update dependencies / lockfile

[striezel]

Updating cortex-a v7.2.0 -> v7.4.0
Updating getrandom v0.2.5 -> v0.2.7
Updating libc v0.2.121 -> v0.2.126
Updating memchr v2.4.1 -> v2.5.0
Updating num-complex v0.4.0 -> v0.4.2
Updating num-integer v0.1.44 -> v0.1.45
Updating num-iter v0.1.42 -> v0.1.43
Updating num-rational v0.4.0 -> v0.4.1
Updating num_threads v0.1.5 -> v0.1.6
Updating once_cell v1.12.1 -> v1.13.0
Updating paste v1.0.6 -> v1.0.7
Updating proc-macro2 v1.0.36 -> v1.0.40
Updating quote v1.0.17 -> v1.0.20
Updating redox_syscall v0.2.12 -> v0.2.13
Updating syn v1.0.89 -> v1.0.98
Adding unicode-ident v1.0.1
Removing unicode-xid v0.2.2
Updating wasi v0.10.2+wasi-snapshot-preview1 -> v0.11.0+wasi-snapshot-preview1

[mkroening]

Thanks! I am wondering why these don't get picked up by Dependabot. 🤔

bors r+

[striezel]

I am wondering why these don't get picked up by Dependabot.

Not sure. I might be wrong here, but my guess would be that Dependabot only does updates that fix a known security vulnerability. This can probably be changed in the bot's configuration.

[mkroening]

I am wondering why these don't get picked up by Dependabot.

Not sure. I might be wrong here, but my guess would be that Dependabot only does updates that fix a known security vulnerability. This can probably be changed in the bot's configuration.

That should not be the case. Dependabot is configured to monitor Cargo.toml, Cargo.lock and xtask/Cargo.toml for any dependency updates. Dependabot happily updates many dependencies which are only present in the lockfile and are not security critical: All Dependabot PRs. Security warnings by github-actions look like this: #164

[bors]

Build failed:

• ci/gitlab/git.rwth-aachen.de

[mkroening]

bors retry

[bors]

Build succeeded:

• aarch64 tests (ubuntu-latest)
• ci/gitlab/git.rwth-aachen.de
• Clippy
• Doc
• Format
• x86 tests (macos-latest)
• x86 tests (ubuntu-latest)
• x86 tests (windows-latest)