[codex] Update time to fix RustSec advisory

[Nicolas0315]

Summary

• Update time from 0.3.45 to 0.3.47 to address RUSTSEC-2026-0009.
• Update the workspace MSRV from 1.85 to 1.88 because time 0.3.47 requires Rust 1.88.
• Refresh the vendored openlogi-hidpp MSRV comment so it no longer references the old workspace lower bound.

Validation

• cargo audit exits 0; RUSTSEC-2026-0009 is no longer reported. Existing unmaintained advisories remain warning-only.
• cargo fmt --all -- --check
• cargo metadata --locked --format-version 1 --no-deps
• CARGO_NET_GIT_FETCH_WITH_CLI=true cargo tree --workspace -i time --target all --locked

cargo clippy --workspace --all-targets -- -D warnings was attempted, but local linking is blocked before project code compiles because this machine has not accepted the Xcode license (sudo xcodebuild -license).

[greptile-apps]

Greptile Summary

This PR patches RUSTSEC-2026-0009 by updating time from 0.3.45 to 0.3.47, which requires bumping the workspace MSRV from 1.85 to 1.88; supporting crates time-core, time-macros, and num-conv are updated in the lockfile to match.

• Cargo.lock: Checksums and versions updated for time (0.3.45→0.3.47), time-core (0.1.7→0.1.8), time-macros (0.2.25→0.2.27), and num-conv (0.1.0→0.2.2).
• Cargo.toml: Workspace rust-version raised from 1.85 to 1.88 to satisfy time 0.3.47's minimum compiler requirement.
• crates/openlogi-hidpp/Cargo.toml / docs/DEVELOPMENT.md: Comment and documentation updated to remove the now-stale reference to the old workspace MSRV (1.85); openlogi-hidpp retains its explicit rust-version = "1.87" to document its fork-specific lower bound independently of the workspace.

Confidence Score: 5/5

Safe to merge — changes are purely dependency version bumps and documentation updates with no logic changes.

The change only updates dependency versions in Cargo.lock and Cargo.toml, raises the workspace MSRV to match, and cleans up a comment and one documentation line. There are no logic or API changes in project source code. The lockfile reflects consistent, transitively-updated checksums for the time crate family. The openlogi-hidpp crate retaining an explicit rust-version of 1.87 (below the new workspace 1.88) is intentional and correctly explained in the updated comment.

No files require special attention.

Important Files Changed

Filename	Overview
Cargo.lock	Updates time (0.3.45→0.3.47), time-core (0.1.7→0.1.8), time-macros (0.2.25→0.2.27), and num-conv (0.1.0→0.2.2) to address RUSTSEC-2026-0009; checksums updated accordingly.
Cargo.toml	Bumps workspace MSRV from 1.85 to 1.88 to satisfy the new requirement imposed by time 0.3.47.
crates/openlogi-hidpp/Cargo.toml	Refreshes the comment on the explicit rust-version = "1.87" declaration; no functional change; the explicit value is now intentionally below the workspace MSRV (1.88) to document the fork's own constraint.
docs/DEVELOPMENT.md	Updates the MSRV reference in developer documentation from 1.85 to 1.88 to match the new workspace rust-version.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["RUSTSEC-2026-0009\nadvisory in time 0.3.45"] --> B["Upgrade time → 0.3.47"]
    B --> C["time-core 0.1.7 → 0.1.8\ntime-macros 0.2.25 → 0.2.27\nnum-conv 0.1.0 → 0.2.2"]
    B --> D["time 0.3.47 requires\nRust ≥ 1.88"]
    D --> E["Workspace MSRV\n1.85 → 1.88\n(Cargo.toml)"]
    E --> F["docs/DEVELOPMENT.md\nMSRV updated to 1.88"]
    E --> G["openlogi-hidpp\nretains explicit 1.87\n(fork's own bound)"]
    C --> H["Cargo.lock checksums\nrefreshed"]

Loading

_{Reviews (1): Last reviewed commit: "Update time to fix RustSec advisory" | Re-trigger Greptile}