Bump the rust-dependencies group with 4 updates

[dependabot[bot]]

Updates the requirements on actix-web, regex, chrono and temp-env to permit the latest version. Updates actix-web to 4.4.0

Release notes

Sourced from actix-web's releases.

actix-web: v4.4.0

Added

• Add HttpServer::{bind, listen}_auto_h2c() methods behind new http2 crate feature.
• Add HttpServer::{bind, listen}_rustls_021() methods for Rustls v0.21 support behind new rustls-0_21 crate feature.
• Add Resource::{get, post, etc...} methods for more concisely adding routes that don't need additional guards.
• Add web::Payload::to_bytes[_limited]() helper methods.
• Add missing constructors on HttpResponse for several status codes.
• Add http::header::ContentLength typed header.
• Implement Default for web::Data.
• Implement serde::Deserialize for web::Data.
• Add rustls-0_20 crate feature, which the existing rustls feature now aliases.

Changed

• Handler functions can now receive up to 16 extractor parameters.
• The Compress middleware no longer compresses image or video content.
• Hide sensitive header values in HttpRequest's Debug output.
• Minimum supported Rust version (MSRV) is now 1.68 due to transitive time dependency.

Commits

• e6636f1 chore(actix-test): prepare release 0.1.2
• 2b40033 chore(actix-web): prepare release 4.4.0
• d2c0d47 chore(awc): prepare release 3.2.0
• 45fdc08 chore(actix-http): prepare release 3.4.0
• a12d39c chore(actix-web-codegen): prepare release 4.2.1
• b422745 chore(actix-multipart): prepare release 0.6.1
• 4ed6146 chore(actix-multipart-derive): prepare release 0.6.1
• ac95362 refactor: simplify connector feature combos
• 84eb8b3 chore: remove broken links from changelogs
• 384ca0a chore: remove dates from changelogs
• Additional commits viewable in compare view

Updates regex to 1.9.5

Changelog

Sourced from regex's changelog.

1.9.5 (2023-09-02)

This is a patch release that hopefully mostly fixes a performance bug that occurs when sharing a regex across multiple threads.

Issue #934 explains this in more detail. It is also noted in the crate documentation. The bug can appear when sharing a regex across multiple threads simultaneously, as might be the case when using a regex from a OnceLock, lazy_static or similar primitive. Usually high contention only results when using many threads to execute searches on small haystacks.

One can avoid the contention problem entirely through one of two methods. The first is to use lower level APIs from regex-automata that require passing state explicitly, such as meta::Regex::search_with. The second is to clone a regex and send it to other threads explicitly. This will not use any additional memory usage compared to sharing the regex. The only downside of this approach is that it may be less convenient, for example, it won't work with things like OnceLock or lazy_static or once_cell.

With that said, as of this release, the contention performance problems have been greatly reduced. This was achieved by changing the free-list so that it was sharded across threads, and that ensuring each sharded mutex occupies a single cache line to mitigate false sharing. So while contention may still impact performance in some cases, it should be a lot better now.

Because of the changes to how the free-list works, please report any issues you find with this release. That not only includes search time regressions but also significant regressions in memory usage. Reporting improvements is also welcome as well! If possible, provide a reproduction.

Bug fixes:

• [BUG #934](rust-lang/regex#934): Fix a performance bug where high contention on a single regex led to massive slow downs.

1.9.4 (2023-08-26)

This is a patch release that fixes a bug where RegexSet::is_match(..) could incorrectly return false (even when RegexSet::matches(..).matched_any() returns true).

Bug fixes:

• [BUG #1070](rust-lang/regex#1070): Fix a bug where a prefilter was incorrectly configured for a RegexSet.

... (truncated)

Commits

• 554469b 1.9.5
• 48e09a8 deps: bump regex-automata to 0.3.8
• 894dcbe regex-automata-0.3.8
• 135e11b changelog: 1.9.5
• f578d74 automata: reduce regex contention somewhat
• 9a505a1 deps: bump to memchr 2.6
• 15cdc64 cli: remove use of deprecated API
• 329c6a3 ci: use dtolnay@master instead of @​v1
• 2637e11 ci: remove stale comment
• See full diff in compare view

Updates chrono to 0.4.28

Release notes

Sourced from chrono's releases.

0.4.28

This release fixes a test failure on 32-bit targets introduced with 0.4.27, see chronotope/chrono#1234.

Changelog

Sourced from chrono's changelog.

ChangeLog for Chrono

This documents notable changes to Chrono up to and including version 0.4.19. For later releases, please review the release notes on GitHub.

0.4.19

• Correct build on solaris/illumos

0.4.18

• Restore support for x86_64-fortanix-unknown-sgx

0.4.17

• Fix a name resolution error in wasm-bindgen code introduced by removing the dependency on time v0.1

0.4.16

Features

• Add %Z specifier to the FromStr, similar to the glibc strptime (does not set the offset from the timezone name)

• Drop the dependency on time v0.1, which is deprecated, unless the oldtime feature is active. This feature is active by default in v0.4.16 for backwards compatibility, but will likely be removed in v0.5. Code that imports time::Duration should be switched to import chrono::Duration instead to avoid breakage.

0.4.15

Fixes

• Correct usage of vec in specific feature combinations (@​quodlibetor)

0.4.14 YANKED

Features

• Add day and week iterators for NaiveDate (@​gnzlbg & @​robyoung)
• Add a Month enum (@​hhamana)
• Add locales. All format functions can now use locales, see the documentation for the unstable-locales feature.
• Fix Local.from_local_datetime method for wasm

Improvements

... (truncated)

Commits

• 243d26d Bump version to 0.4.28
• 80946ed Fix test_type_types on 32-bit targets
• b6a5244 Add pitdicker as an author
• b5a9850 Bump version to 0.4.27
• 00d389e CI: Skip winapi feature in cargo hack check
• 30b6294 Switch to windows-bindgen
• 9ab0259 Remove hack to accept "UTC" in timezone_offset_zulu
• e985f08 Switch RFC3339 formatting item to relaxed parser to match documentation
• 3f8a500 Use parse_rfc3339 directly in DateTime::parse_from_rfc3339
• ccd7f85 Allow 't' as a seperator between date and time in parse_rfc3339_relaxed
• Additional commits viewable in compare view

Updates temp-env to 0.3.5

Commits

• 8895379 chore: Release temp-env version 0.3.5
• f3e8396 chore: check MSRV for building not for testing (#22)
• 32382de fix: returning result from async closure (#21)
• a1db500 chore: run CI also on MSRV (#20)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions