Updated:(deps): Bump the patch-updates group in /src with 2 updates

[dependabot]

Bumps the patch-updates group in /src with 2 updates: html-to-markdown-rs and memchr.

Updates html-to-markdown-rs from 3.5.0 to 3.5.7

Release notes

Sourced from html-to-markdown-rs's releases.

v3.5.7

Swift Package Manager

Add to your Package.swift:

.package(url: "https://github.com/kreuzberg-dev/html-to-markdown", from: "3.5.7")

The Swift binding is distributed as a pre-built artifact bundle. No Rust toolchain required.

Artifact: HtmlToMarkdown-rs.artifactbundle.zip Checksum: 12a52b6c918a2647573aac50b22edc87ed8de3fee4f45a54d1de9c0180d45646

v3.5.6

⚠️ DO NOT USE — broken release

The v3.5.6 commit failed to bump the workspace Cargo.toml version, so binding manifests stayed at 3.5.5 and the publish workflow built v3.5.5 binaries against the v3.5.6 tag. Release assets are named *-v3.5.5-* despite living under this v3.5.6 release page.

Use v3.5.7 instead: https://github.com/kreuzberg-dev/html-to-markdown/releases/tag/v3.5.7

v3.5.5

Swift Package Manager

Add to your Package.swift:

.package(url: "https://github.com/kreuzberg-dev/html-to-markdown", from: "3.5.5")

The Swift binding is distributed as a pre-built artifact bundle. No Rust toolchain required.

Artifact: HtmlToMarkdown-rs.artifactbundle.zip Checksum: 1d3bc13444ca07cf0170dcec43f93725b7136bf14c321f66825e584ea9fabbdf

v3.5.4

Swift Package Manager

Add to your Package.swift:

.package(url: "https://github.com/kreuzberg-dev/html-to-markdown", from: "3.5.4")

The Swift binding is distributed as a pre-built artifact bundle. No Rust toolchain required.

Artifact: HtmlToMarkdown-rs.artifactbundle.zip

... (truncated)

Changelog

Sourced from html-to-markdown-rs's changelog.

[3.5.7] - 2026-05-29

Fixed

• release: sync workspace Cargo.toml version. v3.5.6's release commit (2c37942f8) claimed to bump the workspace version 3.5.5 → 3.5.6 but the change never actually landed in the commit. Every binding manifest (Cargo.toml, pyproject.toml, gemspec, mix.exs, pom.xml, .csproj, package.json, …) stayed pinned at 3.5.5, so the v3.5.6 publish workflow built v3.5.5 binaries against the v3.5.6 tag and uploaded them as *-v3.5.5-*.tar.gz assets to the v3.5.6 GitHub Release. crates.io / PyPI / Hex / RubyGems / Maven publishes were either no-ops (3.5.5 already exists) or rejected; npm + WASM + NuGet + Homebrew steps also failed. v3.5.6 is skipped; v3.5.7 is the corrected ship of every fix originally rolled into v3.5.6.
• alef pin: 0.20.11 → 0.20.12 (auto-synced by alef sync-versions).

Chore

• bindings: regenerated against alef v0.20.12 with workspace version correctly bumped to 3.5.7 first, so every manifest now matches the release tag.

[3.5.5] - 2026-05-28

Fixed

• ci(ruby): cross-compile windows-x64 gem via bundle install inside the rb-sys-dock container. The previous matrix entry ran rb-sys-dock --platform ... -- bundle exec rake "native[$target]" gem, which invoked bundle exec inside the container without first materialising the lockfile against the container's Ruby version. The rb-sys-dock container ships its own Ruby toolchain (4.0.2 preview) while the host Gemfile.lock pins 3.3.11, so bundler failed with "Could not find …" and hung for 47 minutes. The command now wraps the container invocation in bash -c "bundle install --jobs=4 --retry=3 && bundle exec rake …" so the lockfile materialises against the container's Ruby before rake runs. (.github/workflows/publish.yaml)
• ci(elixir): Hex publish no longer 404s on darwin tarball downloads. alef v0.20.2 changed darwin NIF tarballs to .dylib.tar.gz to "match the platform-native extension," but rustler_precompiled 0.9.0 (the latest version on Hex; no .dylib-aware version exists) hardcodes .so for every non-Windows consumer download URL in lib_name_with_ext/2 and ignores all caller overrides. h2m's hand-maintained publish.yaml had already normalised darwin uploads to .so, so h2m's own Hex publish kept working; the bug only surfaced in sibling polyglot repos. The alef v0.20.5 revert (.dylib → .so) restores polyrepo alignment and is picked up by this regen. (alef.toml pin → v0.20.5, kreuzberg-dev/actions/generate-elixir-checksums@v1)
• bindings(c): registry test_app download_ffi.sh now hits the correct release asset prefix. The [crates.e2e.registry.packages.c] name was html-to-markdown-ffi, but publish.yaml uploads C FFI tarballs with asset-prefix: html-to-markdown-rs-ffi-. Drift caused task test-apps:smoke:c to 404 on the GH release tarball. (alef.toml)
• bindings(java): registry test_app now ships the Maven wrapper (mvnw, mvnw.cmd, .mvn/wrapper/maven-wrapper.properties). Previously missing because mvnw emission landed in alef v0.20.2 and h2m was pinned at v0.20.1. (alef.toml pin → v0.20.5)
• bindings(homebrew, c, …): every alef-emitted *.sh (e.g. run_tests.sh, download_ffi.sh) is now created with the +x bit set. alef's write_scaffold_files_with_overwrite() skipped the shebang-chmod helper that write_files() applied, so every alef-generated shell script in e2e/ and test_apps/ landed as -rw-r--r--, breaking task test-apps:smoke:homebrew with "permission denied" on ./run_tests.sh. Fixed by alef v0.20.3's shared apply_shebang_chmod() helper called from both writers. (alef.toml pin → v0.20.5)
• bindings(go, php, swift, csharp, dart, kotlin_android, zig, …): trait-bridge codegen cohort fixes. PHP refcount safety (inc_count/dec_count via PhpRc), Go duplicate //export removal + cgo.Handle.Delete defer/recover, Swift async/throws + try await order + JSON-encode conditionally, C# callback method naming + bool→int + IntPtr userData + usize/isize mapping, Dart trait-import + factory wrapper required-only methods + RID-aware published-loader, Kotlin Android useJUnitPlatform() in registry mode, Zig error-union removal from test-backend stubs, Java trait-method emission incl. default-impl methods + ffi_skip_methods honouring in I{Trait} interface emission. (alef.toml pin → v0.20.5)
• bindings(elixir): rustler upgraded 0.37 → 0.38. (packages/elixir/native/html_to_markdown_nif/Cargo.toml)
• bindings(php): PHP trait-bridge async no longer panics on "Cannot start a runtime from within a runtime." Generated async method bodies now prefer Handle::try_current() before WORKER_RUNTIME.block_on(...) so the bridge is safe to call from within an outer tokio runtime. (alef.toml pin → v0.20.5)
• bindings(wasm, node): test_apps pass --config.minimumReleaseAge=0 to pnpm test so freshly-published RC packages clear pnpm's supply-chain policy check. (alef.toml pin → v0.20.5)

Chore

• bindings: regenerated against alef v0.20.5. Folds in every fix from v0.20.2 through v0.20.5 — see alef CHANGELOG for the full backend cohort.
• deps(java): jackson-databind + jackson-datatype-jdk8 2.21.2 → 2.21.3. (packages/java/pom.xml)
• deps(rust): reqwest 0.13.3 → 0.13.4 in CLI binary. (crates/html-to-markdown-cli/Cargo.toml)
• deps(js): pnpm packageManager 11.3.0 → 11.4.0. (package.json)
• taskfile(elixir): tolerate mix hex.outdated non-zero exits before mix deps.update --all. (.task/languages/elixir.yml)

[3.5.4] - 2026-05-28

Fixed

• ci(node): restore alef-generated index.d.ts after napi build in the node-typescript-defs publish job. The napi-rs macros deliberately filter out the *Update DTO types (ConversionOptionsUpdate, PreprocessingOptionsUpdate), so the d.ts regenerated by napi build lacks them; the wrapper at packages/typescript/src/index.ts re-exports those names and tsc fails with TS2724 on every publish. The publish job now git checkout HEAD -- crates/html-to-markdown-node/index.d.ts between napi build and the artifact copy, preserving alef's augmented d.ts.
• ci(ruby): cross-compile windows-x64 gem via rake-compiler-dock from the Linux runner. The previous matrix entry's cargo build --target x86_64-pc-windows-gnu against the ucrt64 MSYS2 toolchain corrupted a linker argument and failed every release with cannot find -l■. Linux-host docker-based rake-compiler-dock is rb-sys's recommended cross-build path and matches what every other rb-sys gem uses for Windows.
• bindings(elixir): RustlerPrecompiled now resolves the correct platform extension on macOS. v0.20.0's rustler emit lets RustlerPrecompiled's built-in mapping pick .dylib for *-apple-darwin targets and .so for *-linux-*, so mix deps.get no longer 404s against *.so.tar.gz on darwin consumers.
• alef hash: per-file alef:hash: now computed over generation inputs, not emitted content. Post-format whitespace drift no longer invalidates alef verify, so CI Lint stops reporting bindings as stale after every prek --all-files cycle.
• bindings(java): test_app pom.xml drops -Djava.library.path=.../target/release in registry dep_mode. The Maven-Central JAR bundles natives under /natives/{rid}/ and alef's loader extracts them at startup; overriding the library path to a non-existent local directory broke UnsatisfiedLinkError on smoke runs. Override is now emitted only in local dep_mode.
• bindings(c): test_app Makefile no longer requires a local target/release/ build to resolve the FFI. download_ffi.sh is skipped only when both the FFI header and shared library are present locally; otherwise the published tarball is fetched. Smoke runs from a clean checkout work without a prior cargo build.
• bindings(php): registry test_app installs the PIE-distributed extension via install.sh before composer install. Removes the implicit "ext-html_to_markdown must be pre-installed" requirement.

Chore

• bindings: regenerated against alef v0.20.1. Folds in B6 hash semantics, java/c e2e build-path fixes, php install.sh, vendored Cargo workspace marker, scaffold persistence (rustc job cap + Node memory cap), wasm e2e import dedupe, service_api emitter family for csharp/dart/go/swift/zig/jni/ffi/extendr/napi/magnus/php/rustler/pyo3 with real dispatch (not yet wired in h2m but available for downstream features), zig platform-suffixed URLs in build.zig.zon, kotlin nullable bare result assertions, and php anonymous-class super_trait name() dedup.

[3.5.3] - 2026-05-27

... (truncated)

Commits

• ac78056 chore(release): v3.5.7 — fix botched v3.5.6 version sync
• 2c37942 chore: pre-commit reorg, alef v0.20.11 regen, release prep for v3.5.6
• 6ba239f chore(release): v3.5.5
• 372b322 fix(ci/publish): bundle install inside rb-sys-dock for ruby windows cross-com...
• 185a3e0 chore: pre-release housekeeping
• 5664bdc docs(changelog): note regen against v0.20.1 (not v0.20.0)
• d91b840 chore(alef): bump pin to v0.20.1
• 9683797 chore: sync version 3.5.4
• 9a9bd97 chore(release): v3.5.4
• dd47152 chore(alef): regen against alef v0.20.0
• Additional commits viewable in compare view

Updates memchr from 2.8.0 to 2.8.1

Commits

• ff7dca7 2.8.1
• 016878a target: fix aarch64_be endianness bug
• ee18717 docs: add AI policy for contributors
• db1a77d build(deps): bump actions/checkout in the actions group (#212)
• c8abbe1 Hash-pin all actions, drop persisted credentials (#210)
• 24f5daa lint: fix clippy get_first
• 1708355 lint: fix clippy question_mark
• 5b86d0c lint: fix clippy clone_on_copy
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.