chore(deps): Update dependencies and prepare v0.1.1 release

[unclesp1d3r]

Summary

• Update thiserror to 2.0.12 and windows to 0.62.0
• Update mise-action to v4.0.0 in all CI workflows
• Update mdformat to 1.0.0 with new uvx_args configuration
• Add .coderabbit.yaml for review and automation guidelines
• Prepare v0.1.1 release with updated changelog

Test Plan

• All 22 tests pass locally (macOS stub validation)
• CI passes on Windows (full FFI tests)
• Verify updated dependencies build cleanly
• Confirm CI workflows run with updated mise-action

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated project dependencies to their latest compatible versions for improved stability and features
  • Updated CI/CD workflows and development tooling configuration

Walkthrough

This PR updates development tooling and dependencies across the project: bumps mise-action to v4.0.0 across four CI/CD workflows, updates Rust dependencies (thiserror, windows, proptest), increments mdformat to v1.0.0, documents the v0.1.1 release in the changelog, and enhances the changelog generation build recipe.

Changes

Cohort / File(s)	Summary
Workflow Tooling Updates .github/workflows/ci.yml, .github/workflows/docs.yml, .github/workflows/release-plz.yml, .github/workflows/security.yml	Updates jdx/mise-action from v3.6.3 (commit 5228313e...) to v4.0.0 (commit c1ecc8f7...) across all workflow jobs. No behavioral changes to surrounding steps or inputs.
Rust Dependencies Cargo.toml	Bumps three dependencies: thiserror 2.0 → 2.0.18, windows 0.62 → 0.62.2, and proptest 1.6.0 → 1.10.0. Updates are version-only with no structural changes.
Build Configuration justfile, mise.toml	Adds --current flag to git-cliff invocation in changelog recipe. Updates mdformat from 0.7.21 to 1.0.0 with revised feature flags (admon, config, web, ruff, front-matters, footnote, simple-breaks, toc, gfm-alerts).
Release Documentation CHANGELOG.md	Removes "unreleased" section header and documentation/miscellaneous entries. Adds v0.1.1 release entry (#2). Includes minor styling section adjustment for TOML reformatting.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

enhancement, priority:normal

Poem

🔧 Mise action rises to v4,
Dependencies updated near and far,
mdformat blooms with v1's grace,
Tooling refined to set the pace,
v0.1.1 marks the release—build system's ace! 🚀

🚥 Pre-merge checks | ✅ 4 | ❌ 2

❌ Failed checks (2 inconclusive)

Check name	Status	Explanation	Resolution
Error-Handling-Check	❓ Inconclusive	Repository source code files are inaccessible; cannot verify public API error handling patterns, Result types, or panic avoidance without inspecting actual Rust implementation.	Access and inspect src/lib.rs and src/ffi.rs to verify public APIs return Result<_, TokenPrivilegeError>, wrap Win32 errors safely, and contain SAFETY comments for unsafe blocks.
Test-Coverage-Check	❓ Inconclusive	PR contains only dependency updates and CI changes; no test code modifications are present to verify Windows/non-Windows paths, UnsupportedPlatform stubs, privilege names, or enumeration/elevation consistency.	Clarify whether check verifies existing test coverage (outside PR scope) or requires test modifications in this PR. Review complete test suite separately if coverage verification is needed.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows Conventional Commits specification with type 'chore', scope 'deps', and a clear description that accurately summarizes the main changes: dependency updates and release preparation.
Description check	✅ Passed	The description is well-structured and directly related to the changeset, detailing specific dependency updates, CI workflow changes, tool configuration updates, and release preparation with a test plan.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Unsafe-Audit	✅ Passed	All unsafe Win32 FFI calls are properly confined to src/ffi.rs with documented SAFETY comments, RAII pattern enforcement, and platform gating.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch update_deps

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 CI must pass

Wonderful, this rule succeeded.

• #commits-behind <= 3
• check-success = Code Quality
• check-success = Test (Windows)

[dosubot]

Related Documentation

2 document(s) may need updating based on files changed in this PR:

token-privilege

CI Pipeline Architecture

View Suggested Changes

@@ -342,7 +342,7 @@
 - [cargo-audit 0.22.1](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L7), [cargo-deny 0.19.0](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L8), [scorecard 5.4.0](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L33), [cargo-auditable 0.7.4](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L24), [cargo-cyclonedx 0.5.7](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L25)
 
 **Documentation**:
-- [lychee 0.23.0](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L29), [markdownlint-cli2 0.21.0](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L30), [mdformat 0.7.21](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L26), [prettier 3.8.1](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L27)
+- [lychee 0.23.0](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L29), [markdownlint-cli2 0.21.0](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L30), [mdformat 1.0.0](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L26), [prettier 3.8.1](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L27)
 - [mdbook toolchain](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/mise.toml#L12-L19) (8 plugins: base, linkcheck, tabs, mermaid, toc, admonish, open-on-gh, i18n-helpers)
 
 **Release Automation**:

✅ Accepted

Crate Architecture

View Suggested Changes

@@ -168,7 +168,7 @@
 
 On Windows targets (`cfg(windows)`), the crate compiles full implementations:
 
-- **Win32 API bindings**: Uses the `windows` crate 0.62 as a conditional dependency, only included when compiling for Windows
+- **Win32 API bindings**: Uses the `windows` crate 0.62.2 as a conditional dependency, only included when compiling for Windows
 - **FFI layer**: All unsafe Win32 calls in `src/ffi.rs` interact with token privilege APIs like `GetTokenInformation`, `OpenProcessToken`, and `LookupPrivilegeValueW`
 - **Full functionality**: Complete elevation detection and privilege management operations
 
@@ -296,26 +296,28 @@
 
 ### Runtime Dependencies
 
-**thiserror 2.0** - Error Type Derivation
+**thiserror 2.0.18** - Error Type Derivation
 - **Purpose**: Provides procedural macros for deriving `std::error::Error` implementations
 - **Usage**: `TokenPrivilegeError` enum uses `#[derive(Error)]` for idiomatic error handling
 - **Rationale**: Standard in the Rust ecosystem for error types; compile-time code generation with zero runtime overhead
-- **Version**: 2.0 for latest features and stability
-
-**windows 0.62** - Win32 API Bindings
+- **Version**: 2.0.18 from the 2.0 series
+
+**windows 0.62.2** - Win32 API Bindings
 - **Purpose**: Provides safe bindings to Windows APIs
 - **Platform gating**: [`cfg(windows)` only](https://github.com/EvilBit-Labs/token-privilege/blob/243f05cb8e2fff4b750982d3f9b480a28f4b2ecc/.github/commit-instructions.md) - not compiled on other platforms
 - **Features**: Minimal feature flags for token privilege APIs only (reduces compilation time and binary size)
 - **API access**: `GetTokenInformation`, `OpenProcessToken`, `LookupPrivilegeValueW`, `CloseHandle`
 - **Rationale**: Official Microsoft-maintained bindings; type-safe FFI layer
+- **Version**: 0.62.2 from the 0.62 series
 
 ### Development Dependencies
 
-**proptest 1.6** - Property-Based Testing
+**proptest 1.10.0** - Property-Based Testing
 - **Purpose**: Generate random test cases to verify invariants hold across input space
 - **Usage**: Test privilege name validation, error path handling, edge cases
 - **Scope**: `[dev-dependencies]` only - not included in production builds
 - **Rationale**: Catches corner cases that hand-written unit tests might miss
+- **Version**: 1.10.0 from the 1.x series
 
 ### Dependency Management
 

✅ Accepted

Note: You must be authenticated to accept/decline updates.

^{How did I do? Any feedback?}  

[Copilot]

Pull request overview

Maintenance/release prep PR that updates Rust/tooling dependencies, refreshes CI setup, and updates release artifacts/config to support the v0.1.1 release process.

Changes:

• Bump Rust crate dependencies (thiserror, windows) and dev-dependency (proptest).
• Update local tooling pinning for mdformat (mise) and refresh mise.lock tool metadata.
• Update GitHub Actions workflows to use jdx/mise-action v4 and add CodeRabbit review configuration; update changelog generation/release notes.

Reviewed changes

Copilot reviewed 8 out of 10 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
mise.toml	Updates mdformat version and uvx_args plugin set used by mise/pipx.
mise.lock	Regenerates lock entries for updated tooling (mdformat) and platform artifacts (python/shellcheck).
justfile	Changes default changelog recipe to run git-cliff --current.
Cargo.toml	Bumps Rust dependencies (thiserror, windows) and proptest.
CHANGELOG.md	Updates v0.1.1 changelog content/structure.
.github/workflows/security.yml	Updates mise-action pin to v4.0.0.
.github/workflows/release-plz.yml	Updates mise-action pin to v4.0.0.
.github/workflows/docs.yml	Updates mise-action pin to v4.0.0.
.github/workflows/ci.yml	Updates mise-action pin to v4.0.0 across CI jobs.
.coderabbit.yaml	Adds CodeRabbit configuration for automated review/guidance.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[unclesp1d3r]

@Mergifyio queue

[mergify]

Merge Queue Status

• 🟠 Waiting for queue conditions
• ⏳ Enter queue
• ⏳ Run checks
• ⏳ Merge

Required conditions to enter a queue

• -closed [📌 queue requirement]
• -conflict [📌 queue requirement]
• -draft [📌 queue requirement]
• any of [📌 queue -> configuration change requirements]:
  • -mergify-configuration-changed
  • check-success = Configuration changed
• any of [📌 queue requirement]:
  • check-success = Mergify Merge Protections
  • check-neutral = Mergify Merge Protections
  • check-skipped = Mergify Merge Protections
• any of [🔀 queue conditions]:
  • all of [📌 queue conditions of queue default]:
    • check-success = Code Quality
    • check-success = Test (Windows)
    • all of [🛡 Merge Protections rule CI must pass]:
      • #commits-behind <= 3
      • check-success = Code Quality
      • check-success = Test (Windows)
    • any of [🛡 GitHub repository ruleset rule main]:
      • check-success = DCO
      • check-neutral = DCO
      • check-skipped = DCO
    • any of [🛡 GitHub repository ruleset rule main]:
      • check-success = Mergify Merge Protections
      • check-neutral = Mergify Merge Protections
      • check-skipped = Mergify Merge Protections

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-03-14 06:46 UTC · Rule: default
• ✅ Checks passed · in-place
• ✅ Merged — 2026-03-14 06:46 UTC · at 47e950b2f78b7427ebde98963bb2cf20e8415114

This pull request spent 5 seconds in the queue, with no time running CI.

Required conditions to merge

• check-success = Code Quality
• check-success = Test (Windows)
• all of [🛡 Merge Protections rule CI must pass]:
  • #commits-behind <= 3
    • chore(deps): Update dependencies and prepare v0.1.1 release #3
  • check-success = Code Quality
  • check-success = Test (Windows)
• any of [🛡 GitHub repository ruleset rule main]:
  • check-success = DCO
  • check-neutral = DCO
  • check-skipped = DCO
• any of [🛡 GitHub repository ruleset rule main]:
  • check-success = Mergify Merge Protections
  • check-neutral = Mergify Merge Protections
  • check-skipped = Mergify Merge Protections

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!