chore(deps): update regex

[renovate]

This PR contains the following updates:

Package	Update	Change
cargo-deny	minor	0.16.1 → 0.19.0
cargo-hack	patch	0.6.31 → 0.6.41
cargo-llvm-cov	minor	0.6.13 → 0.8.2
cargo-udeps	patch	0.1.50 → 0.1.60

---

Release Notes

EmbarkStudios/cargo-deny (cargo-deny)

v0.19.0

Compare Source

Changed

• PR#802 made relative paths passed to --config be resolved relative to the current working directory (rather than the resolved manifest path's directory).
• PR#825 updated gix, reqwest, and tame-index to newer versions. The reqwest 0.13 changes means it is no longer possible to choose the source of root certificates for gix, so that decision is now left to rustls-platform-verifier. The native-certs feature has thus been removed, and cargo-deny no longer defaults to using webpki-roots.

Fixed

• PR#802 fixed path handling of paths passed to --config, resolving #​748.
• PR#819 added locations to all SARIF results since that's mandatory for valid SARIF.
• PR#821 fixed compilation on an Alpine host.

Added

• PR#795 added [bans.allow-workspace] to allow workspace crates while denying all external crates.
• PR#800 added [licenses.include-build] to toggle whether build dependencies are included in the license check.
• PR#823 added [advisories.unused-ignored-advisory] to disable the warning when an advisory is ignored but not encountered in the crate graph.
• PR#826 added [advisories.unsound] to determine which crates can show unsound advisories, similarly to the unmaintained field. Defaults to workspace crates, ignoring unsound advisories for transitive dependencies, resolving #​824.

v0.18.9

Compare Source

Fixed

• PR#817 resolved #​816 by making most license integration tests just return success if I or CI am not the one running them.

v0.18.8

Compare Source

Fixed

• PR#814 now allows deprecated license identifiers if they are detected from text, which was broken in 0.18.7. Additionally, when a GNU license (GPL, AGPL, LGPL, GFDL) license is detected, it is always detected as the -or-later variant, arbitrarily chosen as it is impossible to distinguish between the variants for a particular license version. This means if the license detected is actually wrong (eg. GPL-3.0-or-later is detected when the code is actually licensed under GPL-3.0-only), the license should instead be clarified to the correct one. Resolves #​813.

v0.18.7

Compare Source

Fixed

• PR#814 now allows deprecated license identifiers if they are detected from text, which was broken in 0.18.7. Additionally, when a GNU license (GPL, AGPL, LGPL, GFDL) license is detected, it is always detected as the -or-later variant, arbitrarily chosen as it is impossible to distinguish between the variants for a particular license version. This means if the license detected is actually wrong (eg. GPL-3.0-or-later is detected when the code is actually licensed under GPL-3.0-only), the license should instead be clarified to the correct one. Resolves #​813.

v0.18.6

Compare Source

Fixed

• PR#805 updated rustsec to 0.31, resolving #​804.
• PR#810 resolved #​809 by printing the crate name and version when its manifest does not contain a license expression.

Added

• PR#807 added the unused-license-exception option to configure the lint level, resolving #​806.

Changed

• PR#808 updated gix to 0.75.

v0.18.5

Compare Source

Changed

• PR#789 changed it so that release binaries are now built with LTO.
• PR#790 and PR#794 updated various crates.

Added

• PR#790 added SARIF as an output format, usable via --format sarif. The current output for this format is experimental and may change in future updates.

v0.18.4

Compare Source

Added

• PR#779 added the --metadata-path argument to use a cargo metadata JSON file instead of calling cargo metadata, resolving #​777.
• PR#782 added sources.unused-allow-source to allow configuration of the lint level when a source is allowed but not used by any crate in the graph, closing #​781.

Changed

• PR#786 changed the license check output. / is no longer corrected to OR, and if the license expression is found in the package's manifest, that span is used in diagnostic messages instead of the synthesized manifest.

Fixed

• PR#786 resolved #​784 by updating spdx to a new version that forces all GNU licenses to be exactly equal when comparing license expressions to licensee expressions, which is incredibly pedantic, but means the license comparison is entirely in the hands of the user so that I no longer have to deal with GNU licenses.

v0.18.3

Compare Source

Changed

• PR#773 changed cargo-deny's duplicate detection to automatically ignore versions whose only dependent is another version of the same crate.

v0.18.2

Compare Source

Added

• PR#753 resolved #​752 by adding back the advisories.unmaintained config option. See the docs for how it can be used. The default matches the current behavior, which is to error on any unmaintained advisory, but adding unmaintained = "workspace" to the [advisories] table will mean unmaintained advisories will only error if the crate is a direct dependency of your workspace.

v0.18.1

Compare Source

Fixed

• PR#749 updated krates to pull in the fix for EmbarkStudios/krates#100.

v0.18.0

Compare Source

Changed

• PR#746 changed the directory naming of advisory databases, again, so the name uses the last path component and a different, but also stable, hashing algorithm. Eg. the default https://github.com/rustsec/advisory-db will now be placed in $CARGO_HOME/advisory-dbs/advisory-db-3157b0e258782691.
• PR#746 changed the MSRV to 1.85.0 and uses edition 2024.

Fixed

• PR#746 fixes an issue when using cargo 1.85.0 where source urls were not being properly assigned to crates.io due to the constant being used no longer matching the new path used in cargo 1.85.0 causing eg. workspace dependency checks to fail.

v0.17.0

Compare Source

Changed

• PR#745 updated tame-index to 0.18.0 so that cargo 1.85.0 is transparently supported along with older cargo versions.
• PR#745 now uses the same stable hashing as cargo 1.85.0 for the advisory databases, which changes their path, but will notably now be the same across all host platforms.

v0.16.4

Compare Source

Changed

• PR#742 updated gix to 0.70, to resolve RUSTSEC-2025-0001.

Fixed

• PR#739 fixed an issue where sources could match even if the hostname was not the same.

v0.16.3

Compare Source

Changed

• PR#721 updated rust-version to 1.81.0 to accurately reflect the minimum rust version required to compile, resolving #​720.
• PR#722 updated the SPDX license list to 3.25.0.

Fixed

• PR#726 resolved #​725 by adding the unnecessary-skip diagnostic, emitted when there is a skip configured for a crate that only has one version in the graph.

v0.16.2

Compare Source

Fixed

• PR#703 resolved #​696 by no longer emitting errors when failing to deserialize deprecated fields, and removed some lingering documentation that wasn't removed in PR#611.
• PR#719 updated to krates -> 0.17.5, fixing an issue where cargo-deny could panic due to incorrectly resolving features for different versions of the same crate referenced by a single crate.
• PR#719 resolved #​706 by removing a warning issued when users use ignored scheme modifiers for source urls.
• PR#719 resolved #​718 by updating the book with missing arguments.

Added

• PR#715 resolved #​714 by adding support for Edition 2024. Thanks @​kpcyrd!
• PR#710 resolved #​708 by allowing for unpublished workspace crates to be excluded from the dependency graph that checks are run against, either via the --exclude-unpublished CLI argument or the graph.exclude-unpublished config field. Thanks @​Tastaturtaste!

Changed

• PR#711 updated goblin -> 0.9.2
• PR#713 updated various crates, notably rustsec -> 0.30.

taiki-e/cargo-hack (cargo-hack)

v0.6.41

Compare Source

• Enable release immutability.

v0.6.40

Compare Source

• Update toml_edit to 0.24. This includes TOML 1.1 parse support.

v0.6.39

Compare Source

• Fix bug casing "feature ... includes .., but .. is not a dependency" error.

v0.6.38

Compare Source

• Distribute prebuilt binaries for powerpc64le/riscv64gc/s390x Linux.

v0.6.37

Compare Source

• Fix --mutually-exclusive-features interacting with optional dependencies. (#​276, thanks @​xStrom)

  This is a re-land of the change added in 0.6.34 but reverted in 0.6.36 due to infinite recursion bug, with the infinite recursion bug fixed.

• Update toml_edit to 0.23.

v0.6.36

Compare Source

• Fix a regression introduced in 0.6.34 that caused a stack overflow. (#​272)

v0.6.35

Compare Source

• Performance improvements.

• Documentation improvements.

v0.6.34

Compare Source

• Fix a regression introduced in 0.6.34 that caused a stack overflow. (#​272)

v0.6.33

Compare Source

• Allow using --exclude without also specifying --workspace. (#​258, thanks @​xStrom)

v0.6.32

Compare Source

• Disable quick-install fallback of cargo-binstall.

taiki-e/cargo-llvm-cov (cargo-llvm-cov)

v0.8.2

Compare Source

• Support ui_test. (#​477)

v0.8.1

Compare Source

• Back "cargo-llvm-cov subcommands other than report and clean may not work correctly ..." error to warning.

  This was changed from a warning to an error in 0.7.0, but it has been reverted because a case where it previously worked without issues was reported.

v0.8.0

Compare Source

• Support glob pattern, versioned name with partial version or <name>@&#8203;<version> syntax, and package spec in --package. Previously, only package name and versioned package name with <name>:<full_version> are supported. (#​476)

  This also fixes regression introduced in 0.7.0 where causing packages specified with --package are wrongly excluded from report/test when package is specified with the above syntaxes.

• Support glob pattern, versioned name, and package spec in --exclude. When we tested it previously, Cargo did not support this, but the current version of Cargo does support it. (#​476)

• Align the exclusion behavior in reports when cargo-llvm-cov is performed in a sub-crate directory of a workspace or in the root crate of a non-virtual workspace without using --workspace or --package, to match the behavior when --workspace or --package is used (by default, only show the tested crates). (#​476)

  Compatibility Note: When --workspace or --package is not used, this will exclude other untested workspace members from the report that were previously implicitly included.

  If you want to test other workspace members, consider using --workspace or --package. If you don't want to test other workspace members but still want to include them in the report, consider using --workspace or --exclude-from-test.

v0.7.1

Compare Source

• Fix regression introduced in 0.7.0 where causing coverage test failure in nextest's CI. (6e30e6f)

v0.7.0

Compare Source

• Fix regression introduced in 0.7.0 where causing coverage test failure in nextest's CI. (6e30e6f)

v0.6.24

Compare Source

• Support *-windows-gnullvm targets. (#​470, thanks @​mati865)

• Fix a bug causing --profraw-only to remove too many files. (#​469, thanks @​smoelius)

• Distribute prebuilt binary for AArch64 Windows.
  -C instrument-coverage doesn't support aarch64-pc-windows-msvc yet (rust-lang/rust#150123), but cross-compile to aarch64-pc-windows-gnullvm works.

v0.6.23

Compare Source

• Enable release immutability.

v0.6.22

Compare Source

• Update documentation to mention the way to get coverage for wasm32-unknown-unknown target.

• Exclude files named tests.rs/*_tests.rs/*-tests.rs from the report by default.

v0.6.21

Compare Source

• Update minimal version of cargo-config2 to 0.1.39 to fix regression causing "invalid type: .., expected struct TargetConfig" error when a custom field used in target.<triple> config. (#​454)

v0.6.20

Compare Source

• Support Cargo build-dir that added in Cargo 1.91. (#​452)

• Update minimal version of cargo-config2 to 0.1.38 to improve support for target names that contain ".". (#​446)

v0.6.19

Compare Source

• Distribute prebuilt binaries for powerpc64le/riscv64gc/s390x Linux.

v0.6.18

Compare Source

• Fix bug in exclude of local vendored sources on Windows. (#​442, thanks @​LittleBoxOfSunshine)

v0.6.17

Compare Source

• Exclude local vendored sources by default. (#​438, thanks @​Altair-Bueno)

• Remove dependency on is_executable. (#​422)

• Update opener to 0.8.

• Update duct to 1.

• Documentation improvements.

v0.6.16

Compare Source

• Add --with-pwsh-env-prefix to cargo llvm-cov show-env subcommand. (#​411, thanks @​LittleBoxOfSunshine)

• Document usage with GitLab CI. (#​405, thanks @​jaskij)

• Document usage with afl.rs. (#​369, thanks @​njelich)

• Update ruzstd to 0.8.

  This increases the rustc version required to build cargo-llvm-cov. (rustc 1.73+ -> 1.81+)
  The cargo/rustc version required to run cargo-llvm-cov remains unchanged.

v0.6.15

Compare Source

• Remove dependency on home to relax the MSRV on Windows.

• Weaken errors related to rustc version to warnings. (#​407)

v0.6.14

Compare Source

• Add unstable --mcdc flag to enable mcdc coverage. (#​383, thanks @​Swatinem)

est31/cargo-udeps (cargo-udeps)

v0.1.60

Compare Source

• Update cargo dependency to 0.92

v0.1.59

Compare Source

• Update cargo dependency to 0.91

v0.1.57

Compare Source

• Update cargo dependency to 0.89

v0.1.56

Compare Source

• Update cargo dependency to 0.88

v0.1.55

Compare Source

• Update cargo dependency to 0.86

v0.1.54

Compare Source

• Update cargo dependency to 0.85

v0.1.53

Compare Source

• Update cargo dependency to 0.84

v0.1.52

Compare Source

• Update cargo dependency to 0.83

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Coverage after merging renovate/regex into main will be

92.20%

Coverage Report

File	Stmts	Branches	Funcs	Lines	Uncovered Lines
engine.rs	92.86%	85.71%	100%	93.01%	100, 103, 109–111, 127, 58–59, 88–89, 92, 99
parser.rs	82.80%	83.33%	88.89%	81.98%	109, 155–158, 182–186, 210, 214–217, 245, 247–251, 279, 283, 296–300, 309–312, 322, 324–330, 334–335
testing.rs	100%	100%	100%	100%
bin
if-changed.rs	100%	100%	100%	100%
engine
git.rs	94.95%	65%	96.55%	97.18%	168–169, 176–177, 179–180, 193, 195