chore(deps): bump serde-saphyr from 0.0.16 to 0.0.25 in the serde group

[dependabot]

Bumps the serde group with 1 update: serde-saphyr.

Updates serde-saphyr from 0.0.16 to 0.0.25

Release notes

Sourced from serde-saphyr's releases.

0.0.25 Maintenance release

• Fixed deserialization bug (#100) where mixing tagged and #[serde(untagged)] enum variants caused YAML tags to be ignored, leading to incorrect or failed variant resolution.
• Rewritten unit test (ser_coverage_boost.rs) that was triggering the false positive Socket alert (it never ever tried to access the network)
• Fixed taking numbers with preceding or trailing underscores as valid. 100000 is valid and 1000_000 also, but _10, 10_ are no longer. This is consistent with the serializer's auto-quoting policies.
• Publishing to crates.io now uses a trusted publishing workflow.

0.0.24 - remove heavy regex crate

• Regex dependency is now removed using much lighter custom code. Regex was only used to detect numeric-looking strings that deserializer needs to quote (serde-saphyr itself does not need this, done for compatibility with other YAML readers).
• Comment position can now be changed between right from the item the comment describes (default), or above the item it describes. Some teams have rules that comments must be above the items they describe, while numerous short comments look better in-line on the right.
• Direct instantiation of parameter structures is not yet fully disabled, but since this release, such code emits deprecation warnings. We need to migrate to macros because adding any field to the public structure is formally a breaking change unless it is #[non_exhaustive], but then it cannot be instantiated, listing fields at all. Use options! { key: value, key2: value2 } macro. After the 1.0.0 release, we still want to keep adding new options without a "major release".

0.0.23 - compile faster

• Added first-class feature gating for serialize and deserialize, both of which are now enabled by default. Consumers can now build a lighter dependency set by enabling only the side they need. Public re-exports in src/lib.rs are now conditionally exposed based on enabled features:

serde-saphyr = { version = "0.0.23", default-features = false, features = ["deserialize"] }

or

serde-saphyr = { version = "0.0.23", default-features = false, features = ["serialize"] }

Enabling neither feature is now rejected at compile time. This may happen for projects that previously used default-features = false, features=[]. Simple integrations that only specify the version remain backward-compatible.

• This release also fixes serialization of empty Vec at root structure level (#95)

0.0.22 - !include and properties

This release introduces support for !include. While not a standard YAML, multiple existing implementations show the need for this capability.

serde-saphyr now can resolve !include tags through a custom resolver configured via Options. The !include functionality is gated behind the include feature and must also be explicitly enabled by providing a resolver. For convenience, a safety-hardened filesystem-based resolver is available as an additional optional feature (include-fs).

This library also now supports properties, implemented in a Docker Compose-like style:

  database_password: ${DATABASE_PASSWORD}

Properties are implemented to prevent their values from being checked into the repository or from leaking via error snippets or other messages in logs. Tests were written to ensure that the value is never printed on error (please supply the security report if it is). Property values are provided via a custom-supplied HashMap, so up to the user how to store them safely, or maybe even generate them.

Other improvements

• Full support for JSON-style Unicode surrogate pairs in quoted strings. serde-saphyr now correctly decodes valid UTF-16 surrogate pair escapes such as \uD834\uDD1E into a single Unicode scalar, matching the equivalent YAML \U form. We also expanded the JSON compatibility test coverage with dedicated cases for objects, arrays, URLs, Unicode escapes, numbers, booleans, and null, and the full related test suite now passes.
• Indentation checking. Adding or removing a single space in YAML indentation may result in a document that is still syntactically correct but semantically wrong. To mitigate such issues, serde-saphyr can enforce indentation rules during deserialization via RequireIndent.
• Support options for to_string_multiple, #87. Thanks, Eirik A @​clux)
• Fixed merge key expansion that bypassed duplicate-key enforcement. Now, merge keys also require all keys to be unique. However, if you rely heavily on overriding key values during merge, you can set DuplicateKeyPolicy in Options to

0.0.20 Maintenance release - coverage

In this release, we primarily focused on improving code coverage. While adding more tests, we uncovered a couple of bugs. Although these are edge cases, we decided to publish a new release.

• Fixed parsing of numeric values with the !!str tag into weakly typed structures such as serde_json::Value.
• Fixed Spanned to work correctly with serde flatten, untagged, and internally/adjacently tagged representations without errors. Location information is preserved when possible; otherwise, it is set to unknown. Tests were updated accordingly.
• Code coverage is now tracked automatically (codecov badge added). There are also Mac and Windows tests now as well that might catch subtle cases relevant to line endings.

... (truncated)

Commits

• 4574e6a Improved publish flow
• 4e9bb9f Improved publish flow
• 7a61ba2 Run also last publishing on github
• 811b756 Run also last publishing on github
• 49660a6 Fix cargo path
• b069da1 Added note flow must run manually from tag
• 6729164 Use github runner for release
• 85434f1 Number of tests go over 2000
• cc4b699 Formatting and more Clippy fixes. Formatting and clippy checks are now in rel...
• fc306c8 Clippy warning fixes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.