chore(deps): update rsonpath-lib requirement from 0.9.4 to 0.10.0

[dependabot]

Updates the requirements on rsonpath-lib to permit the latest version.

Release notes

Sourced from rsonpath-lib's releases.

v0.10.0

[0.10.0] - 2025-02-16 ([0.4.1] for rsonpath-syntax)

Features

• Support for AVX512 SIMD.

  • available on x86-64

• Support for Neon SIMD.

  • available on aarch64

• MSRV bumped to 1.89.

  • stable AVX512 since 1.89

• Removed the arbitrary feature and the Arbitrary implementations from rsonpath-syntax.

• Revised the list of Tier 1 targets that are continuously built and released.

  • The following targets are now in CI and release:
    • aarch64-apple-darwin
    • aarch64-pc-windows-msvc
  • The following targets are no longer built or released:
    • i686-pc-windows-gnu
    • x86_64-apple-darwin

• Added prebuilt binaries for a few MUSL-based Tier 2 targets. (#705)

  • Binaries now released for:
    • aarch64-unknown-linux-musl
    • i686-unknown-linux-musl
    • x86_64-unknown-linux-musl

Bug Fixes

• Skipping inside arrays on comma-atomic (#757, #751)

  • Tail skipping was not triggered when the item matching the unitary transition was an atomic value inside a list. For example, selecting $[0] from a long list of integers would never skip, massively degrading performance.
  • Skipping was added to handle_comma in the same vein as it was in handle_colon to enable this.

• Fix panic in specific cases of reclassification at end of file (#788)

  • A particular combination of reclassification after tail-skipping at the very end of the file could cause a panic if the file-ending closing occurred directly after the skipped-to character.

• Error messages blowing up on long inputs. (#842, #749)

  • Previously, when displaying a ParseError every underlying SyntaxError would be printed with the full query input as context. If the density of errors in the input was high this would effectively cause a quadratic blowup during printing.
  • It's probably unlikely inputs like this would be given by a user, but they do happen during fuzzing (when we're throwing long strings of essentially random characters at the parser) and could potentially be used as a DoS attack vector (intentionally supplying nonsensical large queries and forcing error messages to be sent back).
  • Additionally fixed an invalid error message given when a side of a comparison operator was a non-singular query.

Reliability

• Use github hosted ARM runners. (#718)

• ARM SIMD is now tested in CI.

• Fix serde proptests. (#742)

  • Proptests in automaton serde were not properly guarding for arbitrary generated queries being too complex and exceeding the automaton size limit.

• Add CodeQl for Rust scanning.

... (truncated)

Changelog

Sourced from rsonpath-lib's changelog.

[0.10.0] - 2025-02-16

Features

• Support for AVX512 SIMD.

  • available on x86-64

• Support for Neon SIMD.

  • available on aarch64

• MSRV bumped to 1.89.

  • stable AVX512 since 1.89

• Revised the list of Tier 1 targets that are continuously built and released.

  • The following targets are now in CI and release:
    • aarch64-apple-darwin
    • aarch64-pc-windows-msvc
  • The following targets are no longer built or released:
    • i686-pc-windows-gnu
    • x86_64-apple-darwin

• Added prebuilt binaries for a few MUSL-based Tier 2 targets.

  • Binaries now released for:
    • aarch64-unknown-linux-musl
    • i686-unknown-linux-musl
    • x86_64-unknown-linux-musl

Bug Fixes

• Skipping inside arrays on comma-atomic (#757, #751)

  • Tail skipping was not triggered when the item matching the unitary transition was an atomic value inside a list. For example, selecting $[0] from a long list of integers would never skip, massively degrading performance.
  • Skipping was added to handle_comma in the same vein as it was in handle_colon to enable this.

• Fix panic in specific cases of reclassification at end of file (#788)

  • A particular combination of reclassification after tail-skipping at the very end of the file could cause a panic if the file-ending closing occurred directly after the skipped-to character.

Reliability

• Use github hosted ARM runners. (#718)

• ARM SIMD is now tested in CI.

• Fix serde proptests. (#742)

  • Proptests in automaton serde were not properly guarding for arbitrary generated queries being too complex and exceeding the automaton size limit.

... (truncated)

Commits

• 7eca688 unpin slsa provenance generator
• 26bfbdb fix windows command in release
• 2dd7eb3 update release.yml with prologue scripts
• be36ed3 Install lld in macos builds
• 7e08d87 fix typo in release.yml
• b3b856d fix typo in rust.yml
• 6754da6 release v0.10.0 (rsonpath-syntax v0.4.1) (#902)
• 4bd2581 feat: AVX512 + Neon 64-bit impls
• e076f00 chore: enable and fix a number of lints (#898)
• cbc765b chore(ci): bump slsa-framework/slsa-github-generator/.github/workflows/genera...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)