Commit Graph

11652 Commits

Author SHA1 Message Date
Bevy Auto Releaser a74009b22e chore: Release 2026-06-21 16:55:28 +00:00
François Mockers 718a71198e Fix version bump ci (#24693)
# Objective

- Workflow fails because of a missing `\`:
https://github.com/bevyengine/bevy/actions/runs/27897567873/job/82551836353

## Solution

- Add it
- Also exclude bevy_city
2026-06-21 16:04:09 +00:00
ickshonpe ec0cc1d4f5 Remove radio button comment (#24685)
# Objective

Remove a comment about check mark construction amongst the radio button
components that must have been copied from the checkbox widget
implementation by mistake.
2026-06-21 08:34:55 +00:00
Jasmine Lowen 🦁 6645810a9f docs: fixup of run condition docs (or_else) (#24677)
It seems like the docs before this change were leftovers from the old
methods. They didn't really reflect the current state and suggested
using the deprecated methods.
2026-06-21 07:31:36 +00:00
ickshonpe 8ce450bd98 Another text measurement fix (#24669)
# Objective

Text is wrapped to fit inside the node's content box but the node is
sized as though the text isn't wrapped.

Fixes #24664

## Solution

Subtract the total of the horizontal padding and border insets.

## Testing

Added the replication from #24664 to `testbed_ui`'s `TextWrap` scene:
```
cargo run --example testbed_ui -- textwrap
```

<img width="500" alt="image"
src="https://github.com/user-attachments/assets/e37884d1-7ae6-4aab-b16f-c5af004f5556"
/>

---

The other examples, particularly `text_debug`, shouldn't demonstrate any
changes.

---------

Co-authored-by: Dimitrios Loukadakis <dloukadakis@users.noreply.github.com>
2026-06-21 07:30:04 +00:00
François Mockers 1804890903 bevy_scene: don't use std Result (#24666)
# Objective

- bevy_scene doesn't build in non std

```
error: used import from `std` instead of `core`
   --> crates/bevy_scene/src/scene.rs:245:10
    |
245 |     ) -> std::prelude::v1::Result<(), ResolveSceneError> {
    |          ^^^ help: consider importing the item from `core`: `core`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/rust-1.96.0/index.html#std_instead_of_core
    = note: `-D clippy::std-instead-of-core` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::std_instead_of_core)]`

error: could not compile `bevy_scene` (lib) due to 1 previous error
```

- triggered on 0.19 CI:
https://github.com/bevyengine/bevy/actions/runs/27730550478/job/82036465625

## Solution

- don't use std `Result`

## Testing

- Built locally
2026-06-19 19:59:28 +00:00
codecnotsupported f01eff8b55 Fix PanCamera mouse button check (#24659)
# Objective

Fix PanCamera to check which that the correct mouse button is used, not
just any.
Change default pan mouse button to middle mouse button.

## Solution

Add check.

## Testing

- Did you test these changes? If so, how?
- Tested in local test environment, then like a cave man, copy & pasted
the changes into github's text editor of the fork.

---------

Co-authored-by: N/A <N/A>
2026-06-19 04:00:00 +00:00
Mira f2f858494d Clearer QueryAccessError & has_conflicts docs (#24651)
Fixes #24644
2026-06-17 19:25:03 +00:00
Uche Okwo 86176d177f give immutable access to SystemWithAccess::system (#24652)
This change adds a `SystemWithAccess::system` method to give back access
to the ScheduleSystem without exposing it to mutation.

# Objective

To prevent mutation, [this PR][thePR] made all fields of
`SystemWithAccess` private.

However, external crates (in my case, `bevy_mod_debugdump`) need access
to `&ScheduleSystem`, which the PR made impossible.

## Solution

Add `SystemWithAccess::system` to allow accessing the contained
`ScheduleSystem` immutably

## Testing

- Did you test these changes? If so, how?
No
- Are there any parts that need more testing?
No
- How can other people (reviewers) test your changes? Is there anything
specific they need to know?
N/A
- If relevant, what platforms did you test these changes on, and are
there any important ones you can't test?'
N/A

[thePR]: https://github.com/bevyengine/bevy/pull/23443
2026-06-17 19:23:10 +00:00
Dan Aloni 7496e1b639 light: add SunDisk::MARS preset for Mars atmosphere (#24618)
In the atmosphere example we can change between Earth and Mars, but the
size of the sun does not change. This somewhat bothered me from an
astronomical accuarcy.

This commit introduces a new `SunDisk::MARS` constant to accurately
represent the sun’s apparent size when viewed from Mars. The
implementation updates the documentation and adds the corresponding
constant with an angular size of ~21 arcminutes (0.00615 radians).

Key modifications:

- Added `SunDisk::MARS` constant in `directional_light.rs`
- Updated documentation to reference the new Mars preset
- Modified `atmosphere` example to switch sun disk alongside atmosphere
presets

I tested this manually.

---------

Co-authored-by: Máté Homolya <mate.homolya@gmail.com>
Co-authored-by: Alice Cecile <alice.i.cecile@gmail.com>
2026-06-17 17:46:34 +00:00
Kevin Chen 27e106b938 Update variadics_please requirement from 1.1 to 2.0 (#24640)
# Objective

- Adopts #24304 

## Solution

- Upgrading caused some `large_enum_variant` warnings. I box’ed the
affected variants.
- From the original Dependabot PR:
 
Updates the requirements on
[variadics_please](https://github.com/bevyengine/variadics_please) to
permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bevyengine/variadics_please/blob/main/RELEASES.md">variadics_please's
changelog</a>.</em></p>
<blockquote>
<h2>Version 2.0.0</h2>
<ul>
<li>Switch from <code>syn</code> to <code>unsynn</code>
<ul>
<li><a
href="https://fasterthanli.me/articles/the-virtue-of-unsynn"><code>syn</code>
is known to be a major compile time bottleneck</a>. To improve the
situation for users of <code>variadics_please</code>, we switched to
<code>unsynn</code>, which is the alternative used by <a
href="https://fasterthanli.me/articles/introducing-facet-reflection-for-rust"><code>facet</code></a>.</li>
<li>The compile time speedup depends on your local setup and the
complexity of the macro invocation,
but on one test setup, the cold compilation time went from about 2.16
seconds to 0.56 seconds.</li>
<li>The code generated by <code>variadics_please</code> should be
identical to before.
Our Error messages may look a bit different now, but they should be just
as readable.
If you encounter any weird behavior or diagnostics, let us know.</li>
</ul>
</li>
<li>Use Rust 2024, which bumps the MSRV to <code>1.85.0</code></li>
</ul>
<h2>Version 1.1</h2>
<ul>
<li>added <code>all_tuples_enumerated</code>, which provides the index
of each item in the tuple</li>
</ul>
<h2>Version 1.0.0</h2>
<ul>
<li>initial release
<ul>
<li>code was taken directly from <code>bevy_utils 0.15-rc2</code>, under
a MIT + Apache dual license</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/bevyengine/variadics_please/commits">compare
view</a></li>
</ul>
</details>
<br /> 

I’m assuming the changelog doesn’t look concerning

## Testing

- ci

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-17 17:15:23 +00:00
MostlyMo c9787c9ecd Entitymut doc changes for #24596 (#24631)
# Objective

- Describe the objective or issue this PR addresses.
- Fixes #24596 

## Solution

- Describe the solution used to achieve the objective above.
- Changed get_components methods that use result instead of option to
return the correct type instead of None.
- Moved safety above example for get/into_components_mut 

## Testing

- Did you test these changes? If so, how? Yes, ran "cargo run -p ci --
doc" and tests came back ok
- Are there any parts that need more testing? Not that I'm aware of.
- How can other people (reviewers) test your changes? Is there anything
specific they need to know? Read the comments and check they are
correct. there shouldn't be a fn returning type result that returns None
on the fail.
- If relevant, what platforms did you test these changes on, and are
there any important ones you can't test? N/A

---
2026-06-17 17:14:04 +00:00
Luo Zhihao 0008fd94c8 Reuse heap allocations in prepare_mesh_bind_groups (#24643)
# Objective

Reuse `MeshBindGroups` heap allocations in `prepare_mesh_bind_groups`

## Solution

Reuse heap memory from previously existing `MeshBindGroups` resource.

Also the lightmaps bind groups should be keyed by metadata slab id
otherwise it should be a bug if using vertex compression + lightmap +
webgl2

## Testing

Examples still work
2026-06-17 17:13:45 +00:00
ickshonpe b15e3b3290 EditableText pointer propagation fix (#24632)
# Objective

When an input is in IME composition mode, `EditableText` nodes should
absorb pointer events, not propagate them.

## Solution

Set focus and disable press propagation in `on_pointer_press` for
`EditableText` before the IME and local position return gates.

Disable drag propagation in `on_pointer_drag` for `EditableText` before
the IME composition and local position return gates.

The focus change is probably unnecessary but seems more natural, and
shouldn't result in any changes to observable behaviour.
2026-06-17 15:08:37 +00:00
Christophe Dehais 09d739d67a Derive Copy and Clone for InfiniteGrid (#24633)
Derive `Clone` for `InfiniteGrid`so that `FromTemplate` can be
auto-derived on it, making it spawnable with BSN.

Co-authored-by: Alice Cecile <alice.i.cecile@gmail.com>
2026-06-17 05:28:49 +00:00
Jeb Brooks ea06f80230 Optionally allow FeathersColorSwatch to partially display opaque value (#24639)
This adds properties to the `FeathersColorSwatch` SceneComponent to
allow specifying a percentage of the swatch to remain opaque. This is
useful for color-pickers and generally handling colors with alpha
channels.

The property value will default to 0% so no migration guide is needed.

# Objective

- Allow a single `FeathersColorSwatch` to display the selected color
with and without its alpha channel.

## Solution

- Adds `FeathersColorSwatchProps` to allow dedicating a percentage of
the swatch area to the opaque color value

## Testing

Updated the `feathers_gallery` example to display the `rgba` color
swatch with 30% dedicated to the opaque color.

---

## Showcase

<img width="1280" height="720" alt="Screenshot_2026-06-15_21-09-53"
src="https://github.com/user-attachments/assets/1b3405f5-973b-42fb-abd5-b08c39c59cb6"
/>
2026-06-17 05:18:25 +00:00
Uche Okwo 3d01901bb7 Add impl of (Try)StableInterpolate for arrays (#24641)
# Objective

Noticed that there was an implementation of StableInterpolate for
tuples, but not for any array types.

## Solution

- Added an implementation of StableInterpolate for static arrays
- Added an implementation of TryStableInterpolate for dynamic arrays
(gated on the `alloc` feature)

## Testing

- Did you test these changes? If so, how?
Created a new test module in common_traits
- Are there any parts that need more testing?
No
- How can other people (reviewers) test your changes? Is there anything
specific they need to know?
Try interpolating array types
- If relevant, what platforms did you test these changes on, and are
there any important ones you can't test?
N/A
2026-06-17 05:17:37 +00:00
ickshonpe f96472a710 bevy::math::Rect::clamp_point function (#24630)
# Objective

`Vec2` has a clamp function but there are two minor annoyances when
using it with a `Rect`:

```rust
let r = computed_node.content_box();
let p = Vec2::new(x, y).clamp(r.min, r.max);
```

1. You have to bind the `Rect` value to a variable.
2. You have to manually pass the rectangle bounds in the correct order.

## Solution

Add a `clamp_point` function to `Rect`, then we have:

```rust
let p = computed_node.content_box().clamp_point(Vec2::new(x, y));
```

## Testing

Includes some trivial tests.

---------

Co-authored-by: Cookie <171882521+cookie1170@users.noreply.github.com>
2026-06-17 04:46:10 +00:00
Kevin Chen b25d9c326a Refresh all components of the Point/Spot Shadow Map if its light has changed (#24626)
# Objective

- Fixes #24605 
- The issue was being caused by the `ShadowView` becoming stale as the
camera moved around the scene. I logged the `light_index` of the
PointLight and realized they were not stable, which means the depth
attachments/`ShadowView`s would also be incorrect.

## Solution

- Just recreate all necessary components if the Point or Spot light
changed. It was already being done for the `ExtractedView` and the
`frustum` (#24038). Now it includes the `ShadowView` and other minor
components that don’t necessarily need to be changed, but it makes the
code easier to understand.
- I refactored the code a bit to make it easier to maintain and
understand what’s different between the two if/else branches. The
extracted functions should be equivalent to the original logic when
creating the shadow map anew.

## Testing

- I tested the reproduction in the issue and the issue is fixed, results
in the Showcase.

---

## Showcase

<details>
  <summary>Video of the fixed repro</summary>


https://github.com/user-attachments/assets/e843ace0-ea33-461d-a96b-ce09d7fc6da4

</details>
2026-06-17 04:42:22 +00:00
Luo Zhihao 0d00c9109f Fix nightly clippy and clippy::result_large_err again (#24624)
# Objective

#24206 boxes the large error in `GltfError` but it's not sufficient
after https://github.com/rust-lang/rust-clippy/issues/17070 is fixed.

## Solution

Box `AssetLoadError::RequestedHandleTypeMismatch` so that it is reduced
to 120 bytes which is below 128 bytes.

Also fix some other trivial clippy warnings.

## Testing

Use the latest nightly clippy which has
https://github.com/rust-lang/rust-clippy/issues/17070 fixed:
```
cargo +nightly clippy --workspace --all-features --all-targets -- -D warnings
```
2026-06-17 04:40:59 +00:00
Luo Zhihao 4c1ab7e418 Reuse RenderContextState and PendingCommandBuffers heap allocations (#24622)
# Objective

Reuse heap allocations in RenderContext. Address
https://github.com/bevyengine/bevy/pull/22144#discussion_r2729894429

## Solution

Replace `core::mem::take` with `drain(..)`. Change
`PendingCommandBuffers::take` to return an Iterator and use `peek()` to
check if it's empty.

## Testing

Examples still work
2026-06-17 04:39:48 +00:00
Busy Beaver d606934bac fix: text selection collapse on focus loss (#24619)
# Objective

- Fixes #24579.
- Earlier, when an `EditableText` widget lost focus when pressing `Tab`,
the text selection was preserved internally. This left the text
permanently in the selection styling (black). This PR ensures it reverts
to the default styling once focus is lost.

## Solution

- Added a new `on_focus_lost_collapse_selection` observer to the
`EditableTextInputPlugin`.
- When a `FocusLost` event is triggered, it queues an
`TextEdit::CollapseSelection` action on the widget as well.

## Testing

- Tested it on the example mentioned in the issue
(`multiline_text_input`).

### Before:
<img width="400" height="400" alt="image"
src="https://github.com/user-attachments/assets/f6293add-cdbb-4982-a4a4-28f014611aa1"
/>

### After:
<img width="400" height="400" alt="image"
src="https://github.com/user-attachments/assets/f00523ee-17fa-4af6-ad9b-01052e073dc9"
/>

---------

Signed-off-by: zen-zap <pandaashutosh340@gmail.com>
2026-06-17 04:34:22 +00:00
Carter Anderson a3fa0c2c8f Rename Preferences to Settings in the appropriate places (#24613)
# Objective

`bevy_settings` currently conflates "settings" and "preferences" in a
number of places. The name of the framework itself is Bevy Settings, so
anything that drives general "settings" behaviors should use "settings"
terminology. For example, `PreferencesPlugin` should be `SettingsPlugin`
because it handles _all_ `SettingsGroup` types (regardless of their
"scope" such as "preferences.toml").

## Solution

Use "settings" instead of "preferences" in the appropriate places. I've
also removed the custom `ExitAfterSave` commands in the examples as they
are unnecessary.

This should land in 0.19 because we haven't published this API yet and
getting naming right is important.

---------

Co-authored-by: Dave Waggoner <waggoner.dave@gmail.com>
Co-authored-by: Kevin Chen <chen.kevin.f@gmail.com>
2026-06-17 04:28:56 +00:00
Dahmen Issam 02880b3759 Clean up background motion vectors when prepass is disabled (#24606)
# Objective

- Fix a render validation error when `TemporalAntiAliasing` is removed
from a camera while `DepthPrepass` remains enabled.
- The background motion vectors pipeline state could remain on the
render-world view after `MotionVectorPrepass` was removed, causing the
prepass node to try to render background motion vectors without a motion
vector target.

## Solution

Add a cleanup system for background motion vector state.

## Testing

Press Space to disable TAA while keeping DepthPrepass on the camera.
Before this PR, it crash with:

```text
Render pipeline targets are incompatible with render pass
Incompatible color attachments at indices []: the RenderPass uses textures with formats [] but the RenderPipeline with 'background_motion_vectors_pipeline' label uses attachments with formats [None, Some(Rg16Float), None, None]
```

Minimal repro example: 

```
use bevy::anti_alias::taa::TemporalAntiAliasing;
use bevy::core_pipeline::prepass::{DepthPrepass, MotionVectorPrepass};
use bevy::prelude::*;
use bevy::render::camera::{MipBias, TemporalJitter};

fn main() {
    App::new()
        .add_plugins(DefaultPlugins)
        .add_systems(Startup, setup)
        .add_systems(Update, toggle_taa)
        .run();
}

fn setup(mut commands: Commands) {
    commands.spawn((
        Camera3d::default(),
        Msaa::Off,
        DepthPrepass,
        TemporalAntiAliasing::default(),
        Transform::from_xyz(0.0, 0.0, 5.0).looking_at(Vec3::ZERO, Vec3::Y),
    ));
}

fn toggle_taa(
    keys: Res<ButtonInput<KeyCode>>,
    camera: Single<Entity, With<Camera3d>>,
    mut commands: Commands,
) {
    if keys.just_pressed(KeyCode::Space) {
        commands.entity(*camera).remove::<(
            TemporalAntiAliasing,
            TemporalJitter,
            MipBias,
            MotionVectorPrepass,
        )>();
    }
}

Co-authored-by: Dahmen issam <issam.dahmen@fittingbox.com>
2026-06-17 04:27:03 +00:00
Cookie 8bf04c642f Add context messages to BevyError (#24528)
# Objective

Add a `context()` extension method to `Result<T>` and `Option<T>` like
`anyhow`

## Solution

Add a `Vec<String>` field to `InnerBevyError` to store context messages
added via `context()`

Fixes #19714.

## Testing

Added the `context` unit test to test messages produced by `context() `
and a `context_downcasting` unit test to test that downcasting still
works when using `.context`

---------

Co-authored-by: Alice Cecile <alice.i.cecile@gmail.com>
2026-06-17 04:24:05 +00:00
Marc 96e198e1e4 Fix Deserialize derive for BrpResponse (#24305)
# Objective

Bevy remote's `BrpResponse` derives `serde::Deserialize`, but the static
lifetime prevents it from actually being so:

```
let response: BrpResponse = serde_json::from_str(&response)?;
                            ---------------------^^^^^^^^^-
                            |                    |
                            |                    borrowed value does not live long enough
                            argument requires that `response` is borrowed for `'static`
```

No migration guide needed, since the interface for `BrpResponse::new`
used by downstream implementers remains unchanged.

## Solution

Remove the `jsonrpc` field by writing a custom `impl` for `Serialize` &
`Deserialize`, which is the same solution as done previously in #23175.

## Testing

This change has a very low impact. Tests pass.

## Alternatives

1. Replace jsonrpc with `String`
2. Replace jsonrpc with `Cow`

---------

Co-authored-by: Mira <specificprotagonist@posteo.org>
2026-06-17 04:13:47 +00:00
Vitaliy Sapronenko 4b1db963ff Allow implicit Into for BSN enum field values (#24621)
# Objective

- Allow BSN users to assign enum variants directly to fields when the
enum implements `Into` for the field type.
- Fixes #24582.

## Solution

- Route enum variant field values through the normal `BsnValue` token
generation path.
- Make `BsnValue::Type` emit `(...).into()` when used as a value.
- Preserve existing enum component patching behavior, where entries like
`Foo::Bar { x: 1 }` and `Foo::Qux` patch the enum component itself.

## Testing

- `cargo fmt --check -p bevy_scene -p bevy_scene_macros`
- `cargo test -p bevy_scene_macros
enum_variant_field_values_use_implicit_into`
- `cargo test -p bevy_scene enum_variant_field_values_use_implicit_into`
- `cargo test -p bevy_scene enum_patching`

## Showcase

```rust
TextFont {
    font_size: TextSize::Large,
}
2026-06-16 20:00:56 +00:00
Carter Anderson a3abf33f53 Diagnostic overlay fixes and improvements (#24611)
# Objective

The new Diagnostic Overlay has some issues:
- It uses a fullscreen Node that blocks all clicks, preventing other UI
items from being clicked by default
- It doesn't implement Default / Clone, so it isn't compatible with BSN
- The font size isn't configurable (small by default is good, but it
might be too small for some peoples' preferences)

## Solution

Fix all of those things.

This should ship in 0.19 because it is pretty broken without the click
passthrough fix. This doesn't need an RC to test because it is a new
feature, very broken without this fix, and it is disabled by default.

---------

Co-authored-by: Kevin Chen <chen.kevin.f@gmail.com>
2026-06-14 20:44:56 +00:00
dependabot[bot] 3394c0c393 Bump crate-ci/typos from 1.47.0 to 1.47.2 (#24598)
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.47.0 to
1.47.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.47.2</h2>
<h2>[1.47.2] - 2026-06-04</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>inferrable</code></li>
<li>Correct unused <code>inferible</code> variant</li>
</ul>
<h2>v1.47.1</h2>
<h2>[1.47.1] - 2026-06-03</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>requestors</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.47.2] - 2026-06-04</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>inferrable</code></li>
<li>Correct unused <code>inferible</code> variant</li>
</ul>
<h2>[1.47.1] - 2026-06-03</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>requestors</code></li>
</ul>
<h2>[1.47.0] - 2026-05-29</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1545">May
2026</a> changes</li>
</ul>
<h2>[1.46.3] - 2026-05-23</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct to <code>sequentials</code></li>
<li>Don't correct to <code>subdolder</code></li>
</ul>
<h2>[1.46.2] - 2026-05-16</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct to <code>criterias</code></li>
<li>Don't correct to <code>replaceables</code></li>
</ul>
<h2>[1.46.1] - 2026-05-08</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct to <code>confidentials</code></li>
</ul>
<h2>[1.46.0] - 2026-04-30</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/37bb98842b0d8c4ffebdb75301a13db0267cef89"><code>37bb988</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/cf0d28060ca881bc27ff40b3bdbf29e6b965aec9"><code>cf0d280</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/365762c5b7f8c0893e9c2cc2f28ad346d3a5d540"><code>365762c</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1569">#1569</a>
from epage/infer</li>
<li><a
href="https://github.com/crate-ci/typos/commit/ee20d2ae6a3289fd9199670a32eb0ef116f821c6"><code>ee20d2a</code></a>
fix(dict): Allow inferrable, disallow inferible</li>
<li><a
href="https://github.com/crate-ci/typos/commit/44e2070e6017f834bf069503acb35ca0ca0b75f2"><code>44e2070</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/e10d108c2ad5ba9c5271cc8187b3542620754107"><code>e10d108</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/06f8734ce409b4da0b249a0fb43d261e2deef073"><code>06f8734</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1566">#1566</a>
from epage/fix</li>
<li><a
href="https://github.com/crate-ci/typos/commit/a12d104c3773d39452966c248b100cd165afc6ac"><code>a12d104</code></a>
fix(dict): Don't correct requestors</li>
<li><a
href="https://github.com/crate-ci/typos/commit/823a0a4672ea7c524f9a1fd99c5c5ae5b1952bf2"><code>823a0a4</code></a>
chore(deps): Update compatible (<a
href="https://redirect.github.com/crate-ci/typos/issues/1564">#1564</a>)</li>
<li>See full diff in <a
href="https://github.com/crate-ci/typos/compare/f8a58b6b53f2279f71eb605f03a4ae4d10608f45...37bb98842b0d8c4ffebdb75301a13db0267cef89">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.47.0&new-version=1.47.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-14 18:53:33 +00:00
dependabot[bot] 8a7909cfa6 Update sysinfo requirement from 0.38.4 to 0.39.3 (#24603)
Updates the requirements on
[sysinfo](https://github.com/GuillaumeGomez/sysinfo) to permit the
latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/GuillaumeGomez/sysinfo/blob/main/CHANGELOG.md">sysinfo's
changelog</a>.</em></p>
<blockquote>
<h1>0.38.4</h1>
<ul>
<li>macOS: Unpin <code>objc2-*</code> crates version.</li>
<li>Linux: Fix computation of disk size.</li>
</ul>
<h1>0.38.3</h1>
<ul>
<li>macOS: Improve accuracy of <code>System::available_memory</code> and
<code>System::used_memory</code>.</li>
<li>Documentation: add missing unit for <code>CPU::frequency</code>
returned value.</li>
</ul>
<h1>0.38.2</h1>
<ul>
<li>Implement <code>Error</code> trait for
<code>MacAddrFromStrError</code>, <code>IpNetworkFromStrError</code> and
<code>KillError</code> types.</li>
</ul>
<h1>0.38.1</h1>
<ul>
<li>macOS: Put back support for versions below macOS 12.</li>
</ul>
<h1>0.38.0</h1>
<ul>
<li>Add NetBSD support.</li>
<li>Windows: Fix unsoundness for a function used in
<code>Motherboard</code> and <code>Product</code>.</li>
<li>Linux: Improve CPU info parsing.</li>
<li>Fix <code>serde</code> serialization of <code>MacAddr</code> and of
<code>Disk::file_system</code>.</li>
</ul>
<h1>0.37.2</h1>
<ul>
<li>Improve documentation of <code>System::refresh_cpu_all</code> and of
<code>System::refresh_cpu_specifics</code>.</li>
<li>Android: Fix <code>System::uptime</code>.</li>
<li>Linux: Correctly handled modified/removed <code>Process::exe</code>
paths.</li>
</ul>
<h1>0.37.1</h1>
<ul>
<li>Fix <code>serde</code> serialization on
<code>Process::name</code>.</li>
<li>Linux: Fix <code>get_cpu_frequency</code> on
<code>loongarch64</code>.</li>
<li>Windows: Correctly handle invalid UTF-8 string in
<code>Motherboard</code>.</li>
</ul>
<h1>0.37.0</h1>
<ul>
<li>Update minimum supported Rust version to <code>1.88</code> (for 2024
edition and <code>if let chain</code> feature).</li>
<li>Added <code>Component::id</code> API.</li>
<li>Linux: Greatly improve partial processes retrieval.</li>
<li>Linux: Simplify internal components retrieval code.</li>
</ul>
<h1>0.36.1</h1>
<ul>
<li>Linux: Improve processor CPU usage computation.</li>
</ul>
<h1>0.36.0</h1>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/GuillaumeGomez/sysinfo/compare/v0.38.4...v0.38.4">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-14 18:52:04 +00:00
dependabot[bot] 32070ba274 Bump actions/checkout from 6.0.2 to 6.0.3 (#24600)
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2
to 6.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update changelog by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout#2357</a></li>
<li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
<li>Fix checkout init for SHA-256 repositories by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li>
<li>Update changelog for v6.0.3 by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout#2446</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/yaananth"><code>@​yaananth</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.3">https://github.com/actions/checkout/compare/v6...v6.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v6.0.3</h2>
<ul>
<li>Fix checkout init for SHA-256 repositories by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li>
<li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
</ul>
<h2>v6.0.2</h2>
<ul>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li>
</ul>
<h2>v6.0.1</h2>
<ul>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
</ul>
<h2>v6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>v5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>v5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>v4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>v4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10"><code>df4cb1c</code></a>
Update changelog for v6.0.3 (<a
href="https://redirect.github.com/actions/checkout/issues/2446">#2446</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824"><code>1cce339</code></a>
Fix checkout init for SHA-256 repositories (<a
href="https://redirect.github.com/actions/checkout/issues/2439">#2439</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231"><code>900f221</code></a>
fix: expand merge commit SHA regex and add SHA-256 test cases (<a
href="https://redirect.github.com/actions/checkout/issues/2414">#2414</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98"><code>0c366fd</code></a>
Update changelog (<a
href="https://redirect.github.com/actions/checkout/issues/2357">#2357</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=6.0.2&new-version=6.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-14 18:49:34 +00:00
dependabot[bot] 48810a9487 Bump github/codeql-action from 4.36.0 to 4.36.2 (#24599)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.36.0 to 4.36.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.36.2</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>v4.36.1</h2>
<p>No user facing changes.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.2 - 04 Jun 2026</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>4.36.1 - 02 Jun 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e"><code>8aad20d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3949">#3949</a>
from github/update-v4.36.2-dcb947ce1</li>
<li><a
href="https://github.com/github/codeql-action/commit/f521b08cd8f468ab193ea950a589cb2e9c869c6a"><code>f521b08</code></a>
Add additional changelog notes</li>
<li><a
href="https://github.com/github/codeql-action/commit/8aeff0ffb7b78582ee0d0e6eebb8140684400d08"><code>8aeff0f</code></a>
Update changelog for v4.36.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/dcb947ce15976d40ea82935510b2db4872ec124c"><code>dcb947c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3948">#3948</a>
from github/update-bundle/codeql-bundle-v2.25.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/c251bcefa178f7780f62f150002acffe3d07fde9"><code>c251bce</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/62953c18b35f59e28351d2f1e806925aef8b1e3c"><code>62953c1</code></a>
Update default bundle to codeql-bundle-v2.25.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/423b570baf1976cd7a3daeba5d6e9f9b76432f37"><code>423b570</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3946">#3946</a>
from github/dependabot/npm_and_yarn/npm-minor-5d507a...</li>
<li><a
href="https://github.com/github/codeql-action/commit/c35d1b164463ee62a100735382aaaa525c5d3496"><code>c35d1b1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3947">#3947</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="https://github.com/github/codeql-action/commit/cb1a588b02755b176e7b9d033ed4b69312f0e1bd"><code>cb1a588</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3937">#3937</a>
from github/robertbrignull/waitForProcessing_backoff</li>
<li><a
href="https://github.com/github/codeql-action/commit/ba47406412c54532b5b4fcfbaf877c9e2382b206"><code>ba47406</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3943">#3943</a>
from github/henrymercer/cache-cli-version-info</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...8aad20d150bbac5944a9f9d289da16a4b0d87c1e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.36.0&new-version=4.36.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-14 18:49:13 +00:00
bytemuck df5d238c6d Change From<&str> to From<&'static str> for Name (#24544)
# Objective

- Fixes #24465

## Solution

- Changed `impl From<&str> for Name` to `impl From<&'static str> for
Name`

## Testing

- The only place it is (the From<&str> implementation) used is on this
test, line 1752, which still passes:
https://github.com/bevyengine/bevy/blob/5d5e3f9551ca57a228cf49912df1663f05a037c2/crates/bevy_animation/src/lib.rs#L1722-L1762
2026-06-11 17:42:23 +00:00
Dahmen Issam cfa6c44005 Fix glTF specular extension parsing (#24580)
# Objective

- Fix a regression introduced by #24571 where `KHR_materials_specular`
was added to the enabled `gltf` crate features. This was missed because
the asset i used for testing did not make the specular parsing
regression visually obvious.
- After enabling this feature, the `gltf` crate parses
`KHR_materials_specular` as a known typed extension, so it is no longer
returned by `material.extensions()`, which only exposes unknown
extension data.

## Solution

Read `KHR_materials_specular` through the typed
[`material.specular()`](https://docs.rs/gltf/latest/gltf/material/struct.Specular.html)
API exposed by the `gltf` crate.

## Testing

Reviewers can test visually by loading the Khronos
[SpecularTest](https://github.com/KhronosGroup/glTF-Sample-Assets/tree/main/Models/SpecularTest)

Co-authored-by: Dahmen issam <issam.dahmen@fittingbox.com>
2026-06-11 17:41:50 +00:00
Yuhao Chen 277c993a29 Make asset_changed import path public (#24548)
## Objective

Fixes #24501.

Allow users to import `AssetChanged` from
`bevy_asset::asset_changed::AssetChanged`, rather than only through
`bevy_asset::prelude::AssetChanged`.

## Solution

Make the existing `asset_changed` module public without moving the
implementation around. The internal `AssetChanges` resource remains
crate-private, and the existing hidden `WorldQuery` fetch/state types
stay unchanged.

## Testing

- `git diff --check`
- `rustup run 1.95.0-aarch64-apple-darwin cargo check -p bevy_asset`
- `rustup run 1.95.0-aarch64-apple-darwin cargo test -p bevy_asset
asset_changed`
- `RUSTDOCFLAGS="-D warnings" rustup run 1.95.0-aarch64-apple-darwin
cargo doc -p bevy_asset --no-deps`
2026-06-11 17:38:14 +00:00
ickshonpe 736d2b0a9e multiline_text_input example pop up justify menu (#24584)
# Objective

Add a way to change the justification for the text input in the
multiline_text_input example.

## Solution

Add a pop up menu that lets you set justify.
2026-06-11 03:36:18 +00:00
Mira f651ba0f46 More safety comments in bevy_ecs (#24488)
# Objective

Part of #11590.

## Solution

Remove most of the `#[expect(unsafe_op_in_unsafe_fn)]` in bevy_ecs and
add unsafe blocks/safety comments where needed. Doesn't yet remove the
exceptions from `bevy_ecs::storage`, `bevy_ecs::query` and
`bevy_ecs::system::system_param`.

---------

Co-authored-by: Trashtalk217 <trashtalk217@gmail.com>
2026-06-10 21:09:26 +00:00
ickshonpe e52d2c5c53 Justify the inputs in the multiple_text_inputs example (#24583)
# Objective

Make the `multiple_text_inputs` example a bit more useful by giving each
text input a different justification, which should help with debugging
cursor behaviour.

## Solution

Add an input for each `Justify` variant along with a column on the left
labelling the justification it is using.

## Showcase

<img width="1798" height="750" alt="inputs-justified"
src="https://github.com/user-attachments/assets/324c1cd4-b6a1-4c0f-ad1a-38cd28867704"
/>
2026-06-10 17:57:58 +00:00
SOFe (Jonathan Chan Kwan Yin) 2ccc143383 Fix #22865 non_snake_case on bundle derive (#22866)
# Objective

Fixes #22865


## Solution

Add `#[allow(non_snake_case)]` to avoid validating the `field` variable
format.

## Testing

- Did you test these changes? If so, how?
- Are there any parts that need more testing?
- How can other people (reviewers) test your changes? Is there anything
specific they need to know?
- If relevant, what platforms did you test these changes on, and are
there any important ones you can't test?
2026-06-10 17:51:43 +00:00
Dahmen Issam 18feb528d0 Fix bindless specular transmission material lookup (#24573)
# Objective

- Fix a typo in the bindless material lookup for
`specular_transmission`.
- I noticed this while reading the transmission shader path for the
`KHR_materials_dispersion` work. Since it is unrelated to dispersion
itself, I preferred to keep it out of that PR and fix it separately
here.

## Solution

- In the bindless path, read `specular_transmission` through the
material index stored in `material_indices[slot].material`.

Co-authored-by: Dahmen issam <issam.dahmen@fittingbox.com>
2026-06-10 17:51:13 +00:00
Carter Anderson 90744b08b0 bsn: support field name shorthand (#24526)
# Objective

`bsn!` should support Rust's "name shorthand syntax":

```rust
let value = 10;
Foo { value }
```

## Solution

Add support, both for normal types and "props":

```rust
let value = 10;
bsn! {
  Foo { value }
}

let value = 10;
bsn! {
  @Foo { @value }  
}
```

This also changes generated internal bsn! variables to use `__X`
formatting everywhere to avoid conflicts with user-defined variables (we
were already using this strategy in some places ... this just uses it
everywhere).

## Testing

- added a test

---------

Co-authored-by: François Mockers <mockersf@gmail.com>
Co-authored-by: urben1680 <55257931+urben1680@users.noreply.github.com>
2026-06-10 07:36:10 +00:00
shunkie fd4f66fc36 Rename variable in custom_loop example (#24578)
# Objective

Rename `app_exit_reader` to `app_exit_writer` for clarity.

Co-authored-by: shunkie <iishunkie@gamil.com>
2026-06-10 03:34:23 +00:00
Gino Valente 95fef2e913 bevy_reflect: Reorganize type_info module (#24576)
# Objective

The `type_info` module in `bevy_reflect` is currently pretty long and
contains lots of things related to type information.

## Solution

Reorganizes `type_info` into a new `info` module containing multiple
files:
- `error.rs` - Contains type-info-related errors
- `opaque.rs` - Contains `OpaqueInfo`
- `type_info.rs` - Contains `TypeInfo`
- `typed.rs` - Contains `Typed`, `DynamicTyped`, and `MaybeTyped`

I chose to leave `Type` in a separate `ty` module because I'd like to
keep this in the same category as `TypePath` (which also remains in its
`type_path` module), where it technically is type information but very
barebones. In fact, my hope is that we can eventually separate these out
fully from `TypeInfo` as part of #24561 such that we can enable
`TypePath`/`Type` without enabling all other type information code.

Another reason for the reorganization here is I want to make some
changes to some of these traits and add new ones, and didn't want to
continue adding to the length of that file.

### Followup Work

I only moved `OpaqueInfo` because it existed in `type_info`. Just to
save on the diff, I chose not to move all other info types. We can
either do that as a followup or as part of this PR if we really want to.

## Testing

No new or changed logic, just reorganization. So no new tests.
2026-06-10 02:00:43 +00:00
Carter Anderson 4ea4c620d4 bsn: fix name docs (#24575)
# Objective

Fix #24567 

## Solution

Remove the confusing bits that were wrongly copied from a different
example.
2026-06-10 00:12:00 +00:00
Greeble 10e9ec77fb Add mesh compression and motion blur to scene viewer (#24570)
## Objective

Allow testing more features in the `scene_viewer` example. 

## Solution

Add mesh compression and motion blur options to the command line.
Ideally the mesh compression would allow control over individual
attributes, but this is enough for basic smoke testing.

```rust
/// enable mesh attribute compression
#[argh(switch)]
mesh_attribute_compression: bool,
/// enable mesh index compression
#[argh(switch)]
mesh_index_compression: bool,
/// enable motion blur
#[argh(switch)]
motion_blur: bool,
/// set the motion blur shutter angle
#[argh(option)]
motion_blur_shutter_angle: Option<f32>,
```

## Testing

```sh
# Mesh compression
cargo run --example scene_viewer --features "free_camera bevy_dev_tools" -- --mesh-attribute-compression --mesh-index-compression

# Motion blur
cargo run --example scene_viewer --features "free_camera bevy_dev_tools" -- "assets//models/animated/Fox.glb" --motion-blur --motion-blur-shutter-angle 10
```
2026-06-09 20:13:14 +00:00
Carter Anderson d0c5d20e09 bsn: Expand support for optional scenes and scene lists (#24565)
# Objective

It should be possible to support `Option` wrapped scenes and scene lists
in Bevy. https://github.com/bevyengine/bevy/pull/24536 got us part of
the way there, but it didn't support SceneList. It also didn't add nice
support for `Option<Box<dyn SceneList>>` in cases like "scene props".

#24536 also introduces a bug, as it doesn't register the dependencies of
the wrapped scene.

## Solution

Add more thorough support for optional scenes. This is now possible:

```rust
#[derive(SceneComponent, Default, Clone)]
#[scene(FeathersButtonProps)]
pub struct FeathersButton;

pub struct FeathersButtonProps {
    pub caption: Option<Box<dyn SceneList>>,
}

impl FeathersButton {
    fn scene(props: FeathersButtonProps) -> impl Scene {
        bsn! {
            Children [
                {props.caption}
            ]
        }
    }
}

// Later
bsn! {
    @FeathersButton {
        @caption: bsn! { Node }
    }
}
```

This also fixes the bug introduced in #24536
2026-06-09 18:49:16 +00:00
Kevin Chen 6ffb1adf0a Update proptest-derive requirement from 0.2 to 0.8 (#24566)
# Objective

- Supersedes #23748 

## Solution

- The ci failure is something that was fixed in 0.5.1
https://github.com/proptest-rs/proptest/blob/main/proptest-derive/CHANGELOG.md#051
(the first bullet point). I removed the `expect`

## Testing

- ci

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carter Anderson <mcanders1@gmail.com>
2026-06-09 18:48:30 +00:00
issam3105 a9df73457c Enable glTF validation for KHR_materials_specular (#24571)
# Objective

Fix glTF validation for assets that declare `KHR_materials_specular` in
`extensionsRequired`.
While testing assets using `KHR_materials_specular` as a required
extension, I hit this error:

```text
Failed to load asset '...\xxx.glb' with asset loader 'bevy_gltf::loader::GltfLoader': invalid glTF file: invalid glTF: extensionsRequired[0] = "KHR_materials_specular": Unsupported extension
```

`KHR_materials_specular` is already supported by Bevy, and assets that
only list it in `extensionsUsed` load correctly. The failure only
happened when the extension was declared as required, because the
upstream `gltf` crate feature was not enabled for validation.

I also checked other Bevy-supported material extensions, including
`KHR_materials_clearcoat`, `KHR_materials_dispersion` (Soon #24569), and
`KHR_materials_anisotropy`. Unlike `KHR_materials_specular`, these
extensions do not currently have matching feature flags exposed by the
upstream `gltf` crate, so there is no equivalent dependency feature to
enable for them in this PR. Bevy handles those extensions through raw
extension data parsing.

## Solution

- Enable the `KHR_materials_specular` feature on the `gltf` dependency
in `bevy_gltf`.

## Testing

- Reviewers can test by loading a `.gltf` or `.glb` that declares
`KHR_materials_specular` in `extensionsRequired`.

Co-authored-by: Dahmen issam <issam.dahmen@fittingbox.com>
2026-06-09 18:33:56 +00:00
Azural Champagne 6561ee9d46 Replace MouseScrollUnit::SCROLL_UNIT_CONVERSION_FACTOR with a Resource (#24512)
# Objective

Fixes #24508

## Solution

Replace `MouseScrollUnit` with a Resource of the same name and remove it
from the structs and events related to scrolling. More work still needs
to be done to make sure that the value in `MouseScrollUnit` is actually
respected

## Testing

- Running standard test suite/ci as well as related examples to make
sure that they haven't broken
2026-06-09 04:48:31 +00:00
dependabot[bot] 815d6cd1b5 Update guillotiere requirement from 0.6.0 to 0.7.0 (#24186)
Updates the requirements on
[guillotiere](https://github.com/nical/guillotiere) to permit the latest
version.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/nical/guillotiere/commits">compare
view</a></li>
</ul>
</details>
<br />


You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 04:31:55 +00:00