Skip to content

chore(deps): bump regex from 1.12.4 to 1.13.1#135

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/regex-1.13.1
Open

chore(deps): bump regex from 1.12.4 to 1.13.1#135
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/regex-1.13.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps regex from 1.12.4 to 1.13.1.

Changelog

Sourced from regex's changelog.

1.13.1 (2026-07-15)

This is a release that fixes a bug where incorrect regex match offsets could be reported. Note that this doesn't impact whether a match occurs or not, just where it occurs. The match offsets are still valid for slicing, they just may not refer to the correct leftmost-first match. See #1364 for (many) more details.

Bug fixes:

  • #1354: Fixes previously unsound reverse suffix and inner optimizations.

1.13.0 (2026-07-09)

This release includes a new API, a regex! macro, for lazy compilation of a regex from a string literal. If you use regexes a lot, it's likely you've already written one exactly like it. The new macro can be used like this:

use regex::regex;
fn is_match(line: &str) -> bool {
// The regex will be compiled approximately once and reused automatically.
// This avoids the footgun of using Regex::new here, which would
// guarantee that it would be compiled every time this routine is called.
// This would likely make this routine much slower than it needs to be.
regex!(r"bar|baz").is_match(line)
}
let hay = "
path/to/foo:54:Blue Harvest
path/to/bar:90:Something, Something, Something, Dark Side
path/to/baz:3:It's a Trap!
";
let matches = hay.lines().filter(|line| is_match(line)).count();
assert_eq!(matches, 2);

Improvements:

  • #709: Add a new regex! macro for efficient and automatic reuse of a compiled regex.
Commits
  • 2b52759 1.13.1, redux
  • 40e9823 1.13.1
  • 75fcb96 changelog: 1.13.1
  • 64ad0b6 automata: fix bug in reverse suffix/inner optimization
  • fa91c31 automata: fix a bug caught by Codex review
  • 30390ec automata: formatting tweaks
  • 821a8eb automata: refactor reverse suffix/inner search slightly
  • 10afd70 automata: expose the extracted literals for inner literal extraction
  • 8c34f41 automata: avoid reverse suffix optimization for non-leftmost-first
  • 5524f02 test: add regression tests for failed reverse suffix/inner optimizations
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Bump regex dependency from 1.12.4 to 1.13.1

Updates the regex crate in Cargo.lock to pick up the latest upstream release.

Macroscope summarized c9fc6f8.

Bumps [regex](https://github.com/rust-lang/regex) from 1.12.4 to 1.13.1.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](rust-lang/regex@1.12.4...1.13.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-version: 1.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: rust. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 17, 2026
@dependabot
dependabot Bot requested a review from KooshaPari as a code owner July 17, 2026 19:56
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 17, 2026
@codeant-ai

codeant-ai Bot commented Jul 17, 2026

Copy link
Copy Markdown

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Repo admins can enable using credits for code reviews in their settings.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedcargo/​regex@​1.12.4 ⏵ 1.13.110010093100100

View full report

@sonarqubecloud

Copy link
Copy Markdown

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Risk: low. Approving this narrow Dependabot regex patch bump (Cargo.lock only); Cursor Bugbot was not present on this PR. No additional reviewers assigned.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@kilo-code-bot

kilo-code-bot Bot commented Jul 17, 2026

Copy link
Copy Markdown

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Overview

This is a Dependabot-bot-authored PR bumping the regex crate from 1.12.4 to 1.13.1 (and its transitive regex-automata from 0.4.14 to 0.4.16). The only file changed is Cargo.lock; no source code is touched.

The upstream changelog indicates 1.13.1 is a bug-fix release that corrects incorrect match offsets (a soundness fix for reverse suffix/inner optimizations), and 1.13.0 adds a new regex! macro without altering the existing public API. This is a semver-compatible minor bump. External gates pass: Socket supply-chain/vulnerability/quality scores are 100/100/93 and SonarCloud quality gate passed with 0 new issues.

  • No inline comments were necessary (no changed source lines).
  • Verified the lockfile version and checksum entries are correctly updated for both regex and regex-automata.
Files Reviewed (1 file)
  • Cargo.lock - no issues (version + checksum bumps only)

Reviewed by hy3:free · Input: 35.5K · Output: 1.2K · Cached: 67.7K

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants