From ca5a9bb01908fb805f17d24270df7aed9f072edf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Orhun=20Parmaks=C4=B1z?= Date: Sat, 5 Jul 2025 16:29:09 +0300 Subject: [PATCH] chore(changelog): skip dependency updates in changelog (#1966) --- CHANGELOG.md | 935 --------------------------------------------------- cliff.toml | 1 + 2 files changed, 1 insertion(+), 935 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12e766ec..485aafcb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1094,913 +1094,8 @@ All notable changes to this project will be documented in this file. > > BREAKING CHANGE:MSRV is now 1.81 -### Security - -- [3745a67](https://github.com/ratatui/ratatui/commit/3745a67ba071d5a52e378af34f8409cd90912eb0) *(deps)* Bump rand from 0.9.0 to 0.9.1 by @dependabot[bot] in [#1804](https://github.com/ratatui/ratatui/pull/1804) - - > Bumps [rand](https://github.com/rust-random/rand) from 0.9.0 to 0.9.1. - >
- > Changelog - >

Sourced from href="https://github.com/rust-random/rand/blob/master/CHANGELOG.md">rand's - > changelog.

- >
- >

[0.9.1] - 2025-04-17

- >

Security and unsafe

- > - >

Fixes

- > - >

Changes

- > - >

Additions

- > - >
- >
- >
- > Commits - > - >
- >
- > - > - > [![Dependabot compatibility - > score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rand&package-manager=cargo&previous-version=0.9.0&new-version=0.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - > - > Dependabot will resolve any conflicts with this PR as long as you don't - > alter it yourself. You can also trigger a rebase manually by commenting - > `@dependabot rebase`. - > - > [//]:# (dependabot-automerge-start) - > - > [//]:# (dependabot-automerge-end) - > - > --- - > - >
- > Dependabot commands and options - >
- > - > You can trigger Dependabot actions by commenting on this PR: - > - `@dependabot rebase` will rebase this PR - > - `@dependabot recreate` will recreate this PR, overwriting any edits - > that have been made to it - > - `@dependabot merge` will merge this PR after your CI passes on it - > - `@dependabot squash and merge` will squash and merge this PR after - > your CI passes on it - > - `@dependabot cancel merge` will cancel a previously requested merge - > and block automerging - > - `@dependabot reopen` will reopen this PR if it is closed - > - `@dependabot close` will close this PR and stop Dependabot recreating - > it. You can achieve the same result by closing it manually - > - `@dependabot show ignore conditions` will show all - > of the ignore conditions of the specified dependency - > - `@dependabot ignore this major version` will close this PR and stop - > Dependabot creating any more for this major version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this minor version` will close this PR and stop - > Dependabot creating any more for this minor version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this dependency` will close this PR and stop - > Dependabot creating any more for this dependency (unless you reopen the - > PR or upgrade to it yourself) - > - > - >
- -- [a03ba0d](https://github.com/ratatui/ratatui/commit/a03ba0de5c02a51726285b359a512e6de8b84622) *(deps)* Bump crossterm from 0.28.1 to 0.29.0 by @dependabot[bot] in [#1771](https://github.com/ratatui/ratatui/pull/1771) - - > Bumps [crossterm](https://github.com/crossterm-rs/crossterm) from 0.28.1 - > to 0.29.0. - >
- > Release notes - >

Sourced from href="https://github.com/crossterm-rs/crossterm/releases">crossterm's - > releases.

- >
- >

0.29

- >

Version 0.29

- >

Added ⭐

- > - >

Breaking ⚠️

- > - >

@​joshka href="https://github.com/linrongbin16">@​linrongbin16 - > @​kmicklas href="https://github.com/maciek50322">@​maciek50322 href="https://github.com/rosew0od">@​rosew0od href="https://github.com/sxyazi">@​sxyazi href="https://github.com/the-mikedavis">@​the-mikedavis - > @​hthuz href="https://github.com/aschey">@​aschey href="https://github.com/naseschwarz">@​naseschwarz href="https://github.com/Flokkq">@​Flokkq href="https://github.com/gaesa">@​gaesa href="https://github.com/WindSoilder">@​WindSoilder

- >
- >
- >
- > Changelog - >

Sourced from href="https://github.com/crossterm-rs/crossterm/blob/master/CHANGELOG.md">crossterm's - > changelog.

- >
- >

Unreleased

- >

Version 0.29

- >

Added ⭐

- > - >

Breaking ⚠️

- > - >
- >
- >
- > Commits - > - >
- >
- > - > - > [![Dependabot compatibility - > score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crossterm&package-manager=cargo&previous-version=0.28.1&new-version=0.29.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - > - > Dependabot will resolve any conflicts with this PR as long as you don't - > alter it yourself. You can also trigger a rebase manually by commenting - > `@dependabot rebase`. - > - > [//]:# (dependabot-automerge-start) - > - > [//]:# (dependabot-automerge-end) - > - > --- - > - >
- > Dependabot commands and options - >
- > - > You can trigger Dependabot actions by commenting on this PR: - > - `@dependabot rebase` will rebase this PR - > - `@dependabot recreate` will recreate this PR, overwriting any edits - > that have been made to it - > - `@dependabot merge` will merge this PR after your CI passes on it - > - `@dependabot squash and merge` will squash and merge this PR after - > your CI passes on it - > - `@dependabot cancel merge` will cancel a previously requested merge - > and block automerging - > - `@dependabot reopen` will reopen this PR if it is closed - > - `@dependabot close` will close this PR and stop Dependabot recreating - > it. You can achieve the same result by closing it manually - > - `@dependabot show ignore conditions` will show all - > of the ignore conditions of the specified dependency - > - `@dependabot ignore this major version` will close this PR and stop - > Dependabot creating any more for this major version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this minor version` will close this PR and stop - > Dependabot creating any more for this minor version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this dependency` will close this PR and stop - > Dependabot creating any more for this dependency (unless you reopen the - > PR or upgrade to it yourself) - > - > - >
- -- [fdc1746](https://github.com/ratatui/ratatui/commit/fdc1746effadf28392f055345be10074f4117e3e) *(deps)* Bump tokio from 1.44.1 to 1.44.2 by @dependabot[bot] in [#1769](https://github.com/ratatui/ratatui/pull/1769) - - > Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.44.1 to 1.44.2. - >
- > Release notes - >

Sourced from href="https://github.com/tokio-rs/tokio/releases">tokio's - > releases.

- >
- >

Tokio v1.44.2

- >

This release fixes a soundness issue in the broadcast channel. The - > channel - > accepts values that are Send but !Sync. - > Previously, the channel called - > clone() on these values without synchronizing. This release - > fixes the channel - > by synchronizing calls to .clone() (Thanks Austin Bonander - > for finding and - > reporting the issue).

- >

Fixed

- > - >

href="https://redirect.github.com/tokio-rs/tokio/issues/7232">#7232: - > href="https://redirect.github.com/tokio-rs/tokio/pull/7232">tokio-rs/tokio#7232

- >
- >
- >
- > Commits - > - >
- >
- > - > - > [![Dependabot compatibility - > score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tokio&package-manager=cargo&previous-version=1.44.1&new-version=1.44.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - > - > Dependabot will resolve any conflicts with this PR as long as you don't - > alter it yourself. You can also trigger a rebase manually by commenting - > `@dependabot rebase`. - > - > [//]:# (dependabot-automerge-start) - > - > [//]:# (dependabot-automerge-end) - > - > --- - > - >
- > Dependabot commands and options - >
- > - > You can trigger Dependabot actions by commenting on this PR: - > - `@dependabot rebase` will rebase this PR - > - `@dependabot recreate` will recreate this PR, overwriting any edits - > that have been made to it - > - `@dependabot merge` will merge this PR after your CI passes on it - > - `@dependabot squash and merge` will squash and merge this PR after - > your CI passes on it - > - `@dependabot cancel merge` will cancel a previously requested merge - > and block automerging - > - `@dependabot reopen` will reopen this PR if it is closed - > - `@dependabot close` will close this PR and stop Dependabot recreating - > it. You can achieve the same result by closing it manually - > - `@dependabot show ignore conditions` will show all - > of the ignore conditions of the specified dependency - > - `@dependabot ignore this major version` will close this PR and stop - > Dependabot creating any more for this major version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this minor version` will close this PR and stop - > Dependabot creating any more for this minor version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this dependency` will close this PR and stop - > Dependabot creating any more for this dependency (unless you reopen the - > PR or upgrade to it yourself) - > - > - >
- -- [352021b](https://github.com/ratatui/ratatui/commit/352021bc6f802762a7b82fcfbdfd9d248b412e1b) *(deps)* Bump tokio from 1.43.0 to 1.44.1 by @dependabot[bot] in [#1723](https://github.com/ratatui/ratatui/pull/1723) - - > Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.43.0 to 1.44.1. - >
- > Release notes - >

Sourced from href="https://github.com/tokio-rs/tokio/releases">tokio's - > releases.

- >
- >

Tokio v1.44.1

- >

1.44.1 (March 13th, 2025)

- >

Fixed

- > - >

href="https://redirect.github.com/tokio-rs/tokio/issues/7216">#7216: - > href="https://redirect.github.com/tokio-rs/tokio/pull/7216">tokio-rs/tokio#7216

- >

Tokio v1.44.0

- >

1.44.0 (March 7th, 2025)

- >

This release changes the from_std method on sockets to - > panic if a blocking socket is provided. We determined this change is not - > a breaking change as Tokio is not intended to operate using blocking - > sockets. Doing so results in runtime hangs and should be considered a - > bug. Accidentally passing a blocking socket to Tokio is one of the most - > common user mistakes. If this change causes an issue for you, please - > comment on href="https://redirect.github.com/tokio-rs/tokio/issues/7172">#7172.

- >

Added

- > - >

Fixed

- > - >

Changes

- > - >

Changes to unstable APIs

- > - >

Documented

- > - > - >
- >

... (truncated)

- >
- >
- > Commits - > - >
- >
- > - > - > [![Dependabot compatibility - > score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tokio&package-manager=cargo&previous-version=1.43.0&new-version=1.44.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - > - > Dependabot will resolve any conflicts with this PR as long as you don't - > alter it yourself. You can also trigger a rebase manually by commenting - > `@dependabot rebase`. - > - > [//]:# (dependabot-automerge-start) - > - > [//]:# (dependabot-automerge-end) - > - > --- - > - >
- > Dependabot commands and options - >
- > - > You can trigger Dependabot actions by commenting on this PR: - > - `@dependabot rebase` will rebase this PR - > - `@dependabot recreate` will recreate this PR, overwriting any edits - > that have been made to it - > - `@dependabot merge` will merge this PR after your CI passes on it - > - `@dependabot squash and merge` will squash and merge this PR after - > your CI passes on it - > - `@dependabot cancel merge` will cancel a previously requested merge - > and block automerging - > - `@dependabot reopen` will reopen this PR if it is closed - > - `@dependabot close` will close this PR and stop Dependabot recreating - > it. You can achieve the same result by closing it manually - > - `@dependabot show ignore conditions` will show all - > of the ignore conditions of the specified dependency - > - `@dependabot ignore this major version` will close this PR and stop - > Dependabot creating any more for this major version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this minor version` will close this PR and stop - > Dependabot creating any more for this minor version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this dependency` will close this PR and stop - > Dependabot creating any more for this dependency (unless you reopen the - > PR or upgrade to it yourself) - > - > - >
- -- [83774ee](https://github.com/ratatui/ratatui/commit/83774eecf008e95d8e1c86c92ef6c46090bd6c6e) *(deps)* Bump time from 0.3.37 to 0.3.39 by @dependabot[bot] in [#1708](https://github.com/ratatui/ratatui/pull/1708) - - > Bumps [time](https://github.com/time-rs/time) from 0.3.37 to 0.3.39. - >
- > Release notes - >

Sourced from href="https://github.com/time-rs/time/releases">time's - > releases.

- >
- >

v0.3.39

- >

See the href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog - > for details.

- >

v0.3.38

- >

See the href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog - > for details.

- >
- >
- >
- > Changelog - >

Sourced from href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">time's - > changelog.

- >
- >

0.3.39 [2025-03-06]

- >

Fixed

- >
    - >
  • Doc tests run successfully with the default feature set.
    • - >
  • wasm builds work again.
    • - >
- >

Both of these were regressions in v0.3.38 and are now checked in - > CI.

- >

0.3.38 [2025-03-05]

- >

Added

- >
    - >
  • - >

    The [year] component (in format descriptions) now - > supports a range modifier, which can be - > either standard or extended. The default is - > extended for backwards compatibility. This is - > intended as a manner to opt out of the extended range when the - > large-dates feature is enabled. - > When the large-dates feature is not enabled, the modifier - > has no effect.

    - >
    • - >
  • - >

    UtcDateTime, which is semantically equivalent to an - > OffsetDateTime with UTC as its offset. The - > advantage is that it is the same size as a - > PrimitiveDateTime and has improved operability with - > well-known formats.

    - >

    As part of this, there were some other additions:

    - >
      - >
    • utc_datetime! macro, which is similar to the - > datetime! macro but constructs a - > UtcDateTime.
      • - >
    • PrimitiveDateTime::as_utc
      • - >
    • OffsetDateTime::to_utc
      • - >
    • OffsetDateTime::checked_to_utc
      • - >
    - >
    • - >
  • - >

    time::serde::timestamp::milliseconds_i64, which is a - > module to serialize/deserialize timestamps - > as the Unix timestamp. The pre-existing module does this as an - > i128 where an i64 would - > suffice. This new module should be preferred.

    - >
    • - >
- >

Changed

- >
    - >
  • error::Format has had its source() - > implementation changed to no longer return a boxed value - > from the ComponentRange variant. If you were explicitly - > expecting this, you will need to update - > your code. The method API remains unchanged.
    • - >
  • [year repr:century] supports single-digit values.
    • - >
  • All format_into methods accept ?Sized - > references.
    • - >
- >

Miscellaneous

- >
    - >
  • Some non-exhaustive enum variants that are no longer used have been - > modified to be statically - > proven as uninhabited. The relevant fields are doc-hidden and not - > semver-guaranteed to remain as - > such, though it is unlikely to change.
    • - >
  • An unnecessary check when parsing RFC 2822 has been removed.
    • - >
  • Various methods have had their implementations changed, resulting in - > significant performance - > gains. Among the methods changed are - >
      - >
    • util::is_leap_year
      • - >
    • util::weeks_in_year
      • - >
    • Month::length
      • - >
    • Date::to_calendar_date
      • - >
    - >
    • - >
- > - >
- >

... (truncated)

- >
- >
- > Commits - > - >
- >
- > - > - > [![Dependabot compatibility - > score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=time&package-manager=cargo&previous-version=0.3.37&new-version=0.3.39)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - > - > Dependabot will resolve any conflicts with this PR as long as you don't - > alter it yourself. You can also trigger a rebase manually by commenting - > `@dependabot rebase`. - > - > [//]:# (dependabot-automerge-start) - > - > [//]:# (dependabot-automerge-end) - > - > --- - > - >
- > Dependabot commands and options - >
- > - > You can trigger Dependabot actions by commenting on this PR: - > - `@dependabot rebase` will rebase this PR - > - `@dependabot recreate` will recreate this PR, overwriting any edits - > that have been made to it - > - `@dependabot merge` will merge this PR after your CI passes on it - > - `@dependabot squash and merge` will squash and merge this PR after - > your CI passes on it - > - `@dependabot cancel merge` will cancel a previously requested merge - > and block automerging - > - `@dependabot reopen` will reopen this PR if it is closed - > - `@dependabot close` will close this PR and stop Dependabot recreating - > it. You can achieve the same result by closing it manually - > - `@dependabot show ignore conditions` will show all - > of the ignore conditions of the specified dependency - > - `@dependabot ignore this major version` will close this PR and stop - > Dependabot creating any more for this major version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this minor version` will close this PR and stop - > Dependabot creating any more for this minor version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this dependency` will close this PR and stop - > Dependabot creating any more for this dependency (unless you reopen the - > PR or upgrade to it yourself) - > - > - >
- -- [5710b7a](https://github.com/ratatui/ratatui/commit/5710b7a8d9630eb36fe3d87b748bf5cf2c7b1ec3) *(deps)* Bump rstest from 0.24.0 to 0.25.0 by @dependabot[bot] in [#1695](https://github.com/ratatui/ratatui/pull/1695) - - > Bumps [rstest](https://github.com/la10736/rstest) from 0.24.0 to 0.25.0. - >
- > Release notes - >

Sourced from href="https://github.com/la10736/rstest/releases">rstest's - > releases.

- >
- >

0.25.0

- >

What's Changed

- > - >

New Contributors

- > - >

Full Changelog: href="https://github.com/la10736/rstest/compare/v0.24.0...v0.25.0">https://github.com/la10736/rstest/compare/v0.24.0...v0.25.0

- >
- >
- >
- > Changelog - >

Sourced from href="https://github.com/la10736/rstest/blob/master/CHANGELOG.md">rstest's - > changelog.

- >
- >

[0.25.0] 2025/3/2

- >

Changed

- > - >

Add

- > - >
- >
- >
- > Commits - > - >
- >
- > - > - > [![Dependabot compatibility - > score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rstest&package-manager=cargo&previous-version=0.24.0&new-version=0.25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - > - > Dependabot will resolve any conflicts with this PR as long as you don't - > alter it yourself. You can also trigger a rebase manually by commenting - > `@dependabot rebase`. - > - > [//]:# (dependabot-automerge-start) - > - > [//]:# (dependabot-automerge-end) - > - > --- - > - >
- > Dependabot commands and options - >
- > - > You can trigger Dependabot actions by commenting on this PR: - > - `@dependabot rebase` will rebase this PR - > - `@dependabot recreate` will recreate this PR, overwriting any edits - > that have been made to it - > - `@dependabot merge` will merge this PR after your CI passes on it - > - `@dependabot squash and merge` will squash and merge this PR after - > your CI passes on it - > - `@dependabot cancel merge` will cancel a previously requested merge - > and block automerging - > - `@dependabot reopen` will reopen this PR if it is closed - > - `@dependabot close` will close this PR and stop Dependabot recreating - > it. You can achieve the same result by closing it manually - > - `@dependabot show ignore conditions` will show all - > of the ignore conditions of the specified dependency - > - `@dependabot ignore this major version` will close this PR and stop - > Dependabot creating any more for this major version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this minor version` will close this PR and stop - > Dependabot creating any more for this minor version (unless you reopen - > the PR or upgrade to it yourself) - > - `@dependabot ignore this dependency` will close this PR and stop - > Dependabot creating any more for this dependency (unless you reopen the - > PR or upgrade to it yourself) - > - > - >
- - - - **Full Changelog**: https://github.com/ratatui/ratatui/compare/ratatui-v0.30.0-alpha.2...ratatui-v0.30.0-alpha.3 - - ## ratatui-termion - [0.1.0-alpha.3](https://github.com/ratatui/ratatui/compare/ratatui-termion-v0.1.0-alpha.2...ratatui-termion-v0.1.0-alpha.3) - 2025-05-13 ### Features @@ -2310,17 +1405,8 @@ All notable changes to this project will be documented in this file. > > BREAKING CHANGE:MSRV is now 1.81 -### Build - -- [daeba85](https://github.com/ratatui/ratatui/commit/daeba85f144ead00803c7540fa39ff6d623321c7) *(deps)* Bump `kasuari` and `line-clipping` by @j-g00da in [#1844](https://github.com/ratatui/ratatui/pull/1844) - - - - **Full Changelog**: https://github.com/ratatui/ratatui/compare/ratatui-widgets-v0.3.0-alpha.2...ratatui-widgets-v0.3.0-alpha.3 - - ## ratatui-crossterm - [0.1.0-alpha.3](https://github.com/ratatui/ratatui/compare/ratatui-crossterm-v0.1.0-alpha.2...ratatui-crossterm-v0.1.0-alpha.3) - 2025-05-13 ### Features @@ -2605,29 +1691,8 @@ All notable changes to this project will be documented in this file. > > Fixes:https://github.com/ratatui/ratatui/issues/1712 -### Build - -- [daeba85](https://github.com/ratatui/ratatui/commit/daeba85f144ead00803c7540fa39ff6d623321c7) *(deps)* Bump `kasuari` and `line-clipping` by @j-g00da in [#1844](https://github.com/ratatui/ratatui/pull/1844) - -- [fc4b996](https://github.com/ratatui/ratatui/commit/fc4b996c596aec8316427bc71677fbfcce68caed) *(deps)* Update compact_str requirement from 0.8.1 to 0.9.0 by @musicinmybrain in [#1783](https://github.com/ratatui/ratatui/pull/1783) - - > Looking at - > https://github.com/ParkMyCar/compact_str/blob/v0.9.0/CHANGELOG.md#090, - > there are a few API changes, but it doesn’t seem like anything there - > should be a problem given that `cargo test` still passes in - > `ratatui-core/`. - -- [3d5b250](https://github.com/ratatui/ratatui/commit/3d5b250e74fc83fb580f50b617472be7cfb4fd4b) *(deps)* Use kasuari instead of cassowary by @joshka in [#1758](https://github.com/ratatui/ratatui/pull/1758) - - > [Kasuari](https://github.com/ratatui/kasuari) is a maintained fork of Cassowary. - - - - **Full Changelog**: https://github.com/ratatui/ratatui/compare/ratatui-core-v0.1.0-alpha.3...ratatui-core-v0.1.0-alpha.4 - - ## ratatui - [0.30.0-alpha.2](https://github.com/ratatui/ratatui/compare/ratatui-v0.30.0-alpha.1...ratatui-v0.30.0-alpha.2) - 2025-03-01 ### Features diff --git a/cliff.toml b/cliff.toml index 47f5bef0..8b7fccb9 100644 --- a/cliff.toml +++ b/cliff.toml @@ -115,6 +115,7 @@ commit_parsers = [ { message = "^chore\\(changelog\\)", skip = true }, { message = "^[cC]hore", group = "Miscellaneous Tasks" }, { body = ".*security", group = "Security" }, + { message = "^build\\(deps\\)", skip = true }, { message = "^build", group = "Build" }, { message = "^ci", group = "Continuous Integration" }, { message = "^revert", group = "Reverted Commits" },