Skip to content

chore(deps)(deps): update quick-xml requirement from 0.36 to 0.40 in /src-tauri#12

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/src-tauri/quick-xml-0.39
Open

chore(deps)(deps): update quick-xml requirement from 0.36 to 0.40 in /src-tauri#12
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/src-tauri/quick-xml-0.39

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026
edited
Loading

Updates the requirements on quick-xml to permit the latest version.

Release notes

Sourced from quick-xml's releases.

v0.40.1 - Fix rarely possible serde deserialization panic

What's Changed

  • #964: Fix unreachable!() panic in the serde deserializer when a DOCTYPE declaration appears between two text runs inside an element (e.g. <a>x<!DOCTYPE y>z</a>). The DOCTYPE used to break drain_text's consecutive-text merge, so two DeEvent::Text events reached read_text and tripped its "Cannot be two consequent Text events" invariant. DOCTYPE is now treated as transparent during text drain — it still goes through the entity resolver, but the surrounding text is merged into one run. Discovered via libFuzzer on a real-world SAML deserializer harness.

#964: tafia/quick-xml#964

New Contributors

Full Changelog: tafia/quick-xml@v0.40.0...v0.40.1

Changelog

Sourced from quick-xml's changelog.

0.40.1 -- 2026-05-15

Bug Fixes

  • #964: Fix unreachable!() panic in the serde deserializer when a DOCTYPE declaration appears between two text runs inside an element (e.g. <a>x<!DOCTYPE y>z</a>). The DOCTYPE used to break drain_text's consecutive-text merge, so two DeEvent::Text events reached read_text and tripped its "Cannot be two consequent Text events" invariant. DOCTYPE is now treated as transparent during text drain — it still goes through the entity resolver, but the surrounding text is merged into one run. Discovered via libFuzzer on a real-world SAML deserializer harness.

#964: tafia/quick-xml#964

Misc Changes

0.40.0 -- 2026-05-11

MSRV bumped to 1.79.

Now quick-xml supports the UTF-16 encoded documents. See the new DecodingReader type.

New Features

  • #956: Add DecodingReader, a BufRead adapter that auto-detects encoding from BOM or XML declaration and transcodes to UTF-8. Enabled by the encoding feature.

  • #938: Add new enumeration XmlVersion and typified getter BytesDecl::xml_version().

  • #938: Add new error variant IllFormedError::UnknownVersion.

  • #371: Add new error variant EscapeError::TooManyNestedEntities.

  • #371: Improved compliance with the XML attribute value normalization process by adding

    • Attribute::normalized_value()
    • Attribute::normalized_value_with()
    • Attribute::decoded_and_normalized_value()
    • Attribute::decoded_and_normalized_value_with()

    which ought to be used in place of deprecated

    • Attribute::unescape_value()
    • Attribute::unescape_value_with()
    • Attribute::decode_and_unescape_value()
    • Attribute::decode_and_unescape_value_with()

    Deprecated functions now behaves the same as newly added.

Bug Fixes

  • #938: Use correct rules for EOL normalization in Deserializer when parse XML 1.0 documents. Previously XML 1.1. rules was applied.

... (truncated)

Commits
  • 9aaea92 Release 0.40.1
  • ce488bc Merge pull request #964 from williamareynolds/fix/de-doctype-in-text-unreachable
  • e00ae5c Fix unreachable!() panic when DOCTYPE appears between text runs in element co...
  • 2778564 Release 0.40.0
  • 393db03 Merge pull request #962 from Mingun/prepare-0.40
  • a27709a Fix misprint in code example
  • 0c0c914 Make some functions const and enable clippy::missing_const_for_fn lint
  • bf4ffe5 Fix clippy warning: use .first() instead of .get(0)
  • d69baad Fix clippy warning: remove unnecessary after 241f01e20ff679e9248f2ae424c9ba82...
  • 8e0ae4f Fix clippy warning: use strip_prefix instead of manual stripping
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 30, 2026

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@BlueShork BlueShork self-requested a review as a code owner May 21, 2026 22:03
@BlueShork
Copy link
Copy Markdown
Owner

BlueShork commented May 24, 2026

@dependabot rebase

@dependabot
chore(deps)(deps): update quick-xml requirement in /src-tauri
8388355 
Updates the requirements on [quick-xml](https://github.com/tafia/quick-xml) to permit the latest version.
- [Release notes](https://github.com/tafia/quick-xml/releases)
- [Changelog](https://github.com/tafia/quick-xml/blob/master/Changelog.md)
- [Commits](tafia/quick-xml@v0.36.0...v0.40.1)

---
updated-dependencies:
- dependency-name: quick-xml
  dependency-version: 0.39.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps)(deps): update quick-xml requirement from 0.36 to 0.39 in /src-tauri chore(deps)(deps): update quick-xml requirement from 0.36 to 0.40 in /src-tauri May 24, 2026
@dependabot dependabot Bot force-pushed the dependabot/cargo/src-tauri/quick-xml-0.39 branch from 32d1ee6 to 8388355 Compare May 24, 2026 14:09
@BlueShork BlueShork self-assigned this May 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BlueShork BlueShork Awaiting requested review from BlueShork BlueShork is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@BlueShork BlueShork

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BlueShork