Bump the dependencies group with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates:

Package	From	To
clap	4.5.45	4.5.47
console	0.16.0	0.16.1
log	0.4.27	0.4.28
tracing-subscriber	0.3.19	0.3.20
uuid	1.18.0	1.18.1

Updates clap from 4.5.45 to 4.5.47

Release notes

Sourced from clap's releases.

v4.5.47

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

v4.5.46

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

Changelog

Sourced from clap's changelog.

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

Commits

• f046ca6 chore: Release
• 436949d docs: Update changelog
• 1ddab84 Merge pull request #5954 from epage/tests
• 8a66dbf test(complete): Add more native cases
• 76465cf test(complete): Make things more consistent
• 232cedb test(complete): Remove redundant index
• 02244a6 Merge pull request #5949 from krobelus/option-name-completions-after-positionals
• 2e13847 fix(complete): Missing options in multi-val arg
• 74388d7 test(complete): Multi-valued, unbounded positional
• 5b3d45f refactor(complete): Extract function for options
• Additional commits viewable in compare view

Updates console from 0.16.0 to 0.16.1

Release notes

Sourced from console's releases.

0.16.1

What's Changed

• Add WithoutAnsi struct that implements Display by @​ChocolateLoverRaj in console-rs/console#258
• Tweak style for new WithAnsi code by @​djc in console-rs/console#266
• Fix QNX 7.1 patch for libc::cfmakeraw by @​rafaeling in console-rs/console#267
• Upgrade windows-sys to 0.61 by @​djc in console-rs/console#272

Commits

• f35b2e4 Bump version to 0.16.1
• 900379f Upgrade windows-sys to 0.61
• 174b8a4 Bump MSRV to 1.71 (for windows-sys 0.61)
• 208928e Fix lint warning for elided lifetimes
• a51fcea Fix QNX patch for libc::cfmakeraw
• 90ea08d Tweak style for new WithAnsi code
• 903df6d Add WithoutAnsi struct that implements Display
• See full diff in compare view

Updates log from 0.4.27 to 0.4.28

Release notes

Sourced from log's releases.

0.4.28

What's Changed

• ci: drop really old trick and ensure MSRV for all feature combo by @​tisonkun in rust-lang/log#676
• chore: fix some typos in comment by @​xixishidibei in rust-lang/log#677
• Unhide #[derive(Debug)] in example by @​ZylosLumen in rust-lang/log#688
• Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by @​HaoliangXu in rust-lang/log#690
• Add increment_severity() and decrement_severity() methods for Level and LevelFilter by @​nebkor in rust-lang/log#692
• Prepare for 0.4.28 release by @​KodrAus in rust-lang/log#695

New Contributors

• @​xixishidibei made their first contribution in rust-lang/log#677
• @​ZylosLumen made their first contribution in rust-lang/log#688
• @​HaoliangXu made their first contribution in rust-lang/log#690
• @​nebkor made their first contribution in rust-lang/log#692

Full Changelog: rust-lang/log@0.4.27...0.4.28

Changelog

Sourced from log's changelog.

[0.4.28] - 2025-09-02

What's Changed

• ci: drop really old trick and ensure MSRV for all feature combo by @​tisonkun in rust-lang/log#676
• Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by @​HaoliangXu in rust-lang/log#690
• Add increment_severity() and decrement_severity() methods for Level and LevelFilter by @​nebkor in rust-lang/log#692

New Contributors

• @​xixishidibei made their first contribution in rust-lang/log#677
• @​ZylosLumen made their first contribution in rust-lang/log#688
• @​HaoliangXu made their first contribution in rust-lang/log#690
• @​nebkor made their first contribution in rust-lang/log#692

Full Changelog: rust-lang/log@0.4.27...0.4.28

Notable Changes

• MSRV is bumped to 1.61.0 in rust-lang/log#676

Commits

• 6e17355 Merge pull request #695 from rust-lang/cargo/0.4.28
• 57719db focus on user-facing source changes in the changelog
• e0630c6 prepare for 0.4.28 release
• 60829b1 Merge pull request #692 from nebkor/up-and-down
• 95d44f8 change names of log-level-changing methods to be more descriptive
• 2b63dfa Add up() and down() methods for Level and LevelFilter
• 3aa1359 Merge pull request #690 from HaoliangXu/master
• 1091f2c Chore:delete compare_exchange method for AtomicUsize on platforms
• 24c5f44 Merge pull request #688 from ZylosLumen/patch-1
• 4498495 Unhide #[derive(Debug)] in example
• Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.19 to 0.3.20

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.20

Security Fix: ANSI Escape Sequence Injection (CVE-TBD)

Impact

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:

• Manipulate terminal title bars
• Clear screens or modify terminal display
• Potentially mislead users through terminal manipulation

In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.

Solution

Version 0.3.20 fixes this vulnerability by escaping ANSI control characters in when writing events to destinations that may be printed to the terminal.

Affected Versions

All versions of tracing-subscriber prior to 0.3.20 are affected by this vulnerability.

Recommendations

Immediate Action Required: We recommend upgrading to tracing-subscriber 0.3.20 immediately, especially if your application:

• Logs user-provided input (form data, HTTP headers, query parameters, etc.)
• Runs in environments where terminal output is displayed to users

Migration

This is a patch release with no breaking API changes. Simply update your Cargo.toml:

[dependencies]
tracing-subscriber = "0.3.20"

Acknowledgments

We would like to thank zefr0x who responsibly reported the issue at security@tokio.rs.

If you believe you have found a security vulnerability in any tokio-rs project, please email us at security@tokio.rs.

Commits

• 4c52ca5 fmt: fix ANSI escape sequence injection vulnerability (#3368)
• f71cebe subscriber: impl Clone for EnvFilter (#3360)
• 3a1f571 Fix CI (#3361)
• e63ef57 chore: prepare tracing-attributes 0.1.30 (#3316)
• 6e59a13 attributes: fix tracing::instrument regression around shadowing (#3311)
• e4df761 tracing: update core to 0.1.34 and attributes to 0.1.29 (#3305)
• 643f392 chore: prepare tracing-attributes 0.1.29 (#3304)
• d08e7a6 chore: prepare tracing-core 0.1.34 (#3302)
• 6e70c57 tracing-subscriber: count numbers of enters in Timings (#2944)
• c01d4fd fix docs and enable CI on main branch (#3295)
• Additional commits viewable in compare view

Updates uuid from 1.18.0 to 1.18.1

Release notes

Sourced from uuid's releases.

v1.18.1

What's Changed

• Unsafe cleanup by @​KodrAus in uuid-rs/uuid#841
• Prepare for 1.18.1 release by @​KodrAus in uuid-rs/uuid#842

Full Changelog: uuid-rs/uuid@v1.18.0...v1.18.1

Commits

• 50d8e79 Merge pull request #842 from uuid-rs/cargo/v1.18.1
• 7948592 prepare for 1.18.1 release
• 6d847c7 Merge pull request #841 from uuid-rs/chore/unsafe-cleanup
• 675cccc re-gate zerocopy behind unstable feature flag
• 4dd5828 Remove some unsafe; stabilize zerocopy
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions