Bump the cargo_dependencies group with 7 updates

[dependabot]

Bumps the cargo_dependencies group with 7 updates:

Package	From	To
serde	1.0.219	1.0.224
semver	1.0.26	1.0.27
config	0.15.15	0.15.16
tempfile	3.21.0	3.22.0
toml_edit	0.23.4	0.23.5
toml	0.9.5	0.9.6
zip	5.0.0	5.1.1

Updates serde from 1.0.219 to 1.0.224

Release notes

Sourced from serde's releases.

v1.0.224

• Remove private types being suggested in rustc diagnostics (#2979)

v1.0.223

• Fix serde_core documentation links (#2978)

v1.0.222

• Make serialize_with attribute produce code that works if respanned to 2024 edition (#2950, thanks @​aytey)

v1.0.221

• Documentation improvements (#2973)
• Deprecate serde_if_integer128! macro (#2975)

v1.0.220

• Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: https://docs.rs/serde_core (#2608, thanks @​osiewicz)

Commits

• 1699882 Release 1.0.224
• 840f6ec Merge pull request #2979 from dtolnay/private
• bf9ebea Mark every trait impl for a private type with do_not_recommend
• 6c316d7 Release 1.0.223
• a4ac0c2 Merge pull request #2978 from dtolnay/htmlrooturl
• ed76364 Change serde_core's html_root_url to docs.rs/serde_core
• 57e21a1 Release 1.0.222
• bb58726 Merge pull request #2950 from aytey/fix_lifetime_issue_2024
• 3f69251 Delete unneeded field of MapDeserializer
• fd4decf Merge pull request #2976 from dtolnay/content
• Additional commits viewable in compare view

Updates semver from 1.0.26 to 1.0.27

Release notes

Sourced from semver's releases.

1.0.27

• Switch serde dependency to serde_core (#333)

Commits

• 6ed8561 Release 1.0.27
• 6967bba Add serde version constraint
• 84d3057 Exclude build.rs from crates.io package
• b09aac9 Merge pull request #343 from dtolnay/up
• 49b8570 Delete backport module
• 9b04afe Merge pull request #342 from dtolnay/up
• 83a8e91 Delete no_nonzero_bitscan configuration
• e606a17 Merge pull request #341 from dtolnay/up
• ebe7cf1 Delete no_unsafe_op_in_unsafe_fn_lint configuration
• a381bff Merge pull request #340 from dtolnay/up
• Additional commits viewable in compare view

Updates config from 0.15.15 to 0.15.16

Changelog

Sourced from config's changelog.

[0.15.16] - 2025-09-15

Performance

• Allow more build parallelism by depending on serde_core

Commits

• 75bdb15 chore: Release config version 0.15.16
• 9ad97be docs: Update changelog
• 7bd9055 refactor: Switch to serde_core (#691)
• d69daf1 refactor: Switch to serde_core
• See full diff in compare view

Updates tempfile from 3.21.0 to 3.22.0

Changelog

Sourced from tempfile's changelog.

3.22.0

• Updated windows-sys requirement to allow version 0.61.x
• Remove unstable-windows-keep-open-tempfile feature.

Commits

• f720dbe chore: release 3.22.0
• 55d742c chore: remove deprecated unstable feature flag
• bc41a0b build(deps): update windows-sys requirement from >=0.52, <0.61 to >=0.52, <0....
• 3c55387 test: make sure we don't drop tempdirs early (#373)
• 17bf644 doc(builder): clarify permissions (#372)
• c7423f1 doc(env): document the alternative to setting the tempdir (#371)
• 5af60ca test(wasi): run a few tests that shouldn't have been disabled (#370)
• 6c0c561 fix(doc): temp_dir doesn't check if writable
• See full diff in compare view

Updates toml_edit from 0.23.4 to 0.23.5

Commits

• 4695fb0 chore: Release
• 6a77ed7 docs: Update changelog
• c1e8197 refactor: Switch serde dependency to serde_core (#1036)
• d85d6cd refactor: Switch serde dependency to serde_core
• See full diff in compare view

Updates toml from 0.9.5 to 0.9.6

Commits

• 4695fb0 chore: Release
• 6a77ed7 docs: Update changelog
• c1e8197 refactor: Switch serde dependency to serde_core (#1036)
• d85d6cd refactor: Switch serde dependency to serde_core
• 9154dcb chore: Release
• 38f445c docs: Update changelog
• 1ce8a75 feat(edit): Expose Table::span (#1031)
• 290c28f feat(edit): Expose Table::span
• b2bc739 chore(deps): Update Rust Stable to v1.89 (#1026)
• See full diff in compare view

Updates zip from 5.0.0 to 5.1.1

Release notes

Sourced from zip's releases.

v5.1.1

🐛 Bug Fixes

• panic when reading empty extended-timestamp field (#404) (#422)
• Restore original file timestamp when unzipping with chrono (#46)

⚙️ Miscellaneous Tasks

• Configure Amazon Q rules (#421)

v5.1.0

🚀 Features

• Add legacy shrink/reduce/implode compression (#303)

v5.0.1

🐛 Bug Fixes

• AES metadata was not copied correctly in raw copy methods, which could corrupt the copied file. (#417)

Changelog

Sourced from zip's changelog.

5.1.1 - 2025-09-11

🐛 Bug Fixes

• panic when reading empty extended-timestamp field (#404) (#422)
• Restore original file timestamp when unzipping with chrono (#46)

⚙️ Miscellaneous Tasks

• Configure Amazon Q rules (#421)

5.1.0 - 2025-09-10

🚀 Features

• Add legacy shrink/reduce/implode compression (#303)

5.0.1 - 2025-09-09

🐛 Bug Fixes

• AES metadata was not copied correctly in raw copy methods, which could corrupt the copied file. (#417)

Commits

• 6423fee chore: release v5.1.1 (#423)
• 97c33a6 fix: panic when reading empty extended-timestamp field (#404) (#422)
• 8d094b8 chore: Configure Amazon Q rules (#421)
• 5362be0 fix: Restore original file timestamp when unzipping with chrono (#46)
• 4802b87 chore(deps): update nt-time requirement from 0.10.6 to 0.12.1 (#416)
• e341b3d chore: release v5.1.0 (#419)
• 0abee77 feat: Add legacy shrink/reduce/implode compression (#303)
• 12c87d1 chore: release v5.0.1 (#418)
• b611a59 fix: aes was not copied correctly in raw copy methods (#417)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.