Skip to content

chore(deps): bump the rust-dependencies group with 5 updates#2162

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/rust-dependencies-7b8349e731
Open

chore(deps): bump the rust-dependencies group with 5 updates#2162
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/rust-dependencies-7b8349e731

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the rust-dependencies group with 5 updates:

Package From To
regex 1.12.4 1.13.0
napi 3.10.3 3.10.5
napi-derive 3.5.9 3.5.10
mira-eval 0.3.0 0.4.0
num-bigint 0.4.8 0.5.1

Updates regex from 1.12.4 to 1.13.0

Changelog

Sourced from regex's changelog.

1.13.0 (2026-07-09)

This release includes a new API, a regex! macro, for lazy compilation of a regex from a string literal. If you use regexes a lot, it's likely you've already written one exactly like it. The new macro can be used like this:

use regex::regex;
fn is_match(line: &str) -> bool {
// The regex will be compiled approximately once and reused automatically.
// This avoids the footgun of using Regex::new here, which would
// guarantee that it would be compiled every time this routine is called.
// This would likely make this routine much slower than it needs to be.
regex!(r"bar|baz").is_match(line)
}
let hay = "
path/to/foo:54:Blue Harvest
path/to/bar:90:Something, Something, Something, Dark Side
path/to/baz:3:It's a Trap!
";
let matches = hay.lines().filter(|line| is_match(line)).count();
assert_eq!(matches, 2);

Improvements:

  • #709: Add a new regex! macro for efficient and automatic reuse of a compiled regex.
Commits
  • 926af2e 1.13.0
  • 7d941a9 regex-automata-0.4.15
  • e358341 api: add regex! macro for lazy compilation
  • c420333 automata: disable miri on a couple doc tests
  • b9d2cf7 github: add FUNDING link
  • 0858006 docs: add AI policy for contributors
  • 468fc64 automata: reject dense DFA start states that are match states
  • See full diff in compare view

Updates napi from 3.10.3 to 3.10.5

Release notes

Sourced from napi's releases.

napi-v3.10.5

Fixed

  • (napi) release FunctionRef off the JS thread via the custom-GC TSFN (#3394)

napi-v3.10.4

Fixed

  • (cli) align build and project configuration (#3387)

Other

  • (readme) point sponsors image at napi.rs/sponsors.svg (#3379)
Commits
  • 9709883 chore(napi): release v3.10.5 (#3395)
  • c931c97 fix(napi): release FunctionRef off the JS thread via the custom-GC TSFN (#3394)
  • 3812aa7 chore: release (#3380)
  • ce56779 chore(release): publish
  • b9825c7 fix(derive): defer receiver borrow until argument conversion (#3392)
  • aa49714 fix(cli): align build and project configuration (#3387)
  • 68cbb8d chore(deps): update yarn to v4.17.1 (#3385)
  • 3069f44 fix(sys): fall back to libnode.dll for symbol loading on MSVC targets (#3384)
  • b015713 fix(cli): validate cross-compilation flags upfront and document them accurate...
  • 81a35ce chore(deps): update dependency oxc-parser to ^0.139.0 (#3382)
  • Additional commits viewable in compare view

Updates napi-derive from 3.5.9 to 3.5.10

Release notes

Sourced from napi-derive's releases.

napi-derive-v3.5.10

Other

  • updated the following local packages: napi-derive-backend
Commits
  • 3812aa7 chore: release (#3380)
  • ce56779 chore(release): publish
  • b9825c7 fix(derive): defer receiver borrow until argument conversion (#3392)
  • aa49714 fix(cli): align build and project configuration (#3387)
  • 68cbb8d chore(deps): update yarn to v4.17.1 (#3385)
  • 3069f44 fix(sys): fall back to libnode.dll for symbol loading on MSVC targets (#3384)
  • b015713 fix(cli): validate cross-compilation flags upfront and document them accurate...
  • 81a35ce chore(deps): update dependency oxc-parser to ^0.139.0 (#3382)
  • 4bff127 docs(readme): point sponsors image at napi.rs/sponsors.svg (#3379)
  • 1ac467e chore(napi): release v3.10.3 (#3376)
  • Additional commits viewable in compare view

Updates mira-eval from 0.3.0 to 0.4.0

Release notes

Sourced from mira-eval's releases.

Release v0.4.0

Changed

  • Verb-first CLI: --study replaces the pre-verb launch flags. The study flags now live on the subcommands that spawn a study (list/run/score/doctor), so an invocation reads verb first: mira run --study study.rs instead of mira --script study.rs run. --study PATH resolves the runner by extension (.rs → the cargo-script shim, .pyuv run); the specific runners are --study-script, --study-uv, --study-python (runs python3; replaces both --python and --python3), --study-bin, --study-example, and --study-cmd, mutually exclusive. report and publish no longer carry launch flags (they only read saved runs). The old spellings (--script/--bin/--example/--cmd/ --uv/--python/--python3) still parse — before or after the verb — as hidden deprecated aliases that warn and point at the replacement; they disappear from help, docs, and examples, and will be removed at 1.0. --launcher/--package/--manifest-path keep their names but are now subcommand-scoped too (write mira run --launcher NAME, not mira --launcher NAME run). mira.toml launcher keys are unchanged.

Fixed

  • README overview diagram now renders on off-repo surfaces such as crates.io by using a registry-safe absolute SVG URL.

Added

  • mira export <run_id> --format atif. A new host subcommand that emits one standalone ATIF-v1.7 trajectory document per case from a saved run, for SFT / RL / trajectory-visualization tooling. Read-only over the run store (no study process, no re-execution, like report). Each document's steps come from the case's real trajectory when an execution artifact carries one (--artifacts DIR); otherwise a trajectory is synthesized from the saved flat summary fields via the new Trajectory::from_transcript (the lossy inverse of project_into). Mira's verdict is stamped into the document's ATIF root extrareward = { pass, score, scorers: [{ name, value, pass, reason }] } and mira = { eval, sample, target, run_id } provenance — on export only, never on the study↔host wire. Output is one <case_key>.atif.json per case under results/<run_id>/export/ (or --out DIR); --out - streams all documents as NDJSON to stdout. Skipped (unexecuted) cases are omitted. No wire or schema change — export is CLI/host-only.
  • Trajectory scorers. Four deterministic scorers grade the structure of the ATIF trajectory — the data only Transcript.trajectory carries: tool_called_with(tool, pointer, expected) (some invocation of tool has the JSON value expected at the RFC 6901 JSON Pointer in its arguments), tool_arg_matches(tool, pointer, regex) (the regex variant, string values only — a non-string at the pointer fails with a reason), observation_contains(tool, needle) (the observation content correlated via source_call_id contains a substring; multimodal content is graded on its

... (truncated)

Changelog

Sourced from mira-eval's changelog.

[0.4.0] - 2026-07-11

Changed

  • Verb-first CLI: --study replaces the pre-verb launch flags. The study flags now live on the subcommands that spawn a study (list/run/score/doctor), so an invocation reads verb first: mira run --study study.rs instead of mira --script study.rs run. --study PATH resolves the runner by extension (.rs → the cargo-script shim, .pyuv run); the specific runners are --study-script, --study-uv, --study-python (runs python3; replaces both --python and --python3), --study-bin, --study-example, and --study-cmd, mutually exclusive. report and publish no longer carry launch flags (they only read saved runs). The old spellings (--script/--bin/--example/--cmd/ --uv/--python/--python3) still parse — before or after the verb — as hidden deprecated aliases that warn and point at the replacement; they disappear from help, docs, and examples, and will be removed at 1.0. --launcher/--package/--manifest-path keep their names but are now subcommand-scoped too (write mira run --launcher NAME, not mira --launcher NAME run). mira.toml launcher keys are unchanged.

Fixed

  • README overview diagram now renders on off-repo surfaces such as crates.io by using a registry-safe absolute SVG URL.

Added

  • mira export <run_id> --format atif. A new host subcommand that emits one standalone ATIF-v1.7 trajectory document per case from a saved run, for SFT / RL / trajectory-visualization tooling. Read-only over the run store (no study process, no re-execution, like report). Each document's steps come from the case's real trajectory when an execution artifact carries one (--artifacts DIR); otherwise a trajectory is synthesized from the saved flat summary fields via the new Trajectory::from_transcript (the lossy inverse of project_into). Mira's verdict is stamped into the document's ATIF root extrareward = { pass, score, scorers: [{ name, value, pass, reason }] } and mira = { eval, sample, target, run_id } provenance — on export only, never on the study↔host wire. Output is one <case_key>.atif.json per case under results/<run_id>/export/ (or --out DIR); --out - streams all documents as NDJSON to stdout. Skipped (unexecuted) cases are omitted. No wire or schema change — export is CLI/host-only.
  • Trajectory scorers. Four deterministic scorers grade the structure of the ATIF trajectory — the data only Transcript.trajectory carries: tool_called_with(tool, pointer, expected) (some invocation of tool has the JSON value expected at the RFC 6901 JSON Pointer in its arguments), tool_arg_matches(tool, pointer, regex) (the regex variant, string values only — a non-string at the pointer fails with a reason), observation_contains(tool, needle) (the observation content correlated via source_call_id contains a substring; multimodal content is graded on its

... (truncated)

Commits
  • 9c62727 chore(release): prepare v0.4.0 (#69)
  • d4fc641 feat(cli): add mira export --atif (#68)
  • 047d883 feat(cli): verb-first study flags — mira run --study replaces pre-verb --script
  • 3ec3a92 fix(docs): render readme diagram off repo (#66)
  • 71c556b chore: standardize PR descriptions on functional change + before/after (#65)
  • 6f35b1d feat(scorer): trajectory scorers + ATIF-primary docs (#64)
  • 38decdb feat(subject): add ATIF trajectory producers (#63)
  • 7d8d9a6 feat(protocol): adopt ATIF trajectory as primary contract (1.1) (#62)
  • 56e3156 fix(everruns): extract tool calls from tool.completed events (#61)
  • 6dff380 feat(cli): single-file studies via --script (cargo-script shim) (#60)
  • Additional commits viewable in compare view

Updates num-bigint from 0.4.8 to 0.5.1

Changelog

Sourced from num-bigint's changelog.

Release 0.5.1 (2026-07-04)

Contributors: @​cuviper

Release 0.5.0 (2026-07-02)

  • Upgrade to rand v0.10 and/or v0.9, and split rand_core.
    • The former rand feature is now split into multiple features, rand_0_9, rand_core_0_9, rand_0_10, and rand_core_0_10, depending on the version and feature set you need.
    • The RandBigInt extension trait is now split into BigRng09 and BigRng010 for each version.
    • The gen_* methods are deprecated in favor of new random_* methods.
    • This is also a value-breaking release, as rand defines it.

Contributors: @​bionicles, @​cuviper, @​divergentdave

Commits
  • 33c59ba Merge pull request #348 from cuviper/bz-alg2-step3b
  • 38b68f6 Release 0.5.1
  • f4a43f5 Fix the missing part of the Burnikel-Ziegler algorithm
  • ebfd89a Add failing tests for a bug in B-Z division
  • 0ab95df Merge pull request #338 from cuviper/rand-0.10
  • 33d6998 Release 0.5.0
  • 84d05b7 Clean up manifests of ci crates
  • f8daf56 Allow clippy::duplicate_mod where intended
  • 022310a Rearrange the rand features to support both 0.9 and 0.10
  • 537a036 ci: use the fallback resolver for deps
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the rust-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [regex](https://github.com/rust-lang/regex) | `1.12.4` | `1.13.0` |
| [napi](https://github.com/napi-rs/napi-rs) | `3.10.3` | `3.10.5` |
| [napi-derive](https://github.com/napi-rs/napi-rs) | `3.5.9` | `3.5.10` |
| [mira-eval](https://github.com/everruns/mira) | `0.3.0` | `0.4.0` |
| [num-bigint](https://github.com/rust-num/num-bigint) | `0.4.8` | `0.5.1` |


Updates `regex` from 1.12.4 to 1.13.0
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](rust-lang/regex@1.12.4...1.13.0)

Updates `napi` from 3.10.3 to 3.10.5
- [Release notes](https://github.com/napi-rs/napi-rs/releases)
- [Commits](napi-rs/napi-rs@napi-v3.10.3...napi-v3.10.5)

Updates `napi-derive` from 3.5.9 to 3.5.10
- [Release notes](https://github.com/napi-rs/napi-rs/releases)
- [Commits](napi-rs/napi-rs@napi-derive-v3.5.9...napi-derive-v3.5.10)

Updates `mira-eval` from 0.3.0 to 0.4.0
- [Release notes](https://github.com/everruns/mira/releases)
- [Changelog](https://github.com/everruns/mira/blob/main/CHANGELOG.md)
- [Commits](everruns/mira@v0.3.0...v0.4.0)

Updates `num-bigint` from 0.4.8 to 0.5.1
- [Changelog](https://github.com/rust-num/num-bigint/blob/main/RELEASES.md)
- [Commits](rust-num/num-bigint@num-bigint-0.4.8...num-bigint-0.5.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-version: 1.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-dependencies
- dependency-name: napi
  dependency-version: 3.10.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: napi-derive
  dependency-version: 3.5.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: mira-eval
  dependency-version: 0.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-dependencies
- dependency-name: num-bigint
  dependency-version: 0.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 13, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 13, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
bashkit 4125541 Commit Preview URL

Branch Preview URL
Jul 13 2026, 09:40 AM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants