Skip to content

Bump rstest from 0.21.0 to 0.26.1#658

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/rstest-0.26.1
Open

Bump rstest from 0.21.0 to 0.26.1#658
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/rstest-0.26.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 2, 2025
edited
Loading

Bumps rstest from 0.21.0 to 0.26.1.

Release notes

Sourced from rstest's releases.

0.26.1

Fix Docs

Full Changelog: la10736/rstest@v0.26.0...v0.26.1

0.26.0

What's Changed

New Contributors

Full Changelog: la10736/rstest@v0.25.0...v0.26.0

0.25.0

What's Changed

New Contributors

Full Changelog: la10736/rstest@v0.24.0...v0.25.0

0.24.0

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from rstest's changelog.

[0.26.1] 2025/7/27

Fixed

  • Docs

[0.26.0] 2025/7/26

Changed

  • The #[files(...)] attribute now ignores matched directory paths by default. See #306 thanks to @​Obito-git.

Add

  • Introduced the #[dirs] attribute, which can be used with #[files(...)] to explicitly include directory paths. See #306 thanks to @​Obito-git.
  • The CI now runs builds and tests on Windows, as well.
  • #[test_attr] to define test attribute explicit and also enable the use of #[macro_rules_attribute::apply(<macro>)]: naw also smol works. See #303 #311 #315 thanks to @​coriolinus.

Fixed

  • Removed unsued trait and impl spotted out on 1.89.0-nightly
  • Add missed tests about ignore attribute's args in rstest expansion. See #313
  • The #[files(...)] attribute now works reliably on Windows.
  • Now global attributes can go everywhere in the list also where case is used

[0.25.0] 2025/3/2

Changed

  • Append generated test macro so next test macros are aware of it (see #291 thanks to @​kezhuw).

Add

  • Added a #[mode = ...] attribute to be used with the #[files(...)] attribute to change the way the files get passed to the test. (see #295 thanks to @​lucascool12)

[0.24.0] 2025/1/1

Changed

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added Changed Required label for PR that categorizes merge commit message as "Changed" for changelog dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Dec 2, 2025
@socket-security
Copy link

socket-security bot commented Dec 2, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedcargo/​rstest@​0.21.0 ⏵ 0.26.110010093100100

View full report

@socket-security
Copy link

socket-security bot commented Dec 2, 2025
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: cargo unicode-ident under Unicode-3.0

License: Unicode-3.0 - the applicable license policy does not allow this license (4) (unicode-ident-1.0.22/LICENSE-UNICODE)

From: ?cargo/pyo3@0.22.6cargo/criterion@0.5.1cargo/sha1@0.10.6cargo/thiserror@1.0.69cargo/sha3@0.10.8cargo/p256@0.13.2cargo/rstest@0.26.1cargo/k256@0.13.4cargo/arbitrary@1.4.2cargo/chia-sha2@0.28.2cargo/chia-bls@0.28.1cargo/linreg@0.2.0cargo/serde_json@1.0.145cargo/serde@1.0.228cargo/clap@4.5.53cargo/unicode-ident@1.0.22

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/unicode-ident@1.0.22. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Low
Potential code anomaly (AI signal): cargo regex-automata is 100.0% likely to have a medium risk anomaly

Notes: No explicit malicious behavior detected (no network access, no file system tampering, no data exfiltration, and no backdoor-style code). However, the code employs multiple unsafe blocks, a complex ownership optimization, and manual synchronization that could introduce subtle memory safety or data race issues if assumptions are violated. The non-std path even implements a hand-rolled Mutex, which increases the potential surface for safety bugs. Overall, the code appears to be a performance-optimized pool with sophisticated ownership logic rather than a typical malicious payload. It should be reviewed for thread-safety guarantees and correctness in edge cases, but there is no clear malware pattern present.

Confidence: 1.00

Severity: 0.60

From: ?cargo/criterion@0.5.1cargo/rstest@0.26.1cargo/regex-automata@0.4.13

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/regex-automata@0.4.13. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@coveralls-official
Copy link

coveralls-official bot commented Dec 2, 2025
edited
Loading

Pull Request Test Coverage Report for Build 20171606989

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 91.549%
Totals Coverage Status
Change from base Build 20171572331: 0.0%
Covered Lines: 6294
Relevant Lines: 6875
💛 - Coveralls

@dependabot
Bump rstest from 0.21.0 to 0.26.1
4f577be 
Bumps [rstest](https://github.com/la10736/rstest) from 0.21.0 to 0.26.1.
- [Release notes](https://github.com/la10736/rstest/releases)
- [Changelog](https://github.com/la10736/rstest/blob/master/CHANGELOG.md)
- [Commits](la10736/rstest@v0.21.0...v0.26.1)

---
updated-dependencies:
- dependency-name: rstest
  dependency-version: 0.26.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/cargo/rstest-0.26.1 branch from 98866e9 to 4f577be Compare December 12, 2025 15:31
@github-actions
Copy link

github-actions bot commented Mar 7, 2026

'This PR has been flagged as stale due to no activity for over 60
days. It will not be automatically closed, but it has been given
a stale-pr label and should be manually reviewed.'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Changed Required label for PR that categorizes merge commit message as "Changed" for changelog dependencies Pull requests that update a dependency file rust Pull requests that update Rust code stale-pr

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants