Updated:(deps): Bump html-to-markdown-rs from 3.5.7 to 3.6.7 in /src

[dependabot]

Bumps html-to-markdown-rs from 3.5.7 to 3.6.7.

Release notes

Sourced from html-to-markdown-rs's releases.

v3.6.7

Swift Package Manager

Add to your Package.swift:

.package(url: "https://github.com/kreuzberg-dev/html-to-markdown", from: "3.6.7")

The Swift binding is distributed as a pre-built artifact bundle. No Rust toolchain required.

Artifact: HtmlToMarkdown-rs.artifactbundle.zip Checksum: a1f573952c2936317eefbed71fcac161d881640dfce401889226cdb1e0f793c1

Zig

Add to your build.zig.zon:

.dependencies = .{
    .html-to-markdown-rs-zig = .{\n        .url = \"https://github.com/kreuzberg-dev/html-to-markdown/releases/download/v3.6.7/html-to-markdown-rs-zig-v3.6.7.tar.gz\",\n        .hash = \"html_to_markdown_rs-3.6.7-QtXyWyUzAQDCCjBVpipPwcC9AxSbKChMVdEzhE5iips9\",\n    },\n},\n```\n
v3.6.6
Swift Package Manager
Add to your Package.swift:
.package(url: "https://github.com/kreuzberg-dev/html-to-markdown", from: "3.6.6")
</code></pre>
<p>The Swift binding is distributed as a pre-built artifact bundle. No Rust toolchain required.</p>
<p><strong>Artifact</strong>: <a href="https://github.com/kreuzberg-dev/html-to-markdown/releases/download/v3.6.6/HtmlToMarkdown-rs.artifactbundle.zip">HtmlToMarkdown-rs.artifactbundle.zip</a>
<strong>Checksum</strong>: <code>82b01ca2391062fbf5ec7605b71cf45945798cab93d1ac0a4332ec4ca4832aaf</code></p>
<!-- raw HTML omitted -->
<h2>Zig</h2>
<p>Add to your <code>build.zig.zon</code>:</p>
<pre><code>.dependencies = .{
    .html-to-markdown-rs-zig = .{\n        .url = \&quot;https://github.com/kreuzberg-dev/html-to-markdown/releases/download/v3.6.6/html-to-markdown-rs-zig-v3.6.6.tar.gz\&quot;,\n        .hash = \&quot;html_to_markdown_rs-3.6.6-QtXyWyUzAQDih9OVg4DwLQntyJ9TEXHr0hK1sjdMQcxj\&quot;,\n    },\n},\n```\n
v3.6.5
Swift Package Manager
Add to your Package.swift:

&lt;/tr&gt;&lt;/table&gt;

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/kreuzberg-dev/html-to-markdown/blob/main/CHANGELOG.md&quot;&gt;html-to-markdown-rs's changelog</a>.</em></p>

<blockquote>

<h2>[3.6.7] - 2026-06-15</h2>

<h3>Fixed</h3>

<ul>

<li>

<p><strong>Restore Dart binding.</strong> v3.6.6 silently dropped Dart from <code>[workspace].languages</code> in <code>alef.toml</code> and moved <code>packages/dart/rust</code> from workspace <code>members</code> to <code>exclude</code> in the root <code>Cargo.toml</code>. The pub.dev publish of <code>h2m</code> 3.6.6 succeeded only because the Dart workflow's tag-time checkout predated the exclusion; any subsequent regeneration would have orphaned the binding. Dart is restored to both lists.</p>

</li>

<li>

<p><strong>Bump alef to 0.25.9 — fixes Elixir NIF <code>[patch.crates-io]</code> no-op error blocking the v3.6.6 publish.</strong> alef 0.25.7's Elixir scaffold emitted an unconditional <code>[patch.crates-io]</code> block in the generated Rustler NIF <code>Cargo.toml</code> with entries shaped <code>alloc-no-stdlib = { version = &quot;=2.0.4&quot; }</code> — cargo rejects these as <code>patch for 'alloc-no-stdlib' points to the same source, but patches must point to different sources</code>, failing every Elixir NIF matrix cell (linux x86_64/aarch64, macos x86_64/arm64) plus the Hex publish job on v3.6.6 publish run 27510348278. alef 0.25.9 (commit <code>e1e86bbc1</code>) replaces the broken patch block with direct <code>[dependencies]</code> entries pinning <code>alloc-no-stdlib = &quot;=2.0.4&quot;</code>, <code>alloc-stdlib = &quot;=0.2.2&quot;</code>, <code>brotli-decompressor = &quot;=5.0.1&quot;</code> plus matching <code>cargo-machete</code> ignores. 0.25.9 also ships the Ruby Rakefile YARD-coverage fix (<code>55f1eccf6</code>).</p>

</li>

</ul>

<h2>[3.6.6] - 2026-06-14</h2>

<h3>Fixed</h3>

<ul>

<li><strong>Bump alef to 0.25.7 — fixes <code>alef publish prepare</code> for non-workspace-member NIF crates (Ruby gem, Elixir NIF).</strong> alef 0.25.4–0.25.6 had a bug where <code>cargo update --locked</code> and <code>cargo metadata --locked</code> would fail for binding crates that are not workspace members (like the Rustler NIF and Magnus gem). The seed lockfile lacked a <code>[[package]]</code> entry for the binding crate, causing cargo to reject it. alef 0.25.7 dropped <code>--locked</code> from the metadata validation step and set <code>.env_remove(&quot;CARGO_BUILD_LOCKED&quot;)</code> to allow cargo to resolve these crates from the registry. This fix restores Ruby (all platforms) and Elixir NIF (all platforms + Hex package) support.</li>

</ul>

<h2>[3.6.5] - 2026-06-14</h2>

<h3>Fixed</h3>

<ul>

<li>

<p><strong>Elixir Hex/NIF + Ruby gem publish: bump alef pin to 0.25.4 so <code>alef publish prepare</code> produces a valid binding lockfile.</strong> alef 0.25.1's <code>vendor::scrub_or_regenerate_lock</code> strict-mode path failed on every v3.6.4 Elixir NIF and macOS/Linux Ruby gem build with <code>cargo update -p &lt;lockfile&gt; (or final cargo metadata validation) failed (exit code 101) ... cannot update the lock file ... because --locked was passed</code> — the seed lockfile's workspace-member path entries collided with the registry-source entries the rewrite added, and the final <code>cargo metadata --locked</code> validation could not reconcile them. alef 0.25.3 added <code>strip_workspace_member_entries</code> to drop the path-source entries from the seed before per-member <code>cargo update -p</code> runs, plus a full registry-URL package-id spec (<code>registry+https://github.com/rust-lang/crates.io-index#NAME@VERSION&lt;/code>) to disambiguate the per-member update. 0.25.4 also escapes Rust reserved keywords in extendr struct fields (relevant to R bindings consuming flat data enums with <code>serde(tag = &quot;type&quot;)</code>).</p>

</li>

<li>

<p><strong>Python sdist on Alpine/musl: <code>actions/rewrite-native-deps</code> v1.8.69 now strips <code>path = &quot;...&quot;</code> from <code>[workspace.dependencies]</code> entries.</strong> The 3.6.4 sdist's root <code>Cargo.toml</code> shipped with <code>[workspace.dependencies] html-to-markdown-rs = { version = &quot;3.6.4&quot;, path = &quot;crates/html-to-markdown&quot; }</code>, and cargo eagerly validates every workspace-dep entry on <code>pip install</code> — bailing with <code>failed to read .../crates/html-to-markdown/Cargo.toml</code> because the workspace crate is not bundled in the sdist. v1.8.66 added <code>[patch.*]</code> stripping for sdist consumers (resolved <a href="https://redirect.github.com/kreuzberg-dev/html-to-markdown/issues/390&quot;&gt;#390&lt;/a>) but missed <code>[workspace.dependencies]</code>. The new step drops <code>path</code> from every workspace-dependency entry, leaving the version so the dep resolves from crates.io on consumer install. Resolves <a href="https://redirect.github.com/kreuzberg-dev/html-to-markdown/issues/402&quot;&gt;#402&lt;/a&gt;.&lt;/p>

</li>

</ul>

<h2>[3.6.4] - 2026-06-14</h2>

<h3>Fixed</h3>

<ul>

<li>

<p><strong>CLI: drop <code>reqwest</code> <code>brotli</code> feature to keep <code>alloc-no-stdlib</code> on 2.x.</strong> The transitive <code>brotli</code> crate (pulled in via <code>async-compression</code>) jumped to 8.x which expects <code>alloc-no-stdlib</code> 3.x, but the workspace resolves the sibling at 2.x. The resulting trait drift broke <code>cargo build</code> on stable rustc with <code>the trait bound 'StandardAlloc: alloc::Allocator&lt;...&gt;' is not satisfied</code>, blocking the ubuntu-latest Python wheel build during the v3.6.3 publish run. The CLI's HTTP client now uses gzip+deflate only.</p>

</li>

<li>

<p><strong>Publish workflow: dispatch <code>publish-pubdev</code> with the release tag, not the branch ref.</strong> When <code>publish.yaml</code> was triggered by <code>release: published</code>, <code>github.ref_name</code> resolved to the branch where the release was authored (e.g. <code>main</code>). The child workflow's OIDC token then carried <code>refType=branch</code>, which pub.dev rejects with <code>publishing is only allowed from 'tag' refType</code>. Dispatch now uses <code>needs.prepare.outputs.tag</code> so the child runs against the tag and the OIDC token is accepted.</p>

</li>

<li>

<p><strong>Taskfile: <code>test-apps:test:zig</code> now grep'd the root <code>Cargo.toml</code> for the workspace version.</strong> The previous grep targeted <code>crates/html-to-markdown/Cargo.toml</code>, which uses <code>version.workspace = true</code> and has no literal version line — <code>H2M_VERSION</code> resolved to empty and the zig-fetch URL collapsed to <code>…/download/v/html-to-markdown-rs-zig-v.tar.gz</code> (404).</p>

</li>

</ul>

<h3>Changed</h3>

<ul>

<li>

<p><strong>Track <code>Cargo.lock</code> for reproducible builds.</strong> <code>Cargo.lock</code> was previously gitignored, defeating <code>cargo build --locked</code> everywhere it was used. Every CI runner resolved deps fresh, allowing semver-compatible drift to silently introduce broken transitives (the brotli/alloc-no-stdlib mismatch above). The root workspace lockfile plus the per-package nested lockfiles (R, Ruby, Elixir NIF, e2e/rust, test_apps/rust) are now tracked.</p>

</li>

<li>

<p><strong>Pass <code>--locked</code> to <code>cargo build</code> in CI, publish, scripts, and <code>alef.toml</code> hooks.</strong> Now that the lockfile is tracked, every CI/publish cargo build runs with <code>--locked</code> so a dirty index can't silently substitute newer transitive deps. Local-dev tasks (<code>.task/languages/rust.yml</code>) intentionally remain without <code>--locked</code> so contributors can pick up dep updates.</p>

</li>

<li>

<p><strong>Regenerated cross-language bindings with alef 0.25.1.</strong> Pulls in: csharp e2e codegen using <code>KreuzbergConverter</code> facade; swift e2e codegen no longer emits <code>?</code> chains on non-Optional <code>RustString</code> returns; C e2e codegen panics on missing <code>fields_c_types</code> keys instead of silently miscompiling; FFI/NAPI/PyO3/Magnus/Rustler test surface cleanup; <code>vendor::scrub_or_regenerate_lock</code> preserves workspace lockfile pins via per-member <code>cargo update</code> + <code>cargo metadata --locked</code> validation; NAPI strips the <code>readonly</code> keyword from emitted <code>service.cjs</code>.</p>

</li>

</ul>

<h2>[3.6.3] - 2026-06-14</h2>

<h3>Changed</h3>

<ul>

<li><strong>alef extension API: <code>[crates.ffi].visitor_callbacks</code> is now backed by the new alef per-extension

config mechanism.</strong> alef's <code>parse_config</code> hook now receives the real <code>[extensions.&lt;name&gt;]</code> section

from <code>alef.toml</code> rather than always <code>None</code>. The <code>visitor_callbacks = true</code> knob in <code>[crates.ffi]</code>

remains the correct way to enable the visitor/callback FFI pattern — it is a general alef feature

shared with Go, Java, C#, and other FFI consumers, not h2m-specific. A new

<code>transform_emitted_files</code> hook on the <code>Extension</code> trait is also available for downstream post-</li>

</ul>

<!-- raw HTML omitted -->

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/kreuzberg-dev/html-to-markdown/commit/390c692bbb03a3a485c0e83c0638c645f2b3117c&quot;&gt;&lt;code&gt;390c692&lt;/code&gt;&lt;/a> chore(release): substitute Swift checksum for 3.6.7</li>

<li><a href="https://github.com/kreuzberg-dev/html-to-markdown/commit/aa83693de673f46d2990a9adafc0b7354e4957cc&quot;&gt;&lt;code&gt;aa83693&lt;/code&gt;&lt;/a> chore(release): v3.6.7</li>

<li><a href="https://github.com/kreuzberg-dev/html-to-markdown/commit/d5923942af00463122aeb6efd6f8bcf8ea23f3c0&quot;&gt;&lt;code&gt;d592394&lt;/code&gt;&lt;/a> chore(release): v3.6.6</li>

<li><a href="https://github.com/kreuzberg-dev/html-to-markdown/commit/a0b2166321e6d9571bf249559e8d0a37fac31bcd&quot;&gt;&lt;code&gt;a0b2166&lt;/code&gt;&lt;/a> chore(deps): bump alef to 0.25.7 and regenerate bindings</li>

<li><a href="https://github.com/kreuzberg-dev/html-to-markdown/commit/42da7fd976db224bce4314498739b386caaa751f&quot;&gt;&lt;code&gt;42da7fd&lt;/code&gt;&lt;/a> chore(release): v3.6.5</li>

<li><a href="https://github.com/kreuzberg-dev/html-to-markdown/commit/710330919d2fd60c3f08175d29a68eff406a78c1&quot;&gt;&lt;code&gt;7103309&lt;/code&gt;&lt;/a> docs(changelog): add 3.6.4 release notes</li>

<li><a href="https://github.com/kreuzberg-dev/html-to-markdown/commit/b609a02fb8efec1151cae42d45868ef0204ac0e5&quot;&gt;&lt;code&gt;b609a02&lt;/code&gt;&lt;/a> chore(deps): upgrade language deps + regenerate bindings with alef 0.25.1</li>

<li><a href="https://github.com/kreuzberg-dev/html-to-markdown/commit/ade017f972bccb8b913953ddc42f5f0c6292b517&quot;&gt;&lt;code&gt;ade017f&lt;/code&gt;&lt;/a> chore(release): v3.6.4</li>

<li><a href="https://github.com/kreuzberg-dev/html-to-markdown/commit/62321d0f433d29627dd5b8f9632332b9fb1f0551&quot;&gt;&lt;code&gt;62321d0&lt;/code&gt;&lt;/a> fix(taskfile): grep root Cargo.toml for workspace version in zig test-app</li>

<li><a href="https://github.com/kreuzberg-dev/html-to-markdown/commit/6aedc55bf49f11236928adb6076e0eb7aedd9c00&quot;&gt;&lt;code&gt;6aedc55&lt;/code&gt;&lt;/a> chore: pass --locked to cargo build in CI/publish/scripts/alef.toml</li>

<li>Additional commits viewable in <a href="https://github.com/kreuzberg-dev/html-to-markdown/compare/v3.5.7...v3.6.7&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.