Update calamine requirement from 0.31 to 0.33 in /ext/parsekit

[dependabot]

Updates the requirements on calamine to permit the latest version.

Release notes

Sourced from calamine's releases.

v0.33.0 - 2026-02-04

Added

• Added support for reading data from Pivot Tables, which involves reading data from the internal Pivot Cache. [PR #559].

  [PR #559]: tafia/calamine#559

Changed

• Update dependencies for release 0.33.0:

  • zip: 4.2.0 -> 7.0.
  • atoi_simd: 0.16 -> 0.17

Fixed

• Fixed potential memory exhaustion issue in ODS files that could be triggered via repeated empty rows/columns.

  The fix adds limits to prevent memory exhaustion from malicious ODS files that declare billions of repeated cells via table:number-rows-repeated and table:number-columns-repeated attributes.

  The change adds the following protection layers:

  • Add cap for columns per row at MAX_COLUMNS (16,384).
  • Add cap for total row repeats at MAX_ROWS (1,048,576).
  • Add cap for total cells at MAX_CELLS (100 million) in get_range().

  These limits match XLSX's existing row/column limits and prevent a 7KB malicious file from attempting to allocate memory for 17+ billion cells.

  When MAX_CELLS is exceeded, return OdsError::CellLimitExceeded instead of silently returning an empty range. This ensures callers are properly informed of truncation rather than receiving silent data loss.

  [Issue #594], [PR #596].

  [Issue #594]: tafia/calamine#594 [PR #596]: tafia/calamine#596

• Fixed an issue where XLSX files with tables that had the internal insertRow attribute set returned a Dimensions object where the end row was less than the start row. This caused an assert/panic when trying to create a Range object to return the table range. [Issue #589].

  [Issue #589]: tafia/calamine#589

• Fixed an issue with XLSX files where worksheet tables used the unusual, but

... (truncated)

Changelog

Sourced from calamine's changelog.

[0.33.0] - 2026-02-04

Added

• Added support for reading data from Pivot Tables, which involves reading data from the internal Pivot Cache. [PR #559].

  [PR #559]: tafia/calamine#559

Changed

• Update dependencies for release 0.33.0:

  • zip: 4.2.0 -> 7.0.
  • atoi_simd: 0.16 -> 0.17

Fixed

• Fixed potential memory exhaustion issue in ODS files that could be triggered via repeated empty rows/columns.

  The fix adds limits to prevent memory exhaustion from malicious ODS files that declare billions of repeated cells via table:number-rows-repeated and table:number-columns-repeated attributes.

  The change adds the following protection layers:

  • Add cap for columns per row at MAX_COLUMNS (16,384).
  • Add cap for total row repeats at MAX_ROWS (1,048,576).
  • Add cap for total cells at MAX_CELLS (100 million) in get_range().

  These limits match XLSX's existing row/column limits and prevent a 7KB malicious file from attempting to allocate memory for 17+ billion cells.

  When MAX_CELLS is exceeded, return OdsError::CellLimitExceeded instead of silently returning an empty range. This ensures callers are properly informed of truncation rather than receiving silent data loss.

  [Issue #594], [PR #596].

  [Issue #594]: tafia/calamine#594 [PR #596]: tafia/calamine#596

• Fixed an issue where XLSX files with tables that had the internal insertRow attribute set returned a Dimensions object where the end row was less than the start row. This caused an assert/panic when trying to create a Range object to return the table range. [Issue #589].

  [Issue #589]: tafia/calamine#589

... (truncated)

Commits

• 203258c release: 0.33.0
• 778bd8b deps: update dependencies for release 0.33.0
• b17b040 feat: add support for reading PivotTable/PivotCache (#559)
• a1b5768 ods: fix DoS via repeated rows/columns (issue #594) (#596)
• 1dc58c6 xlsx: fix table issue when insertRow attribute is set
• 9111009 xlsx: fix issue with table reference ids
• e76bcd7 docs: prep changelog for next release
• 0bcb811 release: 0.32.0
• 38ef0e3 fix(XLSX): support replacing row/column ranges
• 6cf8454 fix: remove unused error conversions
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.