fix(deps): update rust crate lol_html to v3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
lol_html	dependencies	major	2.6.0 → 3.0.0

---

Release Notes

cloudflare/lol-html (lol_html)

v3.0.0

Compare Source

• Added MemorySettings::with_graceful_bail_out_on_memory_limit_exceeded(): when set, the
  rewriter flushes every input byte it has received but not yet emitted to the sink (as-is)
  before returning MemoryLimitExceededError, so callers can continue the response by
  writing subsequent bytes directly to their downstream sink instead of breaking it.
• Added Settings::with_graceful_bail_out_on_content_handler_error(): symmetric to the
  memory setting above, but for RewritingError::ContentHandlerError. When set, the
  rewriter flushes remaining input bytes before propagating a handler error, preserving
  the response. Currently exposed via the Rust API only; the C API still uses the original
  behavior.
• Added Settings::append_bail_out_handler() and the matching bail_out! macro,
  BailOut rewritable unit, and BailOutHandler / BailOutHandlerSend type aliases.
  Bail-out handlers fire immediately before the raw flush of remaining unparsed input on a
  graceful bail-out (memory or content-handler error). Handlers receive the
  RewritingError and a BailOut through which they can append final bytes to the sink
  via BailOut::append(content, content_type). Intended for handlers that buffer state
  across the document (e.g. text-buffering handlers that defer emission) and need to
  flush that state on bail-out.
• Marked RewritingError #[non_exhaustive] so future error variants can be added without
  a major version bump. External callers can still match on it, but must include a
  catch-all _ => arm.
• Reworked Settings, MemorySettings and RewriteStrSettings to use a consuming-builder
  API. Fields are now private; construction is via ::new() plus chained with_* setters
  and append_* methods for the content-handler vectors. This makes future field additions
  non-breaking. Migration:

  // before
  Settings {
      element_content_handlers: vec![element!("div", |el| { /* ... */ Ok(()) })],
      strict: false,
      ..Settings::new()
  }
  // after
  Settings::new()
      .with_strict(false)
      .append_element_content_handler(element!("div", |el| { /* ... */ Ok(()) }))

• Renamed the internal-use feature integration_test to _integration_test. The leading
  underscore signals to cargo-semver-checks and similar tools that the feature is not
  part of the public API.
• Comment::set_text now also rejects --!>, a leading >, and a leading ->, which
  WHATWG-conformant browsers treat as comment terminators. Previously only --> was
  rejected, so a caller passing attacker-influenced data could let an attacker break out
  of the comment and inject HTML (security fix).

---

Configuration

📅 Schedule: (in timezone America/Indiana/Indianapolis)

• Branch creation
  • Between 08:00 AM and 11:59 PM, only on Friday and Saturday (* 8-23 * * 5,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/​lol_html@​2.9.0 ⏵ 3.0.0	+1		+1

View full report

[sentry]

⚠️ JUnit XML file not found

The CLI was unable to find any JUnit XML files to upload.
For more help, visit our troubleshooting guide.

[github-actions]

Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 0c74bdb.