Skip to content

chore(deps): update rust crate serde_yaml to 0.0.15#82

Open
donbeave wants to merge 1 commit into
mainfrom
renovate/serde_yaml-0.x
Open

chore(deps): update rust crate serde_yaml to 0.0.15#82
donbeave wants to merge 1 commit into
mainfrom
renovate/serde_yaml-0.x

Conversation

@donbeave

@donbeave donbeave commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

This PR contains the following updates:

Package Type Update Change
serde_yaml workspace.dependencies patch 0.0.130.0.15

Release Notes

sebastienrousseau/noyalib (serde_yaml)

v0.0.15

Compare Source

The loader-parity completion + coverage-hardening cut. Finishes the
three-loader DoS-budget parity started in v0.0.14 by extending the
remaining budgets to the NoSpanLoader fast path and the
distinct-typed-key collision guard to the streaming loader, then drives a
workspace-wide coverage campaign (≈16 files to effective-100%) with no
change to public API or behaviour beyond the parity fixes.

Lockstep versioning: noyalib bumps 0.0.140.0.15.
Satellites publish =0.0.15 from their own repos:

Fixed — loader parity (security)
  • NoSpanLoader DoS-budget parity, completed. The Value fast path
    now also enforces max_events, the total-scalar-bytes budget, and the
    alias_anchor_ratio — the three budgets still span-full-only after
    v0.0.14. All three loaders (streaming, span-full Loader,
    NoSpanLoader) now enforce the same DoS budgets, with cross-path
    tests (no_span_loader_parity).
  • Distinct-typed key-collision guard on the streaming loader. The
    guard that raises Error::KeyCollision for 1: a vs "1": b (added
    to the AST paths in v0.0.14) now also runs on the streaming
    deserialiser, closing the last loader where the collision could
    silently collapse (key_collision_streaming).
Testing / tooling
  • Workspace coverage campaign: ~16 files driven to effective-100%
    (de, include, schema_validate, compat/serde_yaml, base64,
    cst/coerce, error, ser, value/number, cst/green, recovery,
    and more). Region/line/function coverage rises across the workspace;
    no behavioural change.
  • make coverage-gap restored under cargo-llvm-cov ≥ 0.8.7 (the
    empty --ignore-filename-regex is now guarded, matching CI).

v0.0.14

Compare Source

The loader-parity completion + coverage-hardening cut. Finishes the
three-loader DoS-budget parity started in v0.0.14 by extending the
remaining budgets to the NoSpanLoader fast path and the
distinct-typed-key collision guard to the streaming loader, then drives a
workspace-wide coverage campaign (≈16 files to effective-100%) with no
change to public API or behaviour beyond the parity fixes.

Lockstep versioning: noyalib bumps 0.0.140.0.15.
Satellites publish =0.0.15 from their own repos:

Fixed — loader parity (security)
  • NoSpanLoader DoS-budget parity, completed. The Value fast path
    now also enforces max_events, the total-scalar-bytes budget, and the
    alias_anchor_ratio — the three budgets still span-full-only after
    v0.0.14. All three loaders (streaming, span-full Loader,
    NoSpanLoader) now enforce the same DoS budgets, with cross-path
    tests (no_span_loader_parity).
  • Distinct-typed key-collision guard on the streaming loader. The
    guard that raises Error::KeyCollision for 1: a vs "1": b (added
    to the AST paths in v0.0.14) now also runs on the streaming
    deserialiser, closing the last loader where the collision could
    silently collapse (key_collision_streaming).
Testing / tooling
  • Workspace coverage campaign: ~16 files driven to effective-100%
    (de, include, schema_validate, compat/serde_yaml, base64,
    cst/coerce, error, ser, value/number, cst/green, recovery,
    and more). Region/line/function coverage rises across the workspace;
    no behavioural change.
  • make coverage-gap restored under cargo-llvm-cov ≥ 0.8.7 (the
    empty --ignore-filename-regex is now guarded, matching CI).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

Signed-off-by: Renovate Bot <renovate@whitesourcesoftware.com>
@donbeave donbeave force-pushed the renovate/serde_yaml-0.x branch from a579419 to 40b0ac8 Compare July 12, 2026 07:55
@donbeave donbeave changed the title chore(deps): update rust crate serde_yaml to 0.0.14 chore(deps): update rust crate serde_yaml to 0.0.15 Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants