build(deps): bump the cargo group with 16 updates

[dependabot]

Bumps the cargo group with 16 updates:

Package	From	To
web-async	0.1.3	0.1.4
web-transport-trait	0.3.5	0.3.6
bytes	1.11.1	1.12.0
regex	1.12.3	1.12.4
serde_with	3.20.0	3.21.0
smallvec	1.15.1	1.15.2
cbindgen	0.29.2	0.29.4
tower-http	0.6.11	0.7.0
uniffi	0.31.1	0.31.2
memchr	2.8.0	2.8.2
rustls-native-certs	0.8.3	0.8.4
socket2	0.6.3	0.6.4
time	0.3.47	0.3.49
chrono	0.4.44	0.4.45
str0m	0.19.0	0.20.0
uuid	1.23.1	1.23.3

Updates web-async from 0.1.3 to 0.1.4

Release notes

Sourced from web-async's releases.

web-async-v0.1.4

Added

• (web-async) add portable time module (#38)

Commits

• 62b7bf8 chore(web-codecs): release v0.3.10 (#40)
• fa8b513 feat(web-async): add portable time module (#38)
• 5251388 fix(web-codecs): VideoFrame::timestamp returns f64 in web-sys 0.3.100 (#39)
• See full diff in compare view

Updates web-transport-trait from 0.3.5 to 0.3.6

Release notes

Sourced from web-transport-trait's releases.

web-transport-trait-v0.3.6

Added

• (qmux) honor per-stream send priority (sendOrder) (#246)

Commits

• ffc2a0c chore: release (#241)
• 820f5f1 fix(quiche): don't tear down the connection when resetting a closed stream (#...
• 7f16cdd test(py): remove unsupportable send-reset-on-exception test (#250)
• 3f71a13 qmux: replace withoutProtocol with requireProtocol, default to lenient (0.1.2...
• b864240 ci: drop python checks and claude review workflow (#249)
• 53c40f8 feat(qmux): prioritized send scheduler + @​moq/web-socket-stream polyfill (#247)
• 4092c5d feat(qmux): honor per-stream send priority (sendOrder) (#246)
• df9d28a fix: make @​moq/web-transport importable under Node ESM (napi.cjs) (#245)
• c1ea02f qmux: bump to 0.1.1 (JS and Rust) (#244)
• cf87bcc qmux: (alpn, version) entries for cross-draft negotiation (#243)
• Additional commits viewable in compare view

Updates bytes from 1.11.1 to 1.12.0

Release notes

Sourced from bytes's releases.

Bytes v1.12.0

1.12.0 (June 18th, 2026)

Added

• Add BytesMut::extend_from_within() (#818)
• Add BytesMut::try_unsplit() (#746)

Fixed

• Fix panic in get_int if nbytes is zero (#806)

Changed

• Pass vtable data by value (#826)
• Exclude development scripts from published package (#810)

Documented

• Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)

Changelog

Sourced from bytes's changelog.

1.12.0 (June 18th, 2026)

Added

• Add BytesMut::extend_from_within() (#818)
• Add BytesMut::try_unsplit() (#746)

Fixed

• Fix panic in get_int if nbytes is zero (#806)

Changed

• Pass vtable data by value (#826)
• Exclude development scripts from published package (#810)

Documented

• Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)

Commits

• 91402ce Release bytes v1.12.0 (#831)
• 2256e6d chore: add safety comments on unsafe blocks (#827)
• 245adff Pass vtable data by value (#826)
• 00cc5ff Implement BytesMut::extend_from_within (#818)
• 5b79d31 Merge tag 'v1.11.1'
• 804ee6d Make try_unsplit method public (#746)
• fd426ca Exclude development scripts from published package (#810)
• b4ed70d Add test for copy_to_bytes() -> BytesMut avoiding clone (#809)
• 94e4291 Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capac...
• acd1e0f Fix get_int if nbytes is zero (#806)
• See full diff in compare view

Updates regex from 1.12.3 to 1.12.4

Changelog

Sourced from regex's changelog.

1.12.4 (2025-06-09)

This release includes a performance optimization for compilation of regexes with very large character classes.

Improvements:

• #1308: Avoid re-canonicalizing the entire interval set when pushing new class ranges.

Commits

• 7b96fdc 1.12.4
• 7b89cf0 deps: update to regex-syntax 0.8.11
• 1401679 regex-syntax-0.8.11
• d709000 changelog: 1.12.4
• 9825c74 syntax: avoid re-canonicalizing the entire IntervalSet on push (#1308)
• a7f2ff6 docs: clarify regex-lite word boundaries
• 2c7b172 docs: clarify unsupported Anchored::Pattern searches
• 839d16b regex-syntax-0.8.10
• c4865a0 syntax: fix negation handling in HIR translation
• d8761c0 cargo: also include benches
• Additional commits viewable in compare view

Updates serde_with from 3.20.0 to 3.21.0

Release notes

Sourced from serde_with's releases.

serde_with v3.21.0

Security

• GHSA-7gcf-g7xr-8hxj: KeyValueMap serialization panics on empty sequence or map entries Bad or attacker controlled values could cause a panic while allocating too large values. Fixed in #966 by setting a maximum allocation size during the creation of collections like Vec or sets.

  Thanks to @​7thParkk for reporting the issue.

Added

• Add NoneAsZero adapter that maps Option<NonZero*> to a plain integer, encoding None as 0 by @​SAY-5 (#486)

Changed

• Re-enable link-to-definition on docs.rs (#964)

Fixed

• Fix some doc links to point to the correct types (#963)
• Re-enable unused_qualifications and fix the resulting findings by @​lms0806 (#962)

Commits

• 0f4ca67 Update changelog for 3.21.0 (#967)
• 7654841 Update changelog for 3.21.0
• c8a1d82 Protect all collection creations against capacity overflow by using `size_hin...
• 6ad5fa5 Properly feature gate the vec_with_capacity_cautious function
• ef7d141 Protect all collection creations against capacity overflow by using `size_hin...
• a348da3 Add serde_as deserialize_as explain (#958)
• 2e5bc20 Bump the github-actions group with 3 updates (#965)
• 927a3d6 Bump the github-actions group with 3 updates
• 62d14ec Enable link-to-definition on docs.rs again, after the upstream issue was reso...
• 4584d94 Enable link-to-definition on docs.rs again, after the upstream issue was reso...
• Additional commits viewable in compare view

Updates smallvec from 1.15.1 to 1.15.2

Release notes

Sourced from smallvec's releases.

v1.15.2

What's Changed

• Exclude development script from cargo packaging by @​weiznich in servo/rust-smallvec#397
• Fix use-after-free in DrainFilter::keep_rest for SmallVec with capacity 0 by @​Shnatsel in servo/rust-smallvec#407
• Work around rustc 1.93 perf regression with MaybeUninit by @​glandium in servo/rust-smallvec#410

New Contributors

• @​Shnatsel made their first contribution in servo/rust-smallvec#407
• @​glandium made their first contribution in servo/rust-smallvec#410

Full Changelog: servo/rust-smallvec@v1.15.1...v1.15.2

Commits

• c469051 Bump version.
• 9fe422b Fix Windows CI.
• 51b965f Work around rustc 1.93 perf regression with MaybeUninit
• 9da26a5 Fix use-after-free in DrainFilter::keep_rest for zero-capacity SmallVecs
• 79184f1 Add Miri test for use-after-free in DrainFilter::keep_rest
• f59fb36 Merge pull request #397 from GiGainfosystems/exclude_scripts
• 28b6ed7 Exclude development script
• See full diff in compare view

Updates cbindgen from 0.29.2 to 0.29.4

Release notes

Sourced from cbindgen's releases.

0.29.4

• Support constant enums and arrays.

0.29.3

• Expose the line_endings config option to use with the builder
• Fix doc attribute parsing to properly handle block comments
• Check for CMSE ABI's as well
• ci: Add a meta job to block the merge queue on it.
• Allow pub access to ReprType fields
• In C23 mode, define sized enums as enums rather than typedefs.

0.29.2

• Request serde's std feature to avoid issues with newer toml versions.

0.29.1

• cf13c2b enum: Track dependencies properly in enumerations.
• 307d1e9 constant: Handle cfg in associated constants.
• 0902d02 Remove "display" feature from the toml crate
• 9068410 Fix incorrect detection of duplicated constants
• 451e768 docs: Correct after_include type in example config (fix)
• aff68c6 cargo update
• 09666f6 Update toml to 0.9

0.29.0

• Support no-export annotation for statics and functions.
• Fixed conditional fields of constexpr literal structs
• Add rename rule for generated associated constant
• Upgrade heck to 0.5
• Add support for an optional nullable attribute
• docs.md: Fix deprecated_with_note and deprecated_variant_with_note being spelled as 'notes'
• Fix generic with "void" default
• Fixed error generation of structures using the keyword as inside arrays
• Added test for unsafe(no_mangle) attribute
• Fixed handling of trait methods containing the unsafe attribute
• Rename -Zparse-only

0.28.0

• Parse unsafe attributes in mozilla/cbindgen#1020
• Fix local override of enum prefix-with-name by jsgf in mozilla/cbindgen#1006
• Add rename-all=prefix in mozilla/cbindgen#1021
• ir: add support for UnsafeCell and SyncUnsafeCell by alekitto in mozilla/cbindgen#1003
• Implement mangling for arrays in mozilla/cbindgen#1022
• Fix: Ignore CARGO_BUILD_TARGET in tests by bryango in mozilla/cbindgen#1010
• Newline for each field for constexpr field constants by youknowone in mozilla/cbindgen#988

... (truncated)

Changelog

Sourced from cbindgen's changelog.

0.29.4

  * Support constant enums and arrays.

0.29.3

  * Expose the line_endings config option to use with the builder
  * Fix doc attribute parsing to properly handle block comments
  * Check for CMSE ABI's as well
  * ci: Add a meta job to block the merge queue on it.
  * Allow `pub` access to `ReprType` fields
  * In C23 mode, define sized enums as enums rather than typedefs.

Commits

• b826cb8 Bump version.
• 7b328f1 tests: Add some tests for constant enums.
• 6c5bb1f ir: Add support for arrays.
• 3b1305a ir: Allow constant literals with enum variants.
• 4cf7500 ir: Use Path for ConstExprs.
• b5f2a97 Bump version to 0.29.3 and update CHANGES doc
• dfae10a tests: Fix tests with modern gcc.
• b16c1d2 Use C++ fixed-type enumeration syntax under C23 (or higher) as well
• b68b027 Allow pub access to ReprType fields
• See full diff in compare view

Updates tower-http from 0.6.11 to 0.7.0

Release notes

Sourced from tower-http's releases.

tower-http-0.7.0

Changes since 0.6.11

Added

• csrf: add cross-site request forgery (CSRF) protection middleware, porting the cross-origin protection scheme introduced in Go 1.25 (#699)

  use tower::ServiceBuilder;
  use tower_http::csrf::CsrfLayer;
  // Rejects cross-origin state-changing requests using Sec-Fetch-Site,
  // an Origin allow-list, and an Origin/Host fallback. No per-request
  // token state required.
  let layer = CsrfLayer::new().add_trusted_origin("https://example.com")?;
  let service = ServiceBuilder::new().layer(layer).service_fn(handler);

• timeout: add DeadlineBody for non-resetting body timeouts, applied via the new RequestBodyDeadlineLayer and ResponseBodyDeadlineLayer (#688)

  Unlike TimeoutBody, which resets its deadline on every frame, DeadlineBody caps the total time of a body transfer. A slow client trickling one byte at a time never trips an idle timeout but will trip a deadline.

  use std::time::Duration;
  use tower::ServiceBuilder;
  use tower_http::timeout::RequestBodyDeadlineLayer;
  // Abort the request body transfer after 30s total, regardless of how
  // frequently data arrives.
  let service = ServiceBuilder::new()
  .layer(RequestBodyDeadlineLayer::new(Duration::from_secs(30)))
  .service_fn(handler);

• fs: add strong ETag support to ServeDir, including If-Match and If-None-Match precondition handling per RFC 9110. 304 Not Modified responses now carry the ETag and Last-Modified validators (#691)

• fs: add a Backend trait to make ServeDir work with non-filesystem sources (e.g. embedded assets or object storage). The default TokioBackend preserves existing behavior. Use ServeDir::with_backend() to plug in custom implementations (#684)

  use tower_http::services::fs::ServeDir;
  // MyBackend implements tower_http::services::fs::Backend.
  // The default ServeDir::new() continues to use TokioBackend (local FS).
  let service = ServeDir::with_backend("assets", MyBackend::new());

• fs: add html_as_default_extension option to ServeDir, appending .html when the request path has no extension (#519)

• fs: add redirect_path_prefix option to ServeDir, prepending a prefix on trailing-slash redirects so the service can be mounted under a sub-path (#486)

• validate-request: add ValidateRequestHeaderLayer::has_header_value() to reject requests when a header does not have an expected value (#360)

• body: UnsyncBoxBody::new() constructor and From<ServeFileSystemResponseBody> conversion to avoid double-boxing when combining ServeDir responses with other body types (#537)

• limit: implement Default for limit::ResponseBody when the wrapped body also implements Default (#679)

Changed

... (truncated)

Commits

• b194fcf v0.7.0
• af828a6 feat(follow_redirect)!: preserve request extensions across redirects (#706)
• 8cb8d99 feat(ValidateRequestHeaderLayer): add has_header("...").with_value("...") fun...
• 3b56d2d feat!: Add configurable Backend trait for ServeDir, bump MSRV 1.65 (#684)
• 8508716 Add redirect_path_prefix option (#486)
• 56327b2 Add Windows drive-prefix path regression test (#705)
• 54c6db8 feat(compression)!: upgrade SizeAbove threshold from u16 to u64 (#704)
• 68cd6d8 Add DeadlineBody for non-resetting body timeouts (#688)
• fa8a98c feat(fs): add strong ETag support to ServeDir (#691)
• 36d2205 fix: Make SetMultiple*Header Clone for !Clone http bodies (#703)
• Additional commits viewable in compare view

Updates uniffi from 0.31.1 to 0.31.2

Changelog

Sourced from uniffi's changelog.

v0.31.2 (backend crates: v0.31.2) - (2026-06-16)

What's Fixed

• Kotlin: Fixed JNA direct-mapped u8/u16 return values by widening the internal return carrier to Int, which avoids signedness mismatches during checksum validation and other direct-return paths on Android ARM32. (#2897)
• Kotlin: Fix async functions that return an external/RustBuffer type
• Swift: Fixed FfiConverterString silently stripping a leading U+FEFF byte order mark from Rust strings.
• Swift: Prevent strict concurrency warning with callback interface tables

All changes in v0.31.2.

Commits

• 05b45b1 chore: Release
• 7a0eb62 chore: Release
• d4d26c6 Adding changelog entries for 0.31.2
• 9b81f26 Fix compile error message to point out missing CARGO_MANIFEST_DIR
• f29bc2d Fix Kotlin JNA unsigned small integer direct returns
• 9a11123 Fix Kotlin async external RustBuffer returns
• 04f196a swift: nonisolated(unsafe) on callback vtablePtr
• cef4501 Swift: preserve leading U+FEFF byte order mark in FfiConverterString
• b4153d4 fix: sort uniffi_traits to ensure deterministic code generation
• See full diff in compare view

Updates memchr from 2.8.0 to 2.8.2

Commits

• a61ac1a 2.8.2
• a08bf90 arch: fix undefined behavior in lower level (but public) APIs
• b41293b rebar: update memchr to latest
• 87467c9 impl: remove unnecessary clones in into_owned impls
• ff7dca7 2.8.1
• 016878a target: fix aarch64_be endianness bug
• ee18717 docs: add AI policy for contributors
• db1a77d build(deps): bump actions/checkout in the actions group (#212)
• c8abbe1 Hash-pin all actions, drop persisted credentials (#210)
• 24f5daa lint: fix clippy get_first
• Additional commits viewable in compare view

Updates rustls-native-certs from 0.8.3 to 0.8.4

Release notes

Sourced from rustls-native-certs's releases.

0.8.4

What's Changed

• Exclude development script by @​weiznich in rustls/rustls-native-certs#216
• Update README.md with CertificateResult by @​jleffell in rustls/rustls-native-certs#225
• chore(docsrs): make docs.rs build work by @​joshuachp in rustls/rustls-native-certs#222
• Ignore empty entries in SSL_CERT_DIR by @​sliekens in rustls/rustls-native-certs#242

Commits

• 9d1f11e Bump version to 0.8.4
• a008aa1 Take semver-compatible dependency versions
• 26d43e3 Ignore empty entries in SSL_CERT_DIR
• 4d4f4de build(deps): bump serial_test from 3.4.0 to 3.5.0 in the crates-io group
• 8707835 Take semver-compatible dependency updates
• f89af49 Apply suggestions from nightly clippy
• 4ea7b7b build(deps): bump rustls from 0.23.38 to 0.23.39 in the crates-io group
• fa48b0a Take semver-compatible dependency updates
• 559fd3d build(deps): bump the crates-io group with 2 updates
• 0346ae5 Take semver-compatible dependency updates
• Additional commits viewable in compare view

Updates socket2 from 0.6.3 to 0.6.4

Changelog

Sourced from socket2's changelog.

0.6.4

• Implement Send for MsgHdr(Mut) (rust-lang/socket2#650).
• Add support for horizonOS/n3ds (rust-lang/socket2#653).
• Switch QNX 8.0 and 7.1 to use TCP_KEEPIDLE instead of TCP_KEEPALIVE (rust-lang/socket2#654).
• Fixed an issue on Windows where for Socket::only_v6 sometimes booleans are 1 byte other times it's 4 bytes (rust-lang/socket2#655).

Commits

• See full diff in compare view

Updates time from 0.3.47 to 0.3.49

Release notes

Sourced from time's releases.

v0.3.49

See the changelog for details.

v0.3.48

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.49 [2026-06-13]

Fixed

• Due to a long-standing bug in the Rust compiler, v0.3.48 caused a number of crates to stop compiling. A patch has been added that avoids triggering the bug.

0.3.48 [2026-06-12] [YANKED]

Security

• The number of digits parsed by [subsecond digits:1+] is capped at 32 to avoid parsing unbounded user input. Digits after the 9th have no semantic meaning.
• Explicitly specify #[repr] for Weekday. The value of the variants is relied upon in multiple locations for soundness. The practical effect of this change is nothing, as Rust has always mapped C-like enums to 0..N in memory.

Compatibility

• Non-UTF-8 formatting and parsing is deprecated without replacement. It is recommended to only format and parse valid UTF-8.
• format_description::parse is deprecated. It is recommended to use format_description::parse_borrowed::<3> or format_description::parse_owned::<3>.

Added

• All types in the unit module have a generic parameter, though this is currently not used for much. Usage will be expanded in the future.
• Comparisons between types in the unit module and the generic Unit type are permitted.
• Support for rand 0.10
• Version 3 format descriptions
  • Only UTF-8 is supported. As a side effect of this, [ignore] requires that the remaining input not begin mid-codepoint.
  • Representation is deliberately opaque to allow for arbitrary changes going forward.
  • format:false is supported on [optional] components. This is not possible in version 1 and version 2 format descriptions due to API compatibility.
  • The time::serde::format_description! macro uses a new, clearer syntax for version 3.
    • time::serde::format_description!(mod foo [Date] = "[year]-[month]-[day]");
    • Unlike version 1 and version 2 format descriptions, the type is not automatically brought into scope. You must import it yourself.
  • Nonsensical combinations of modifiers are rejected. For example, you cannot specify case-sensitivity when parsing a numerical month.
  • [year] defaults to range:standard
  • Components and modifiers are case sensitive (and always lowercase).

Changed

• The convert module has been renamed to unit.

Fixed

... (truncated)

Commits

• ff8683c v0.3.49 release
• f189886 fix: resolve E0119 trait coherence error in rustc >= 1.95.0
• 5d8737c v0.3.48 release
• 1bfca87 Use widen instead of extend in sys code
• c57284f fix: return error instead of panicking on truncated strftime padding modifier
• a74f35f Use v3 format descriptions for serde defaults
• 96ff36c Allow eliding serde format description version
• edc58b1 Permit duplicates in v1/v2 in permit_modifiers!
• a838f69 Bump codecov action
• f2f99f8 Fix unused warning
• Additional commits viewable in compare view

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

• fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow by @​SAY-5 in chronotope/chrono#1787
• tz_data: fix tzdata locations on Android by @​caruschalalamove in chronotope/chrono#1789

Commits

• 1703382 Prepare 0.4.45 release
• 881f9ab tz_data: fix tzdata locations on Android
• f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
• c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
• 120686c Bump codecov/codecov-action from 5 to 6
• See full diff in compare view

Updates str0m from 0.19.0 to 0.20.0

Changelog

Sourced from str0m's changelog.

0.20.0

• Update dimpl to 0.6.2 and sctp-proto to 0.9.1
• Fix repeated rx lookup cleanup bug #965
• Fix permissive vp8 depacketizer for invalid l=1,t=0 cases (breaking) #963
• Add VP8 descriptor parsing and vp8_patch() to RtpWrite #963
• write_rtp() now takes a RtpWrite builder (breaking) #963
• Add abs-capture-time writer support and fixed receiver-side (breaking) #964
• Add stereo to opus format params #955
• Use Arc<[u8]> as input/output of media data (breaking) #959

is-0.9.1

• Expose ICE candidate pair RTT in CandidatePairStats #962

Commits

• dbf9fa0 str0m-proto 0.5.1, str0m-aws-lc-rs 0.4.1, str0m-rust-crypto 0.4.1, str0m-appl...
• 5ed1a45 str0m 0.20.0
• fbbbde3 Fix peer media stats counters
• 36c1b8f fix bug to avoid repeated rx lookup cleanup
• 89145d2 SDP doc
• 60f091f RTP write API
• d84d6e0 fix: abs-capture-time dropped on receiver
• 0a64067 feat: add ICE candidate pair RTT stats to CandidatePairStats
• 62d1ec5 Use Arc<[u8]> for RTP and media payloads
• 8c09015 Fix typo
• Additional commits viewable in compare view

Updates uuid from 1.23.1 to 1.23.3

Release notes

Sourced from uuid's releases.

v1.23.3

What's Changed

• Fix up parser panic on empty input by @​KodrAus in uuid-rs/uuid#886
• Prepare for 1.23.3 release by @​KodrAus in uuid-rs/uuid#887

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3

v1.23.2

What's Changed

• Improve error messages for ambiguous formats by @​KodrAus in uuid-rs/uuid#882
• Prepare for 1.23.2 release by @​KodrAus in uuid-rs/uuid#883

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

Commits

• 20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
• 62232ca prepare for 1.23.3 release
• 2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
• 2d034d4 fix some invalid indexers on error reporting
• a8b9f14 update fuzz infra and run in CI
• d119657 Merge pull request #883 from uuid-rs/cargo/v1.23.2
• 0651cfc prepare for 1.23.2 release
• e8dea0c Merge pull request #882 from uuid-rs/fix/error-msgs
• bdc429a fix up serde messages
• d4342e4 make indexes 0 based and fix up more error messages
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions