Bump the backend-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the backend-dependencies group with 10 updates in the / directory:

Package	From	To
anyhow	1.0.98	1.0.100
chrono	0.4.41	0.4.42
clap	4.5.41	4.5.51
csv	1.3.1	1.4.0
schemars	1.0.4	1.1.0
semver	1.0.26	1.0.27
serde_json	1.0.140	1.0.145
spdx	0.10.8	0.12.0
toml	0.9.1	0.9.8
url	2.5.4	2.5.7

Updates anyhow from 1.0.98 to 1.0.100

Release notes

Sourced from anyhow's releases.

1.0.100

• Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)

1.0.99

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#420)

Commits

• 18c2598 Release 1.0.100
• f271988 Merge pull request #426 from dtolnay/clippyfmt
• 52f2115 Mark macros with clippy::format_args
• da5fd9d Raise minimum tested compiler to rust 1.76
• 211e409 Opt in to generate-macro-expansion when building on docs.rs
• b48fc02 Enforce trybuild >= 1.0.108
• d5f59fb Update ui test suite to nightly-2025-09-07
• 238415d Update ui test suite to nightly-2025-08-24
• 3bab070 Update actions/checkout@v4 -> v5
• 4249254 Order cap-lints flag in the same order as thiserror build script
• Additional commits viewable in compare view

Updates chrono from 0.4.41 to 0.4.42

Release notes

Sourced from chrono's releases.

0.4.42

What's Changed

• Add fuzzer for DateTime::parse_from_str by @​tyler92 in chronotope/chrono#1700
• Fix wrong amount of micro/milliseconds by @​nmlt in chronotope/chrono#1703
• Add warning about MappedLocalTime and wasm by @​lutzky in chronotope/chrono#1702
• Fix incorrect parsing of fixed-length second fractions by @​chris-leach in chronotope/chrono#1705
• Fix cfgs for wasm32-linux support by @​arjunr2 in chronotope/chrono#1707
• Fix OpenHarmony's tzdata parsing by @​ldm0 in chronotope/chrono#1679
• Convert NaiveDate to/from days since unix epoch by @​findepi in chronotope/chrono#1715
• Add ?Sized bound to related methods of DelayedFormat::write_to by @​Huliiiiii in chronotope/chrono#1721
• Add from_timestamp_secs method to DateTime by @​jasonaowen in chronotope/chrono#1719
• Migrate to core::error::Error by @​benbrittain in chronotope/chrono#1704
• Upgrade to windows-bindgen 0.63 by @​djc in chronotope/chrono#1730
• strftime: simplify error handling by @​djc in chronotope/chrono#1731

Commits

• f3fd15f Bump version to 0.4.42
• 5cf5603 strftime: add regression test case
• a623170 strftime: simplify error handling
• 36fbfb1 strftime: move specifier handling out of match to reduce rightward drift
• 7f413c3 strftime: yield None early
• 9d5dfe1 strftime: outline constants
• e5f6be7 strftime: move error() method below caller
• d516c27 strftime: merge impl blocks
• 0ee2172 strftime: re-order items to keep impls together
• 757a8b0 Upgrade to windows-bindgen 0.63
• Additional commits viewable in compare view

Updates clap from 4.5.41 to 4.5.51

Release notes

Sourced from clap's releases.

v4.5.51

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

v4.5.50

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

v4.5.48

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

v4.5.47

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

v4.5.46

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

v4.5.45

[4.5.45] - 2025-08-12

Fixes

... (truncated)

Changelog

Sourced from clap's changelog.

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

[4.5.49] - 2025-10-13

Fixes

• (help) Correctly wrap when ANSI escape codes are present

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

[4.5.45] - 2025-08-12

Fixes

... (truncated)

Commits

• b49dae2 chore: Release
• d37b0b5 docs: Update changelog
• 3398b6a Merge pull request #6009 from gtema/complete_try_generate
• 21fc9e4 feat(clap-complete): Introduce fallible generator
• bd01bdc Merge pull request #6012 from epage/sub
• ed0c63d docs(derive): Specify arg_required_else_help is set for users
• e2188d9 chore(deps): Update Rust Stable to v1.87 (#6004)
• e01f2b7 docs: Cleanup unused links
• 6b12a81 chore: Release
• 8dd92a7 docs: Update changelog
• Additional commits viewable in compare view

Updates csv from 1.3.1 to 1.4.0

Commits

• 4a3997e 1.4.0
• a0a3c9e csv-core-0.1.13
• f8e6b07 deps: switch serde dependency to serde_core
• 7c7c135 style: address many Clippy lints
• 5b2da18 doc: simplify tutorial section on accessing headers
• 633552a perf: serialize 128-bit integers via itoa
• e9f06f4 lint: fix needless_lifetimes and mismatched_lifetime_syntaxes
• 9dab947 test: fix broken test after panic message change
• da00088 style: address many Clippy lints
• f973cd4 enum: use #[non_exhaustive] instead of #[doc(hidden)] variant
• Additional commits viewable in compare view

Updates schemars from 1.0.4 to 1.1.0

Release notes

Sourced from schemars's releases.

v1.1.0

Added

• Public functions that have no side-effects are now marked with #[must_use] so that they report a lint warning when the returned value is unused, as this likely indicates a mistake.

Fixed

• Improve accuracy of schemas for flattened enums, in particular: unit variants of externally-tagged enums, and enums wrapped in Option<>. (GREsau/schemars#464 / GREsau/schemars#483)

v1.0.5

Fixed

• Fix schema.pointer_mut() to resolve URI fragment identifiers like #/$defs/foo, matching current behaviour of schema.pointer() (GREsau/schemars#478 / GREsau/schemars#479)

Changelog

Sourced from schemars's changelog.

[1.1.0] - 2025-11-05

Added

• Public functions that have no side-effects are now marked with #[must_use] so that they report a lint warning when the returned value is unused, as this likely indicates a mistake.

Fixed

• Improve accuracy of schemas for flattened enums, in particular: unit variants of externally-tagged enums, and enums wrapped in Option<>. (GREsau/schemars#464 / GREsau/schemars#483)

[1.0.5] - 2025-11-02

Fixed

• Fix schema.pointer_mut() to resolve URI fragment identifiers like #/$defs/foo, matching current behaviour of schema.pointer() (GREsau/schemars#478 / GREsau/schemars#479)

Commits

• 97b2427 v1.1.0
• e67495b Improve optional enum flattening behaviour
• e873af2 Improve enum flattening behaviour
• 86d0954 Simplify uuid test
• 228d410 Set #[must_use] on pure functions
• dd1f9e2 Add action to catch semver violations
• 30a6d3d Typo in doc comments ("mata-schema")
• 91f1c38 Add clippy CI job
• 39800f9 Resolve clippy lints
• b830f0d v1.0.5
• Additional commits viewable in compare view

Updates semver from 1.0.26 to 1.0.27

Release notes

Sourced from semver's releases.

1.0.27

• Switch serde dependency to serde_core (#333)

Commits

• 6ed8561 Release 1.0.27
• 6967bba Add serde version constraint
• 84d3057 Exclude build.rs from crates.io package
• b09aac9 Merge pull request #343 from dtolnay/up
• 49b8570 Delete backport module
• 9b04afe Merge pull request #342 from dtolnay/up
• 83a8e91 Delete no_nonzero_bitscan configuration
• e606a17 Merge pull request #341 from dtolnay/up
• ebe7cf1 Delete no_unsafe_op_in_unsafe_fn_lint configuration
• a381bff Merge pull request #340 from dtolnay/up
• Additional commits viewable in compare view

Updates serde from 1.0.219 to 1.0.228

Release notes

Sourced from serde's releases.

v1.0.228

• Allow building documentation with RUSTDOCFLAGS='--cfg=docsrs' set for the whole dependency graph (#2995)

v1.0.227

• Documentation improvements (#2991)

v1.0.226

• Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (#2935, thanks @​Mingun)

v1.0.225

• Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains its own deprecations (#2879, thanks @​rcrisanti)

v1.0.224

• Remove private types being suggested in rustc diagnostics (#2979)

v1.0.223

• Fix serde_core documentation links (#2978)

v1.0.222

• Make serialize_with attribute produce code that works if respanned to 2024 edition (#2950, thanks @​aytey)

v1.0.221

• Documentation improvements (#2973)
• Deprecate serde_if_integer128! macro (#2975)

v1.0.220

• Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: https://docs.rs/serde_core (#2608, thanks @​osiewicz)

Commits

• a866b33 Release 1.0.228
• 5adc9e8 Merge pull request #2995 from dtolnay/rustdocflags
• ab58178 Workaround for RUSTDOCFLAGS='--cfg=docsrs'
• 415d9fc Release 1.0.227
• 7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc
• 9d3410e Merge pull request #2992 from dtolnay/inplaceseed
• 2fb6748 Remove InPlaceSeed public re-export
• f8137c7 Inline serde_core into serde in docsrs mode
• b7dbf7e Merge pull request #2990 from dtolnay/integer128
• 7c83691 No longer macro_use integer128 module
• Additional commits viewable in compare view

Updates serde_json from 1.0.140 to 1.0.145

Release notes

Sourced from serde_json's releases.

v1.0.145

• Raise serde version requirement to >=1.0.220

v1.0.144

• Switch serde dependency to serde_core (#1285)

v1.0.143

• Implement Clone and Debug for serde_json::Map iterators (#1264, thanks @​xlambein)
• Implement Default for CompactFormatter (#1268, thanks @​SOF3)
• Implement FromStr for serde_json::Map (#1271, thanks @​mickvangelderen)

v1.0.142

• impl Default for &Value (#1265, thanks @​aatifsyed)

v1.0.141

• Optimize string escaping during serialization (#1273, thanks @​conradludgate)

Commits

• efa66e3 Release 1.0.145
• 23679e2 Add serde version constraint
• fc27baf Release 1.0.144
• caef3c6 Ignore uninlined_format_args pedantic clippy lint
• 81ba3aa Merge pull request #1285 from dtolnay/serdecore
• d21e8ce Switch serde dependency to serde_core
• 6beb6cd Merge pull request #1286 from dtolnay/up
• 1dbc803 Raise required compiler to Rust 1.61
• 0bf5d87 Enforce trybuild >= 1.0.108
• d12e943 Update actions/checkout@v4 -> v5
• Additional commits viewable in compare view

Updates spdx from 0.10.8 to 0.12.0

Release notes

Sourced from spdx's releases.

0.12.0

Added

• PR#81 resolved #68 by adding support for the WITH [%s"DocumentRef-"(idstring)":"]%s"AdditionRef-"(idstring) syntax. Thanks @​weihanglo!

0.11.1

Changed

• PR#80 changed how Licensee::satisfies works for GNU licenses again, it now requires that the license ids match exactly. This is incredibly pedantic but means it's up to consumers if the want to have a smarter comparison, I just don't want to have to care about GNU licenses, ever.

Fixed

• PR#80 reverted a change introduced in PR#78 that would auto-fixup GNU licenses to their non-deprecated forms eg. GPL-2.0 => GPL-2.0-only. This is no longer done, resolving #79.

0.11.0

Changed

• PR#78 removed ParseMode::allow_lower_case_operators, newer revisions of the SPDX spec allow all lower-case operators, making the option pointless.
• PR#78 added ParseMode::allow_deprecated, which will cause an error if a deprecated license identifier is used, false in LAX and true in STRICT.
• PR#78 changed the various imprecise names for GPL licenses to be mapped to the non-deprecated -only versions.
• PR#78 Expression::canonicalize now always changes GNU licenses to be -only or -or-later as the bare identifiers are deprecated.

Added

• PR#78 added LicenseId::version to retrieve the numeric version of the license if it has one.
• PR#78 added LicenseId::base to retrieve the base name of the license.
• PR#78 added gnu_license_id which attempts to retrieve the license id for a GNU license from its base identifier. This retrieves the -only or -or-later license that matches.
• PR#78 added Licensee::parse_mode, Licensee::parse now forwards to that function with ParseMode::STRICT.
• PR#78 added Reason::GnuPlusWithSuffix and Reason::DeprecatedLicenseId as errors.

Fixed

• PR#78 fixed an issue where Licensee::satisfies would not properly allow some licenses if the version was not at the end when using a +, notably the BSD licenses have the version in the middle of the license id.
• PR#78 fixed the handling of GNU licenses in Licensee::satisfies, at least to my best understanding.

  Licensee	GPL-1.0-only	GPL-1.0-or-later	GPL-2.0-only	GPL-2.0-or-later	GPL-3.0-only	GPL-3.0-or-later
  GPL-1.0-only	✅	✅	❌	❌	❌	❌
  GPL-1.0-or-later	✅	✅	❌	❌	❌	❌
  GPL-2.0-only	❌	✅	✅	✅	❌	❌
  GPL-2.0-or-later	❌	✅	✅	✅	❌	❌
  GPL-3.0-only	❌	✅	❌	✅	✅	✅
  GPL-3.0-or-later	❌	✅	❌	✅	✅	✅

0.10.9

Changed

• PR#74 update SPDX license list to 3.27.0.

Changelog

Sourced from spdx's changelog.

[0.12.0] - 2025-08-19

Added

• PR#81 resolved #68 by adding support for the WITH [%s"DocumentRef-"(idstring)":"]%s"AdditionRef-"(idstring) syntax. Thanks @​weihanglo!

[0.11.1] - 2025-08-11

Changed

• PR#80 changed how Licensee::satisfies works for GNU licenses again, it now requires that the license ids match exactly. This is incredibly pedantic but means it's up to consumers if the want to have a smarter comparison, I just don't want to have to care about GNU licenses, ever.

Fixed

• PR#80 reverted a change introduced in [PR#78] that would auto-fixup GNU licenses to their non-deprecated forms eg. GPL-2.0 => GPL-2.0-only. This is no longer done, resolving #79.

[0.11.0] - 2025-08-08

Changed

• [PR#78] removed ParseMode::allow_lower_case_operators, newer revisions of the SPDX spec allow all lower-case operators, making the option pointless.
• [PR#78] added ParseMode::allow_deprecated, which will cause an error if a deprecated license identifier is used, false in LAX and true in STRICT.
• [PR#78] changed the various imprecise names for GPL licenses to be mapped to the non-deprecated -only versions.
• [PR#78] Expression::canonicalize now always changes GNU licenses to be -only or -or-later as the bare identifiers are deprecated.

Added

• [PR#78] added LicenseId::version to retrieve the numeric version of the license if it has one.
• [PR#78] added LicenseId::base to retrieve the base name of the license.
• [PR#78] added gnu_license_id which attempts to retrieve the license id for a GNU license from its base identifier. This retrieves the -only or -or-later license that matches.
• [PR#78] added Licensee::parse_mode, Licensee::parse now forwards to that function with ParseMode::STRICT.
• [PR#78] added Reason::GnuPlusWithSuffix and Reason::DeprecatedLicenseId as errors.

Fixed

• [PR#78] fixed an issue where Licensee::satisfies would not properly allow some licenses if the version was not at the end when using a +, notably the BSD licenses have the version in the middle of the license id.
• [PR#78] fixed the handling of GNU licenses in Licensee::satisfies, at least to my best understanding.

  Licensee	GPL-1.0-only	GPL-1.0-or-later	GPL-2.0-only	GPL-2.0-or-later	GPL-3.0-only	GPL-3.0-or-later
  GPL-1.0-only	✅	✅	❌	❌	❌	❌
  GPL-1.0-or-later	✅	✅	❌	❌	❌	❌
  GPL-2.0-only	❌	✅	✅	✅	❌	❌
  GPL-2.0-or-later	❌	✅	✅	✅	❌	❌
  GPL-3.0-only	❌	✅	❌	✅	✅	✅
  GPL-3.0-or-later	❌	✅	❌	✅	✅	✅

[0.10.9] - 2025-07-12

Changed

• PR#74 update SPDX license list to 3.27.0.

Commits

• 6d0341d Release 0.12.0
• 1d0bd10 Update CHANGELOG
• 8f4e75a Support AdditionRef
• e4eac6d Release 0.11.1
• 9e71721 Cleanup last release (#80)
• 68ac93d Release 0.11.0
• 95a1f70 GNU bullshit (#78)
• 96ac6be Release 0.10.9
• 4dc6ed4 Revert
• 74e7957 Release 0.10.9
• Additional commits viewable in compare view

Updates toml from 0.9.1 to 0.9.8

Commits

• 93e9146 chore: Release
• 7de1b4e docs: Update changelog
• 1b579c3 feat(serde): Support integer, bools, and chars as keys (#1050)
• ac1e077 feat(serde): Support chars as keys
• f3dec32 feat(serde): Support bools as keys
• 139b30a feat(serde): Support integer keys
• 2d65a88 test(serde): Show existing key behavior
• 80217f8 chore(deps): Update actions/checkout action to v5 (#1047)
• b36e351 chore(deps): Update actions/checkout action to v5
• 7d2c649 chore(deps): Update actions/setup-python action to v6 (#1048)
• Additional commits viewable in compare view

Updates url from 2.5.4 to 2.5.7

Release notes

Sourced from url's releases.

v2.5.7

What's Changed

v.2.5.6

• Bump versions by @​valenting in servo/rust-url#1062
• version bump to 2.5.6 by @​edgul in servo/rust-url#1065
• Use no-std instead of no_std in Cargo.toml by @​valenting in servo/rust-url#1064
• fix: add Serde std feature if needed by @​reneca in servo/rust-url#1068

v.2.5.7

• make serde std feature use optional syntax by @​klensy in servo/rust-url#1071

New Contributors

• @​reneca made their first contribution in servo/rust-url#1068

Full Changelog: servo/rust-url@v2.5.5...v2.5.7

v2.5.5

What's Changed

• ci: downgrade crates when building for Rust 1.67.0 by @​mxinden in servo/rust-url#1003
• ci: run unit tests with sanitizers by @​mxinden in servo/rust-url#1002
• fix small typo by @​hkBst in servo/rust-url#1011
• chore: fix clippy errors on main by @​dsherret in servo/rust-url#1019
• perf: remove heap allocation in parse_query by @​dsherret in servo/rust-url#1020
• perf: slightly improve parsing a port by @​dsherret in servo/rust-url#1022
• perf: improve to_file_path() by @​dsherret in servo/rust-url#1018
• perf: make parse_scheme slightly faster by @​dsherret in servo/rust-url#1025
• update LICENSE-MIT by @​wmjae in servo/rust-url#1029
• perf: url encode path segments in longer string slices by @​dsherret in servo/rust-url#1026
• Disable the default features on serde by @​rilipco in servo/rust-url#1033
• docs: base url relative join by @​tisonkun in servo/rust-url#1013
• perf: remove heap allocation in parse_host by @​dsherret in servo/rust-url#1021
• Update tests to Unicode 16.0 by @​hsivonen in servo/rust-url#1045
• Add some some basic functions to Mime by @​mrobinson in servo/rust-url#1047
• ran cargo clippy --fix -- -Wclippy::use_self by @​mrobinson in servo/rust-url#1048
• Fix MSRV and clippy CI by @​Manishearth in servo/rust-url#1058
• Update Url::domain docs to show that it includes subdomain by @​supercoolspy in servo/rust-url#1057
• set_hostname should error when encountering colon ':' by @​edgul in servo/rust-url#1060
• version bump to 2.5.5 by @​edgul in servo/rust-url#1061

New Contributors

• @​mxinden made their first contribution in servo/rust-url#1003
• @​hkBst made their first contribution in servo/rust-url#1011
• @​wmjae made their first contribution in servo/rust-url#1029
• @​rilipco made their first contribution in servo/rust-url#1033
• @​tisonkun made their first contribution in servo/rust-url#1013
• @​supercoolspy made their first contribution in servo/rust-url#1057

Full Changelog: servo/rust-url@v2.5.4...v2.5.5

Commits

• 43f47e2 make serde std feature use optional syntax (#1071)
• 2387efa fix: add Serde std feature if needed (#1068)
• aae60cf Use no-std instead of no_std in Cargo.toml (#1064)
• 44afd9f version bump to 2.5.6 (#1065)
• 91377f4 Bump versions (#1062)
• a40f904 version bump to 2.5.5 (#1061)
• cf305db set_hostname should error when encountering colon ':' (#1060)
• 88826bd Update Url::domain docs to show that it includes subdomain (#1057)
• c3bbf66 Fix MSRV and clippy CI (#1058)
• dbd5261 ran cargo clippy --fix -- -Wclippy::use_self (#1048)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions