Bump the rust-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the rust-dependencies group with 4 updates in the /integration-test directory: libherokubuildpack, serde, serde_json and tempfile.

Updates libherokubuildpack from 0.26.1 to 0.27.0

Release notes

Sourced from libherokubuildpack's releases.

v0.27.0

Changed

• Raised Minimum Supported Rust Version (MSRV) to 1.85. (#913)
• Updated to Rust 2024 edition. (#913)
• libcnb:
  • Implemented custom OTLP File Exporter instead of opentelemetry-stdout and updated opentelemetry libraries to 0.28. (#909)

Changelog

Sourced from libherokubuildpack's changelog.

[0.27.0] - 2025-02-27

Changed

• Raised Minimum Supported Rust Version (MSRV) to 1.85. (#913)
• Updated to Rust 2024 edition. (#913)
• libcnb:
  • Implemented custom OTLP File Exporter instead of opentelemetry-stdout and updated opentelemetry libraries to 0.28. (#909)

Commits

• 0938dc5 Prepare release v0.27.0 (#914)
• 254cbae Export TraceData wrapped ResourceSpans (#916)
• 108faf1 Update workspace resolver version to 3 (#915)
• 59d08c9 Update to Rust 2024 edition (#913)
• 4787510 Update petgraph requirement from 0.6.5 to 0.7.1 (#903)
• 012e6b6 Custom OTLP File Exporter + opentelemetry updates (#909)
• 693a064 Bump softprops/action-gh-release from 2.1.0 to 2.2.1 (#901)
• d6f57e5 Bump buildpacks/github-actions from 5.8.3 to 5.8.8 (#905)
• c1cb55f Bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (#895)
• 215136c Bump Swatinem/rust-cache from 2.7.5 to 2.7.7 (#897)
• Additional commits viewable in compare view

Updates serde from 1.0.217 to 1.0.218

Release notes

Sourced from serde's releases.

v1.0.218

• Documentation improvements

Commits

• 7bfd518 Release 1.0.218
• 723a949 Merge pull request #2895 from dtolnay/stabledoc
• 2b44efb Point standard library links to stable
• 03dc0fc Merge pull request #2894 from dtolnay/doclink
• 85cb0c4 Convert html links to intra-doc links
• abe7194 Update ui test suite to nightly-2025-02-12
• aaccac7 Unset doc-scrape-examples for lib target
• 7cd4d84 Update ui test suite to nightly-2025-02-07
• 04ff3e8 More precise gitignore patterns
• dc3031b Remove *.sw[po] from gitignore
• Additional commits viewable in compare view

Updates serde_json from 1.0.134 to 1.0.139

Release notes

Sourced from serde_json's releases.

v1.0.139

• Documentation improvements

v1.0.138

• Documentation improvements

v1.0.137

• Turn on "float_roundtrip" and "unbounded_depth" features for serde_json in play.rust-lang.org (#1231)

v1.0.136

• Optimize serde_json::value::Serializer::serialize_map by using Map::with_capacity (#1230, thanks @​goffrie)

v1.0.135

• Add serde_json::Map::into_values method (#1226, thanks @​tisonkun)

Commits

• 4d4f53c Release 1.0.139
• 5d6b32f Merge pull request #1242 from dtolnay/writefloat
• e5bb8bd Document behavior of write_f32/f64 on non-finite floats
• 7a79781 Merge pull request #1241 from dtolnay/doclink
• 13591f1 Convert html links to intra-doc links
• 1d7378e Unset doc-scrape-examples for lib target
• 1174c5f Resolve unnecessary_semicolon pedantic clippy lint
• c916099 Release 1.0.138
• dc29e48 Move BufReader to caller
• 29122f9 Sort imports from PR 1237
• Additional commits viewable in compare view

Updates tempfile from 3.14.0 to 3.17.1

Changelog

Sourced from tempfile's changelog.

3.17.1

• Fix build with windows-sys 0.52. Unfortunately, we have no CI for older windows-sys versions at the moment...

3.17.0

• Make sure to use absolute paths in when creating unnamed temporary files (avoids a small race in the "immediate unlink" logic) and in Builder::make_in (when creating temporary files of arbitrary types).
• Prevent a theoretical crash that could (maybe) happen when a temporary file is created from a drop function run in a TLS destructor. Nobody has actually reported a case of this happening in practice and I have been unable to create this scenario in a test.
• When reseeding with getrandom, use platform (e.g., CPU) specific randomness sources where possible.
• Clarify some documentation.
• Unlink unnamed temporary files on windows immediately when possible instead of waiting for the handle to be closed. We open files with "Unix" semantics, so this is generally possible.

3.16.0

• Update getrandom to 0.3.0 (thanks to @​paolobarbolini).
• Allow windows-sys versions 0.59.x in addition to 0.59.0 (thanks @​ErichDonGubler).
• Improved security documentation (thanks to @​n0toose for collaborating with me on this).

3.15.0

Re-seed the per-thread RNG from system randomness when we repeatedly fail to create temporary files (#314). This resolves a potential DoS vector (#178) while avoiding getrandom in the common case where it's necessary. The feature is optional but enabled by default via the getrandom feature.

For libc-free builds, you'll either need to disable this feature or opt-in to a different getrandom backend.

Commits

• 714a259 chore: release 3.17.1
• 78309ed fix: cast handle to the windows crate HANDLE (#332)
• 6e7d167 chore: release 3.17.0
• 3718075 doc: remove incorrect documentation about windows and open files
• 461369f feat: delete unnamed temporary files on windows immediately
• 78d30a2 doc: clarify "inner file will be deleted" documentation (#329)
• 0fe11c4 doc: document how to "keep" temporary files/dirs after creation (#328)
• 35e0629 feat: simplify getrandom call (#325)
• 1e5059f fix: handle TLS deallocation (#324)
• c7b2e1a chore: simplify reborrow
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions