[Security] Bump libflate from 0.1.18 to 0.1.26

[dependabot-preview[bot]]

Bumps libflate from 0.1.18 to 0.1.26. This update includes a security fix.

Vulnerabilities fixed

*Sourced from [The RustSec Advisory Database](https://github.com/RustSec/advisory-db/blob/master/crates/libflate/RUSTSEC-0000-0000.toml).* > **MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code** > Affected versions of libflate have set a field of an internal structure with a generic type to an uninitialized value in `MultiDecoder::read()` and reverted it to the original value after the function completed. However, execution of `MultiDecoder::read()` could be interrupted by a panic in caller-supplied `Read` implementation. This would cause `drop()` to be called on uninitialized memory of a generic type implementing `Read`. > > This is equivalent to a use-after-free vulnerability and could allow an attacker to gain arbitrary code execution. > > The flaw was corrected by aborting immediately instead of unwinding the stack in case of panic within `MultiDecoder::read()`. The issue was discovered and fixed by Shnatsel. > > Patched versions: >= 0.1.25 > Unaffected versions: < 0.1.14

Commits

- [`3ff53db`](https://github.com/sile/libflate/commit/3ff53db207af23d4c16f80ed6e764cd270ce4524) Bump version to v0.1.26 - [`ec3bd87`](https://github.com/sile/libflate/commit/ec3bd871269c358d5b357ac7197c7c1d98e5cdc6) Apply rustfmt - [`1b80cbd`](https://github.com/sile/libflate/commit/1b80cbd09b766ff6452ba52e26b828a32a455eb7) Merge pull request [#42](https://github-redirect.dependabot.com/sile/libflate/issues/42) from lukaslueg/byteorder_removed - [`ec74ff4`](https://github.com/sile/libflate/commit/ec74ff45162d1ee1fc9ae79b25e8e8741e6a65c8) Remove byteorder-dependency - [`22d1090`](https://github.com/sile/libflate/commit/22d1090b244fcf5c21ea0b01305bf4280c40ddd7) Merge pull request [#39](https://github-redirect.dependabot.com/sile/libflate/issues/39) from Stargateur/improve-decode-code - [`15811cb`](https://github.com/sile/libflate/commit/15811cbf8838c96ee9820fd6440ae28fb5191a3a) Improve decode code of read_non_compressed_block() - [`2efa0ab`](https://github.com/sile/libflate/commit/2efa0ab0d59698128b75ba2e6ec19195b403c83e) Bump version to v0.1.25 - [`a16c15a`](https://github.com/sile/libflate/commit/a16c15a39495646d40a5de278c1b9530e8c4ec3b) Apply rustfmt-1.2.0 - [`2c8adee`](https://github.com/sile/libflate/commit/2c8adee81fc6bb7b1faab97af1d2f5a532f4d249) Merge pull request [#38](https://github-redirect.dependabot.com/sile/libflate/issues/38) from Shnatsel/rle-decode-fast - [`912fabd`](https://github.com/sile/libflate/commit/912fabdc8a41d4878e30c43044cc79cbb71b0201) Drop unused import - Additional commits viewable in [compare view](https://github.com/sile/libflate/compare/0.1.18...0.1.26)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

[dependabot-preview[bot]]

Superseded by #75.