chore(deps): bump quick-xml from 0.38.4 to 0.39.4

[dependabot]

Bumps quick-xml from 0.38.4 to 0.39.4.

Release notes

Sourced from quick-xml's releases.

v0.39.4 - Fix another panics when parse malformed DTD

Bug Fixes

• #957: Fix slice-index panic when reading malformed DTD whose unknown markup is split across BufReader chunks. As with #950, the returned Event::DocType may contain the malformed DTD; this fix only ensures that the parser does not panic.
• #960: Fix sibling slice-index panic when a single chunk delivers < followed by 9+ bytes of unknown markup inside a DTD internal subset. Same disposition as #957 / #950: parser must not panic; DTD validity reporting is a future improvement.

#950: tafia/quick-xml#950 #957: tafia/quick-xml#957 #960: tafia/quick-xml#960

Full Changelog: tafia/quick-xml@v0.39.3...v0.39.4

v0.39.3 - Fix panic when parse malformed DTD

Bug Fixes

• #950: Fix subtraction with overflow when parse malformed DTD in some cases. Note, that currently we do not check the validity of DTD, so the returned Event::DocType may contain the malformed DTD.

Full Changelog: tafia/quick-xml@v0.39.2...v0.39.3

v0.39.2 - Fix regression and read_text_into

What's Changed

New Features

• #483: Implement read_text_into() and read_text_into_async().

Bug Fixes

• #939: Fix parsing error of the tag from buffered reader, when the first byte < is the last in the BufRead internal buffer. This is the regression from #936.

#483: tafia/quick-xml#483 #936: tafia/quick-xml#936 #939: tafia/quick-xml#939

Full Changelog: tafia/quick-xml@v0.39.1...v0.39.2

v0.39.1 - Fixes in read_to_end / read_text

What's Changed

New Features

• #598: Add method NamespaceResolver::set_level which may be helpful in some circumstances.

Bug Fixes

• #597: Fix incorrect processing of namespace scopes in NsReader::read_to_end, NsReader::read_to_end_into, NsReader::read_to_end_into_async and NsReader::read_text. The scope started by a start element was not ended after that call.
• #936: Fix incorrect result of .read_text() when it is called after reading Text or GeneralRef event.

... (truncated)

Changelog

Sourced from quick-xml's changelog.

0.39.4 -- 2026-05-08

Bug Fixes

• #957: Fix slice-index panic when reading malformed DTD whose unknown markup is split across BufReader chunks. As with #950, the returned Event::DocType may contain the malformed DTD; this fix only ensures that the parser does not panic.
• #960: Fix sibling slice-index panic when a single chunk delivers < followed by 9+ bytes of unknown markup inside a DTD internal subset. Same disposition as #957 / #950: parser must not panic; DTD validity reporting is a future improvement.

#950: tafia/quick-xml#950 #957: tafia/quick-xml#957 #960: tafia/quick-xml#960

0.39.3 -- 2026-05-04

Bug Fixes

• #950: Fix subtraction with overflow when parse malformed DTD in some cases. Note, that currently we do not check the validity of DTD, so the returned Event::DocType may contain the malformed DTD.

#950: tafia/quick-xml#950

0.39.2 -- 2026-02-20

New Features

• #483: Implement read_text_into() and read_text_into_async().

Bug Fixes

• #939: Fix parsing error of the tag from buffered reader, when the first byte < is the last in the BufRead internal buffer. This is the regression from #936.

#483: tafia/quick-xml#483 #936: tafia/quick-xml#936 #939: tafia/quick-xml#939

0.39.1 -- 2026-02-15

New Features

• #598: Add method NamespaceResolver::set_level which may be helpful in some circumstances.

... (truncated)

Commits

• f72e8b3 Release 0.39.4
• b8b3bbe Fix slice-index panic in DtdParser on long single-chunk unknown markup (#960)
• fd5b908 Fix slice-index panic in DtdParser on chunked unknown markup (#957)
• e156b0b Release 0.39.3
• fa0f8c8 Update xml5ever & markup5even: 0.37 -> 0.38; rxml: 0.13 -> 0.14
• 9ebd88d Add some explanation comments and fix misprints
• b3800c8 Fix subtraction with overflow
• 93865dc Add regression test for #950 - err
• 5611c89 Release 0.39.2
• b8eba9a Merge pull request #941 from Mingun/full-cover
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)