cargo: bump the cargo-dependencies group with 2 updates

[dependabot]

Bumps the cargo-dependencies group with 2 updates: regex and thiserror.

Updates regex from 1.9.4 to 1.9.5

Changelog

Sourced from regex's changelog.

1.9.5 (2023-09-02)

This is a patch release that hopefully mostly fixes a performance bug that occurs when sharing a regex across multiple threads.

Issue #934 explains this in more detail. It is also noted in the crate documentation. The bug can appear when sharing a regex across multiple threads simultaneously, as might be the case when using a regex from a OnceLock, lazy_static or similar primitive. Usually high contention only results when using many threads to execute searches on small haystacks.

One can avoid the contention problem entirely through one of two methods. The first is to use lower level APIs from regex-automata that require passing state explicitly, such as meta::Regex::search_with. The second is to clone a regex and send it to other threads explicitly. This will not use any additional memory usage compared to sharing the regex. The only downside of this approach is that it may be less convenient, for example, it won't work with things like OnceLock or lazy_static or once_cell.

With that said, as of this release, the contention performance problems have been greatly reduced. This was achieved by changing the free-list so that it was sharded across threads, and that ensuring each sharded mutex occupies a single cache line to mitigate false sharing. So while contention may still impact performance in some cases, it should be a lot better now.

Because of the changes to how the free-list works, please report any issues you find with this release. That not only includes search time regressions but also significant regressions in memory usage. Reporting improvements is also welcome as well! If possible, provide a reproduction.

Bug fixes:

• [BUG #934](rust-lang/regex#934): Fix a performance bug where high contention on a single regex led to massive slow downs.

Commits

• 554469b 1.9.5
• 48e09a8 deps: bump regex-automata to 0.3.8
• 894dcbe regex-automata-0.3.8
• 135e11b changelog: 1.9.5
• f578d74 automata: reduce regex contention somewhat
• 9a505a1 deps: bump to memchr 2.6
• 15cdc64 cli: remove use of deprecated API
• 329c6a3 ci: use dtolnay@master instead of @​v1
• 2637e11 ci: remove stale comment
• See full diff in compare view

Updates thiserror from 1.0.47 to 1.0.48

Release notes

Sourced from thiserror's releases.

1.0.48

• Improve implementation of displaying Path values in a generated Display impl (#251, thanks @​mina86)

Commits

• 5c5f342 Release 1.0.48
• 490f0ca Merge pull request #254 from dtolnay/gatlink
• 1a5dbc7 Add link to GAT PR
• de58088 Ignore uninlined_format_args pedantic clippy lint in test
• ae642d1 Format clippy allow attribute with rustfmt
• b97fc53 Remove doc_markdown suppression because clippy bug was fixed
• 140eb03 Ignore needless_lifetimes clippy lint
• 1f5cbd7 Ignore manual_let_else pedantic clippy lint
• 080cac5 Ignore uninlined_format_args pedantic clippy lint
• 134695a Merge pull request #252 from dtolnay/safedisplay
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions