From 7ac498e0e05b30fced76d12bccd85414e264fd77 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Jan 2026 10:14:00 -0800
Subject: [PATCH] chore(deps): bump which from 6.0.3 to 8.0.0 in /codex-rs
(#9074)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [which](https://github.com/harryfei/which-rs) from 6.0.3 to 8.0.0.
Release notes
Sourced from which's
releases.
8.0.0
What's Changed
- Add new
Sys trait to allow abstracting over the
underlying filesystem. Particularly useful for
wasm32-unknown-unknown targets. Thanks @dsherret for this
contribution to which!
- Add more debug level tracing for otherwise silent I/O errors.
- Call the
NonFatalHandler in more places to catch
previously ignored I/O errors.
- Remove use of the
either dependency.
New Contributors
7.0.3
- Update rustix to version 1.0. Congrats to rustix on this milestone,
and thanks
@mhils
for this contribution to which!
7.0.2
- Don't return paths containing the single dot
.
reference to the current directory, even if the original request was
given in terms of the current directory. Thanks @jakobhellermann
for this contribution!
7.0.1
What's Changed
New Contributors
Full Changelog: https://github.com/harryfei/which-rs/compare/7.0.0...7.0.1
7.0.0
- Add support to
WhichConfig for a user provided closure
that will be called whenever a nonfatal error occurs.
This technically breaks a few APIs due to the need to add more generics
and lifetimes. Most code will compile
without changes.
Changelog
Sourced from which's
changelog.
8.0.0
- Add new
Sys trait to allow abstracting over the
underlying filesystem. Particularly useful for
wasm32-unknown-unknown targets. Thanks @dsherret for this
contribution to which!
- Add more debug level tracing for otherwise silent I/O errors.
- Call the
NonFatalHandler in more places to catch
previously ignored I/O errors.
- Remove use of the
either dependency.
7.0.3
- Update rustix to version 1.0. Congrats to rustix on this milestone,
and thanks
@mhils
for this contribution to which!
7.0.2
- Don't return paths containing the single dot
.
reference to the current directory, even if the original request was
given in
terms of the current directory. Thanks @jakobhellermann
for this contribution!
7.0.1
- Get user home directory from
env_home instead of
home. Thanks @micolous for this
contribution!
- If home directory is unavailable, do not expand the tilde to an
empty string. Leave it as is.
7.0.0
- Add support to
WhichConfig for a user provided closure
that will be called whenever a nonfatal error occurs.
This technically breaks a few APIs due to the need to add more generics
and lifetimes. Most code will compile
without changes.
Commits
adac2cd
bump version, update changelog84e152e
reduce sys::Sys requirements, add some tracing for otherwise silent
errors (#...a0a6daf
feat: add Sys trait for swapping out system (#109)eef1998
Add actively maintained badge1d145de
release version 7.0.3f5e5292
fix unrelated lint error4dcefa6
bump rustixbd86881
bump version, add to changelogcf37760
don't run relative dot test on macosf2c4bd6
update target to new name for wasm32-wasip1- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
codex-rs/Cargo.lock | 15 ++++++++++-----
codex-rs/Cargo.toml | 2 +-
codex-rs/lmstudio/Cargo.toml | 2 +-
3 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/codex-rs/Cargo.lock b/codex-rs/Cargo.lock
index 2c59761e4..2ffb33d60 100644
--- a/codex-rs/Cargo.lock
+++ b/codex-rs/Cargo.lock
@@ -2763,6 +2763,12 @@ dependencies = [
"regex",
]
+[[package]]
+name = "env_home"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c7f84e12ccf0a7ddc17a6c41c93326024c42920d7ee630d04950e6926645c0fe"
+
[[package]]
name = "env_logger"
version = "0.11.8"
@@ -7989,13 +7995,12 @@ checksum = "a751b3277700db47d3e574514de2eced5e54dc8a5436a3bf7a0b248b2cee16f3"
[[package]]
name = "which"
-version = "6.0.3"
+version = "8.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4ee928febd44d98f2f459a4a79bd4d928591333a494a10a868418ac1b39cf1f"
+checksum = "d3fabb953106c3c8eea8306e4393700d7657561cb43122571b172bbfb7c7ba1d"
dependencies = [
- "either",
- "home",
- "rustix 0.38.44",
+ "env_home",
+ "rustix 1.0.8",
"winsafe",
]
diff --git a/codex-rs/Cargo.toml b/codex-rs/Cargo.toml
index ca6a1c02a..db1e0addf 100644
--- a/codex-rs/Cargo.toml
+++ b/codex-rs/Cargo.toml
@@ -231,7 +231,7 @@ uuid = "1"
vt100 = "0.16.2"
walkdir = "2.5.0"
webbrowser = "1.0"
-which = "6"
+which = "8"
wildmatch = "2.6.1"
wiremock = "0.6"
diff --git a/codex-rs/lmstudio/Cargo.toml b/codex-rs/lmstudio/Cargo.toml
index 3ac7614c2..cbe8d3313 100644
--- a/codex-rs/lmstudio/Cargo.toml
+++ b/codex-rs/lmstudio/Cargo.toml
@@ -15,7 +15,7 @@ reqwest = { version = "0.12", features = ["json", "stream"] }
serde_json = "1"
tokio = { version = "1", features = ["rt"] }
tracing = { version = "0.1.43", features = ["log"] }
-which = "6.0"
+which = "8.0"
[dev-dependencies]
wiremock = "0.6"