chore(deps): bump the rust group across 1 directory with 10 updates

[dependabot]

Bumps the rust group with 10 updates in the /cli directory:

Package	From	To
ratatui	0.30.0	0.30.1
serde_json	1.0.149	1.0.150
toml	0.9.12+spec-1.1.0	1.1.2+spec-1.1.0
rusqlite	0.33.0	0.38.0
refinery	0.9.1	0.9.2
chrono	0.4.44	0.4.45
time	0.3.47	0.3.48
dashmap	6.1.0	6.2.1
uuid	1.23.1	1.23.3
insta	1.47.2	1.48.0

Updates ratatui from 0.30.0 to 0.30.1

Release notes

Sourced from ratatui's releases.

ratatui-v0.30.1

"Rats, we're rats; we're the rats." – Rat Movie

We are excited to announce the new version of ratatui - a Rust library that's all about cooking up TUIs 👨‍🍳🐀

✨ Release highlights: https://ratatui.rs/highlights/v0301/

⚠️ List of breaking changes can be found here.

Features

• 74d6a84 (block) Support shadows by orhun in #2481

  Introduce Block::shadow(...) with a new Shadow type that supports:

  • presets: overlay, block, light_shade, medium_shade, dark_shade
  • custom symbols via Shadow::symbol(...)
  • custom effects via Shadow::custom(...)

  use ratatui::layout::Offset;
  use ratatui::style::Stylize;
  use ratatui::widgets::{Block, Shadow};
  let popup = Block::bordered().title("Popup").shadow(
  Shadow::dark_shade()
  .black()
  .on_white()
  .offset(Offset::new(2, 1)),
  );

  Results in:

  ┌Popup─────┐
  │content   │▒
  └──────────┘▒
    ▒▒▒▒▒▒▒▒▒▒▒
  

  

  fixes #1892

  ---

• 4d30420 (buffer) Add CellDiffOption::AlwaysUpdate to force cell updates by sxyazi in #2480

... (truncated)

Changelog

Sourced from ratatui's changelog.

v0.30.1 - 2026-06-05

"Rats, we're rats; we're the rats." – Rat Movie

We are excited to announce the new version of ratatui - a Rust library that's all about cooking up TUIs 👨‍🍳🐀

✨ Release highlights: https://ratatui.rs/highlights/v0301/

⚠️ List of breaking changes can be found here.

Features

• 74d6a84 (block) Support shadows by @​orhun in #2481

  Introduce Block::shadow(...) with a new Shadow type that supports:

  • presets: overlay, block, light_shade, medium_shade, dark_shade
  • custom symbols via Shadow::symbol(...)
  • custom effects via Shadow::custom(...)

  use ratatui::layout::Offset;
  use ratatui::style::Stylize;
  use ratatui::widgets::{Block, Shadow};
  let popup = Block::bordered().title("Popup").shadow(
  Shadow::dark_shade()
  .black()
  .on_white()
  .offset(Offset::new(2, 1)),
  );

  Results in:

  ┌Popup─────┐
  │content   │▒
  └──────────┘▒
    ▒▒▒▒▒▒▒▒▒▒▒
  

  

  fixes #1892

  ---

• 4d30420 (buffer) Add CellDiffOption::AlwaysUpdate to force cell updates by @​sxyazi in #2480

... (truncated)

Commits

• 1c3dbd1 chore(ratatui): unleash the rats v0.30.1 (#2580)
• df9f897 docs(ratatui): update the changelog for v0.30.1 (#2568)
• 101a63e feat(render): add function for applying buffer (#2566)
• 0b03fe4 chore(toml): migrate from taplo to tombi (#2501)
• 6ef6a2f build(deps): bump octocrab from 0.50.0 to 0.52.0 (#2577)
• 83c1579 docs(changelog): fix doubled words in two entries (#2578)
• 09e3af7 build(deps): bump compact_str from 0.9.0 to 0.9.1 (#2573)
• cd8cc40 build(deps): bump unicode-segmentation from 1.13.2 to 1.13.3 (#2576)
• e64247d build(deps): bump bitflags from 2.11.1 to 2.12.1 (#2575)
• 04dec76 build(deps): bump crate-ci/typos from 1.46.3 to 1.47.0 (#2574)
• Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates toml from 0.9.12+spec-1.1.0 to 1.1.2+spec-1.1.0

Commits

• a3d0047 chore: Release
• cc37615 docs: Update changelog
• 7f5e9e1 fix(parser): Consolidate invalid unquoted key into one error (#1138)
• 52feb90 fix(parser): Consolidate invalid unquoted key into one error
• aad85d4 chore(deps): Update j178/prek-action action to v2 (#1136)
• 8b1ac44 chore(deps): Update compatible (dev) (#1135)
• 9effd79 chore(deps): Update j178/prek-action action to v2
• 9db8aad chore: Release
• e55a663 docs: Update changelog
• c11d7d7 Optimisations (#1133)
• Additional commits viewable in compare view

Updates rusqlite from 0.33.0 to 0.38.0

Release notes

Sourced from rusqlite's releases.

0.38.0

What's Changed

• bump sqlcipher to 4.10.0 (sqlite 3.50.4) #1725
• Use CARGO_CFG_TARGET_FEATURE for crt-static check #1737
• Disable u64, usize ToSql/FromSql impl by default #1732, ##1722 (breaking change)
• Make statement cache optional #1682, #1173 (breaking change)
• Remove shell scripts from the published package #1744
• Use new interfaces with 64-bit length parameters #1749
• sqlite3_vtab_rhs_value #1753
• Handle VTab IN values #1754
• Give access to Connection from VTabCursor::column #1755
• Bump minimal SQLite version to 3.34.1 #1733, #1731 (breaking change)
• Bump bundled SQLite version to 3.51.1 #1758
• Add support for transaction to the vtab module #1761
• Check Connection is owned when registering Closure as hook #1764 (breaking change)
• Turn libsqlite3-sys in a !#[no_std] crate #1767
• Add wasm32-unknown-unknown support #1769, #488, #827
• Remove useless Send/Sync on Module #1774

Full Changelog: rusqlite/rusqlite@v0.37.0...v0.38.0

0.37.0

What's Changed

• Add FromSqlError::other convenience conversion #1703
• Fix warnings #1705
• Update bindgen requirement from 0.71 to 0.72 #1707
• Fix for vtab::parameter parsing #1712
• Fix clippy warning #1713
• Bump bundled SQLite version to 3.50.2 #1714
• Fix issue with prettyplease #1717

Full Changelog: rusqlite/rusqlite@v0.36.0...v0.37.0

0.36.0

What's Changed

• Introduce Name trait to support both &str and &CStr as name #1659
• Use doc_auto_cfg #1683
• Feature loadable_extension is incompatible with some other features #1686
• Add missing wrappers for sqlite3_vtab_nochange and sqlite3_value_nochange #1688
• Update bindings list #1689
• Homogenize code related to hooks #1690
• Try to increase code coverage #1610
• Bump bundled SQLite version to 3.49.2 #1691
• Add bindings to sqlite3_table_column_metadata #1692
• Add bindings to sqlite3_vtab_distinct #1695
• Fix clippy warning #1697
• Add query_one #1699
• Refactor one_column test method #1700

Full Changelog: rusqlite/rusqlite@v0.35.0...v0.36.0

... (truncated)

Commits

• 35b3be2 Merge pull request #1777 from gwenn/release
• 03feebc Prepare new release
• 671533c Merge pull request #1775 from Spxg/w/bump
• 6df2072 Bump sqlite-wasm-rs to 0.5.1
• 2618364 Merge pull request #1774 from rusqlite/vtab-send
• b37caff Merge pull request #1773 from rusqlite/clippy
• 44bdbc4 Remove useless Send/Sync on Module
• 465d751 Fix Clippy warning
• 78d6678 Merge pull request #1772 from rusqlite/dependabot/cargo/getrandom-0.3
• 6b8fb83 Update Cargo.toml
• Additional commits viewable in compare view

Updates refinery from 0.9.1 to 0.9.2

Release notes

Sourced from refinery's releases.

V0.9.2

[0.9.2] - 2026-06-09

Added

• Support for rustls as a TLS backend for tokio-postgres via the new tokio-postgres-rustls feature. #426

Changed

• Make TLS opt-in for postgres and tokio-postgres features. The postgres and tokio-postgres features no longer pull in native-tls unconditionally. Use postgres-tls and tokio-postgres-tls features for TLS support. #408
• Support rusqlite 0.39.x. #425
• Support mysql up to 0.28.x and mysql_async up to 0.37.x. #436
• Update toml dependency to 1.1.2. #430

Changelog

Sourced from refinery's changelog.

[0.9.2] - 2026-06-09

Added

• Support for rustls as a TLS backend for tokio-postgres via the new tokio-postgres-rustls feature. #426

Changed

• Make TLS opt-in for postgres and tokio-postgres features. The postgres and tokio-postgres features no longer pull in native-tls unconditionally. Use postgres-tls and tokio-postgres-tls features for TLS support. #408
• Support rusqlite 0.39.x. #425
• Support mysql up to 0.28.x and mysql_async up to 0.37.x. #436
• Update toml dependency to 1.1.2. #430

Commits

• bc1a829 Prepare 0.9.2 (#437)
• 46721b3 Bump mysql to 0.28.x and mysql_async to 0.37.x (#436)
• d6ba618 backport 0.9.1 (#423) (#434)
• 458951a Bump openssl from 0.10.78 to 0.10.80 (#432)
• 14354f5 fix (#430)
• 6074795 Allow running tokio-postgres with rustls (#426)
• f4b23ea chore: Support rusqlite 0.39.x (#425)
• fc7848f Bump openssl from 0.10.73 to 0.10.78 (#427)
• c4f819b Bump rand from 0.9.2 to 0.9.4 (#422)
• ff809c8 do not log warning on nested dirs when finding migrations (#421)
• Additional commits viewable in compare view

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

• fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow by @​SAY-5 in chronotope/chrono#1787
• tz_data: fix tzdata locations on Android by @​caruschalalamove in chronotope/chrono#1789

Commits

• 1703382 Prepare 0.4.45 release
• 881f9ab tz_data: fix tzdata locations on Android
• f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
• c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
• 120686c Bump codecov/codecov-action from 5 to 6
• See full diff in compare view

Updates time from 0.3.47 to 0.3.48

Changelog

Sourced from time's changelog.

0.3.48 [2026-06-12]

Security

• The number of digits parsed by [subsecond digits:1+] is capped at 32 to avoid parsing unbounded user input. Digits after the 9th have no semantic meaning.
• Explicitly specify #[repr] for Weekday. The value of the variants is relied upon in multiple locations for soundness. The practical effect of this change is nothing, as Rust has always mapped C-like enums to 0..N in memory.

Compatibility

• Non-UTF-8 formatting and parsing is deprecated without replacement. It is recommended to only format and parse valid UTF-8.
• format_description::parse is deprecated. It is recommended to use format_description::parse_borrowed::<3> or format_description::parse_owned::<3>.

Added

• All types in the unit module have a generic parameter, though this is currently not used for much. Usage will be expanded in the future.
• Comparisons between types in the unit module and the generic Unit type are permitted.
• Support for rand 0.10
• Version 3 format descriptions
  • Only UTF-8 is supported. As a side effect of this, [ignore] requires that the remaining input not begin mid-codepoint.
  • Representation is deliberately opaque to allow for arbitrary changes going forward.
  • format:false is supported on [optional] components. This is not possible in version 1 and version 2 format descriptions due to API compatibility.
  • The time::serde::format_description! macro uses a new, clearer syntax for version 3.
    • time::serde::format_description!(mod foo [Date] = "[year]-[month]-[day]");
    • Unlike version 1 and version 2 format descriptions, the type is not automatically brought into scope. You must import it yourself.
  • Nonsensical combinations of modifiers are rejected. For example, you cannot specify case-sensitivity when parsing a numerical month.
  • [year] defaults to range:standard
  • Components and modifiers are case sensitive (and always lowercase).

Changed

• The convert module has been renamed to unit.

Fixed

• Macro hygiene has been improved by specifying re-exports.
• Fix handling of T in ISO 8601
• Support parsing the full range of UTC offset hours
• Version 1 nested format descriptions may now start with a component. Previously, a lexer bug unintentionally prohibited this.
• Error when ISO week date overflows the max year. This would previously panic.

... (truncated)

Commits

• 5d8737c v0.3.48 release
• 1bfca87 Use widen instead of extend in sys code
• c57284f fix: return error instead of panicking on truncated strftime padding modifier
• a74f35f Use v3 format descriptions for serde defaults
• 96ff36c Allow eliding serde format description version
• edc58b1 Permit duplicates in v1/v2 in permit_modifiers!
• a838f69 Bump codecov action
• f2f99f8 Fix unused warning
• 7eda800 Refactor format description parsing
• cccc2c0 Directly construct owned variants when parsing v3
• Additional commits viewable in compare view

Updates dashmap from 6.1.0 to 6.2.1

Release notes

Sourced from dashmap's releases.

v6.2.1

This is an interim maintenance release for the existing v6 branch before v7 can be released. This bumps the MSRV to 1.85 and updates dependencies to their latest versions.

Commits

• 749ed1f v6.2.1
• d02b945 v6.2.0
• b983625 update dependencies
• 94a294a bump msrv to 1.85
• See full diff in compare view

Updates uuid from 1.23.1 to 1.23.3

Release notes

Sourced from uuid's releases.

v1.23.3

What's Changed

• Fix up parser panic on empty input by @​KodrAus in uuid-rs/uuid#886
• Prepare for 1.23.3 release by @​KodrAus in uuid-rs/uuid#887

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3

v1.23.2

What's Changed

• Improve error messages for ambiguous formats by @​KodrAus in uuid-rs/uuid#882
• Prepare for 1.23.2 release by @​KodrAus in uuid-rs/uuid#883

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

Commits

• 20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
• 62232ca prepare for 1.23.3 release
• 2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
• 2d034d4 fix some invalid indexers on error reporting
• a8b9f14 update fuzz infra and run in CI
• d119657 Merge pull request #883 from uuid-rs/cargo/v1.23.2
• 0651cfc prepare for 1.23.2 release
• e8dea0c Merge pull request #882 from uuid-rs/fix/error-msgs
• bdc429a fix up serde messages
• d4342e4 make indexes 0 based and fix up more error messages
• Additional commits viewable in compare view

Updates insta from 1.47.2 to 1.48.0

Release notes

Sourced from insta's releases.

1.48.0

Release Notes

• Add strip_ansi_escape_codes setting which removes ANSI escape sequences (color codes, cursor movement, etc.) from snapshot content before comparison. Requires the filters feature. #899 (@​pierluigilenoci)
• Add opt-in support for YAML literal blocks for multiline strings in snapshot metadata fields such as description and expression. Set INSTA_YAML_BLOCK_STYLE=1 to enable. #851 (@​ivov)
• Setting CI=true normally makes cargo insta test behave as though --check was passed. Explicit snapshot handling options such as --accept now take precedence over this environment variable, allowing users to override this behavior if they want to. #924
• Fix cargo insta test --profile being forwarded to nextest as the nextest profile instead of the cargo build profile; it now translates to --cargo-profile for the nextest runner. Add --nextest-profile to select the nextest profile. #910
• Fix cargo insta pending-snapshots printing unusable \\?\-prefixed paths on Windows. The --snapshot filter now also accepts partial paths: any trailing path suffix of the snapshot file matches, so a bare --snapshot my_test.snap works. #904
• Accepting a binary snapshot no longer fails with os error 2 when its data file is missing (e.g. gitignored and not committed). #914

Install cargo-insta 1.48.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.48.0/cargo-insta-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.48.0/cargo-insta-installer.ps1 | iex"

Download cargo-insta 1.48.0

File	Platform	Checksum
cargo-insta-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
cargo-insta-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
cargo-insta-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
cargo-insta-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum
cargo-insta-x86_64-unknown-linux-musl.tar.xz	x64 MUSL Linux	checksum

Changelog

Sourced from insta's changelog.

1.48.0

• Add strip_ansi_escape_codes setting which removes ANSI escape sequences (color codes, cursor movement, etc.) from snapshot content before comparison. Requires the filters feature. #899 (@​pierluigilenoci)
• Add opt-in support for YAML literal blocks for multiline strings in snapshot metadata fields such as description and expression. Set INSTA_YAML_BLOCK_STYLE=1 to enable. #851 (@​ivov)
• Setting CI=true normally makes cargo insta test behave as though --check was passed. Explicit snapshot handling options such as --accept now take precedence over this environment variable, allowing users to override this behavior if they want to. #924
• Fix cargo insta test --profile being forwarded to nextest as the nextest profile instead of the cargo build profile; it now translates to --cargo-profile for the nextest runner. Add --nextest-profile to select the nextest profile. #910
• Fix cargo insta pending-snapshots printing unusable \\?\-prefixed paths on Windows. The --snapshot filter now also accepts partial paths: any trailing path suffix of the snapshot file matches, so a bare --snapshot my_test.snap works. #904
• Accepting a binary snapshot no longer fails with os error 2 when its data file is missing (e.g. gitignored and not committed). #914

Commits

• 7f23d2e Release 1.48.0 (#925)
• ee9cae1 Allow CI=true to be overridden by an explicitly passed --accept CLI flag ...
• 043cf82 fix: translate --profile to --cargo-profile for nextest (#913)
• 9c77f13 test: cover deep-wildcard redaction through arrays (#915)
• 362f432 Fix --snapshot filter on Windows; allow partial paths (#904)
• a436836 fix: tolerate a missing binary snapshot data file (#914)
• bf5fcdf fix: regenerate Cargo.lock and guard it with --locked in CI (#912)
• a761a9c feat: Support YAML literal blocks for multiline strings (#851)
• f9633f3 ci: pin check-minver to nightly-2026-04-25 (#905)
• c7b98b8 feat: add strip_ansi_escape_codes setting (#899)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.