.0.5 to 1.0.1

Release notes

Sourced from rust-yaml's releases.

v1.0.1

What's Changed

• fix(v1.0.1): untrusted-input hardening — close all P0 hotfix issues by @​elioseverojunior in elioetibr/rust-yaml#64
• release: bump version to 1.0.1 by @​elioseverojunior in elioetibr/rust-yaml#65

Full Changelog: elioetibr/rust-yaml@v1.0.0...v1.0.1

v1.0.0

What's Changed

• ci: bump all GitHub Actions to latest major version tags by @​elioseverojunior in elioetibr/rust-yaml#9
• release(1.0.0): 100% yaml-test-suite conformance + YAML 1.1 directive + strict make ci by @​elioseverojunior in elioetibr/rust-yaml#14

Full Changelog: elioetibr/rust-yaml@v0...v1.0.0

Changelog

Sourced from rust-yaml's changelog.

Changelog

All notable changes to rust-yaml are documented here.

The format follows Keep a Changelog, and this project adheres to Semantic Versioning.

[1.0.0] — 2026-05-18

Highlights

🎯 100% conformance with the upstream yaml/yaml-test-suite (data-2022-01-17 pin) — 735 / 735 spec-conformance tests pass. This is the first rust-yaml release with full YAML 1.2 spec conformance verified by the official test corpus.

Added

• yaml-test-suite workspace crate — a separate, non-published harness that drives the upstream conformance corpus, classifies failures (wrong-reject / wrong-accept / wrong-events / timeout), and writes a per-test failure report to target/yaml-test-suite-failures.txt.
• YAML 1.1 %YAML directive honored for plain-scalar resolution: when %YAML 1.1 is in effect, yes/no/on/off resolve as booleans; default 1.2 keeps them as strings.
• YAML 1.1 = (!!value) tag auto-detection (§10.3.4): a bare = plain scalar under %YAML 1.1 is now recognized as the tag:yaml.org,2002:value indicator and rejected with a construction error — closes the parity gap with ruamel.yaml typ="safe" / typ="unsafe" reported in #1. Default 1.2 keeps = as a plain string (1.2 dropped the tag from Core Schema). Quoted '=' / "=" are always strings, in any version.
• Per-document %TAG directive scope (§6.8): directives apply to one document only; the resolver resets across --- boundaries.
• Named-tag-handle validation: !prefix!suffix without a matching %TAG directive in scope is now correctly rejected.
• Streaming + comment-preserving paths strengthened to surface eager-parse errors via get_event() (previously silently swallowed).
• .prettierrc.json + .prettierignore to keep markdown/YAML/JSON edits consistent across the project (does not touch *.rs/*.toml — those stay under rustfmt).
• Strict make ci gate: cargo clippy --all-targets --all-features -- -D warnings -D clippy::pedantic with a curated allow-list now blocking; every PR must pass make ci to merge.

Changed

• Empty plain scalar now resolves to Null (§10.2 Core Schema) rather than String(""). Affects any code that relied on the previous behavior.

... (truncated)

Commits

• 3165ec5 release: bump version to 1.0.1
• 39f64ea test(composer): cover iterative helpers and alias materialization cap
• 2247489 fix(test): silence clippy::result-large-err in panic_resistance closure
• 77c19f8 fix(scanner): propagate scan errors from new_eager_with_comments (#19)
• 816e59a fix(scanner): replace indent_stack panics with safe fallback (#18)
• 57e70b4 fix(parser): convert three state-stack underflows from panic to error
• 6fb8b41 fix(composer)!: cap cumulative alias materialization and bound traversal
• 3553bb5 release(1.0.0)!: pre-compile test artifacts in ci target
• 18e0d8a style: clean trailing whitespace and apply rustfmt across tree
• 1877780 ci(workflows): standardize app-token id, harden quoting, cache apt pkgs
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[sebastienrousseau]

Closing as part of a synchronisation reset after PR #61
("fix(ci): refresh stale GitHub Action SHA pins + full OpenSSF
Scorecard pass") merged to main as commit 194e3e6. That PR
substantially changed .github/workflows/*.yml, Cargo.lock,
supply-chain/config.toml, .github/dependabot.yml, and
several pkg/docker/Dockerfile* so most open Dependabot PRs
either conflict or carry stale baselines.

This PR will be regenerated automatically on the next weekly
Dependabot run (Monday 06:00 UTC) against the new main. No
action required.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml