bump few deps

[klensy]

Update few deps to fix security vulns, future incompatibilities, duplicates.

jemalloc-sys v0.5.0+5.3.0 -> v0.5.3+5.3.0-patched: fixes future-incompatibilities by dropping fs_extra (https://github.com/rust-lang-ci/rust/actions/runs/4626595610/jobs/8183514150#step:26:19499, https://github.com/tikv/jemallocator/blob/tikv-jemalloc-sys-0.5.3/CHANGELOG.md)

openssl-src v111.22.0+1.1.1q -> v111.25.0+1.1.1t: fixes few vulns:
https://www.openssl.org/news/vulnerabilities-1.1.1.html
https://www.cve.org/CVERecord?id=CVE-2022-4304
https://www.cve.org/CVERecord?id=CVE-2022-4450
https://www.cve.org/CVERecord?id=CVE-2023-0215
https://www.cve.org/CVERecord?id=CVE-2023-0286
There exist newer openssl version 1.1.1u with low severity vulns, but no crate update yet

openssl crate with deps 0.10.38 ->0.10.49 fixes vulns (https://github.com/sfackler/rust-openssl/blob/openssl-v0.10.49/openssl/CHANGELOG.md)
https://rustsec.org/advisories/RUSTSEC-2023-0022
https://rustsec.org/advisories/RUSTSEC-2023-0023
https://rustsec.org/advisories/RUSTSEC-2023-0024

update env_logger for rustbook and cargo_metadata for tidy to newer versions (still used by rustfmt, miri)

[rustbot]

r? @Mark-Simulacrum

(rustbot has picked a reviewer for you, use r? to override)

[rustbot]

These commits modify the Cargo.lock file. Random changes to Cargo.lock can be introduced when switching branches and rebasing PRs.
This was probably unintentional and should be reverted before this PR is merged.

If this was intentional then you can ignore this comment.

[Mark-Simulacrum]

@bors r+

[bors]

📌 Commit 40b6095 has been approved by Mark-Simulacrum

It is now in the queue for this repository.

[bors]

⌛ Testing commit 40b6095 with merge d56b56d9e14b748d05ab682c8d8d09250964743c...

[bors]

💔 Test failed - checks-actions

[ehuss]

@bors retry

crates.io network blip

[bors]

⌛ Testing commit 40b6095 with merge 7f7e8fb...

[bors]

☀️ Test successful - checks-actions
Approved by: Mark-Simulacrum
Pushing 7f7e8fb to master...

[rust-timer]

Finished benchmarking commit (7f7e8fb): comparison URL.

Overall result: no relevant changes - no action needed

@rustbot label: -perf-regression

Instruction count

This benchmark run did not return any relevant results for this metric.

Max RSS (memory usage)

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean	range	count
Regressions ❌ (primary)	0.5%	[0.4%, 0.6%]	3
Regressions ❌ (secondary)	-	-	0
Improvements ✅ (primary)	-0.4%	[-0.4%, -0.4%]	1
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	0.3%	[-0.4%, 0.6%]	4

Cycles

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean	range	count
Regressions ❌ (primary)	0.5%	[0.5%, 0.5%]	1
Regressions ❌ (secondary)	-	-	0
Improvements ✅ (primary)	-0.5%	[-0.5%, -0.5%]	1
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	0.0%	[-0.5%, 0.5%]	2

[rust-log-analyzer]

A job failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)