Skip to content

Bump the rust-minor group with 11 updates#722

Merged
torokati44 merged 1 commit into
mainfrom
dependabot/cargo/rust-minor-5f2118fba6
Apr 22, 2026
Merged

Bump the rust-minor group with 11 updates#722
torokati44 merged 1 commit into
mainfrom
dependabot/cargo/rust-minor-5f2118fba6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the rust-minor group with 11 updates:

Package From To
tokio 1.51.1 1.52.1
bitstream-io 4.9.0 4.10.0
clap 4.6.0 4.6.1
clap_derive 4.6.0 4.6.1
hyper-rustls 0.27.8 0.27.9
portable-atomic-util 0.2.6 0.2.7
pxfm 0.1.28 0.1.29
rustls-webpki 0.103.11 0.103.13
wasip2 1.0.2+wasi-0.2.9 1.0.3+wasi-0.2.9
winnow 1.0.1 1.0.2
wit-bindgen 0.51.0 0.57.1

Updates tokio from 1.51.1 to 1.52.1

Release notes

Sourced from tokio's releases.

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

  • runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

  • io: AioSource::register_borrowed for I/O safety support (#7992)
  • net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

  • runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
  • taskdump: add trace_with() for customized task dumps (#8025)
  • taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
  • fs: support io_uring in AsyncRead for File (#7907)

Changed

  • runtime: improve spawn_blocking scalability with sharded queue (#7757)
  • runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

  • runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

  • docs: fix typo in oneshot::Sender::send docs (#8026)
  • docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
  • net: add docs on ConnectionRefused errors with UDP sockets (#7870)

#7757: tokio-rs/tokio#7757 #7870: tokio-rs/tokio#7870 #7907: tokio-rs/tokio#7907 #7992: tokio-rs/tokio#7992 #8010: tokio-rs/tokio#8010 #8025: tokio-rs/tokio#8025 #8026: tokio-rs/tokio#8026 #8028: tokio-rs/tokio#8028 #8029: tokio-rs/tokio#8029

... (truncated)

Commits
  • 905c146 chore: prepare to release v1.52.1 (#8059)
  • 56aaa43 rt: revert #7757 to fix regression in spawn_blocking (#8057)
  • 57ff47a ci: update trybuild to expect output from rustc 1.95.0 (#8058)
  • 812de3e ci: bump taiki-e/cache-cargo-install-action from 1 to 3 (#8053)
  • ba82e73 ci: use Dependabot to keep github actions up to date (#8052)
  • 2e85f9d ci: replace cirrus-ci with freebsd-vm (#8041)
  • a7e1cd8 ci: update GitHub Actions workflows to use latest tool versions (#8047)
  • 5f7be0a chore: perpare 1.52.0 (#8045)
  • 36d12d2 taskdump: allow impl FnMut() in taskdumps instead of just fn() (#8040)
  • f943312 fs: support io-uring in AsyncRead for File (#7907)
  • Additional commits viewable in compare view

Updates bitstream-io from 4.9.0 to 4.10.0

Commits
  • 0ca4d89 Bump version to 4.10.0
  • a5b61a0 Update no-std dependency from core2 to no-std-io2
  • 6ac1342 Optimize Huffman code writer
  • 41cd533 Add method to retrieve unsigned bits from SignedBitCount
  • 354041e Merge pull request #35 from wojciech-graj/master
  • 3f5d3f7 Automatically generate feature gate docs
  • See full diff in compare view

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Commits
  • 1420275 chore: Release
  • d2c817d docs: Update changelog
  • f88c94e Merge pull request #6341 from epage/sep
  • acbb822 fix(complete): Reduce risk of conflict with actual subcommands
  • a49fadb refactor(complete): Pull out subcommand separator
  • ddc008b Merge pull request #6332 from epage/update
  • 497dc50 chore: Update compatible dependencies
  • dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
  • 54bdaa3 chore(deps): Update j178/prek-action action to v2
  • f0d30d9 chore: Release
  • Additional commits viewable in compare view

Updates clap_derive from 4.6.0 to 4.6.1

Release notes

Sourced from clap_derive's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Changelog

Sourced from clap_derive's changelog.

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Commits
  • ac5fda6 chore: Release
  • b73c627 docs: Update changelog
  • 44cfb34 Merge pull request #6346 from TomPlanche/fix/cargo-env-incremental-rebuild
  • 34ef8a0 fix(derive): Track Cargo env vars for incremental rebuilds
  • 0fe0be3 chore: Release
  • 480af9d docs: Update changelog
  • 2b3ddd0 Merge pull request #6340 from liskin/fix-completion-escape
  • 7ffe739 fix(complete): Do not suggest options after "--"
  • d47fc4f test(complete): Options suggested after escape (--)
  • 1420275 chore: Release
  • Additional commits viewable in compare view

Updates hyper-rustls from 0.27.8 to 0.27.9

Release notes

Sourced from hyper-rustls's releases.

0.27.9

This release fixes the accidental omission of the ISC license in the published crate.

What's Changed

Full Changelog: rustls/hyper-rustls@v/0.27.8...v/0.27.9

Commits
  • 9741534 Cargo: version 0.27.8 -> 0.27.9
  • d391ce2 Cargo: update semver compat deps
  • a163901 Cargo: fix include license typo for ISC license
  • b3eb41e Bump rustls from 0.23.37 to 0.23.38
  • See full diff in compare view

Updates portable-atomic-util from 0.2.6 to 0.2.7

Release notes

Sourced from portable-atomic-util's releases.

0.2.7

  • Implement serde serialization and deserialization for Arc, gated behind "serde" feature. (#2, thanks @​tommasoclini)
Changelog

Sourced from portable-atomic-util's changelog.

[0.2.7] - 2026-04-16

  • Implement serde serialization and deserialization for Arc, gated behind "serde" feature. (#2, thanks @​tommasoclini)
Commits

Updates pxfm from 0.1.28 to 0.1.29

Release notes

Sourced from pxfm's releases.

0.1.29

What's Changed

Full Changelog: awxkee/pxfm@0.1.28...0.1.29

Commits

Updates rustls-webpki from 0.103.11 to 0.103.13

Release notes

Sourced from rustls-webpki's releases.

0.103.13

  • Fix reachable panic in parsing a CRL. This was reported to us as GHSA-82j2-j2ch-gfr8. Users who don't use CRLs are not affected.
  • For name constraints on URI names, we incorrectly processed excluded subtrees in a way which inverted the desired meaning. See rustls/webpki#471. This was a case missing in the fix for GHSA-965h-392x-2mh5.

What's Changed

Full Changelog: rustls/webpki@v/0.103.12...v/0.103.13

0.103.12

This release fixes two bugs in name constraint enforcement:

  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

What's Changed

Full Changelog: rustls/webpki@v/0.103.11...v/0.103.12

Commits
  • 2879b2c Prepare 0.103.13
  • 2c49773 Improve tests for padding of BitStringFlags
  • 4e3c0b3 Correct validation of BIT STRING constraints
  • 39c91d2 Actually fail closed for URI matching against excluded subtrees
  • 27131d4 Bump version to 0.103.12
  • 6ecb876 Clean up stuttery enum variant names
  • 318b3e6 Ignore wildcard labels when matching name constraints
  • 1219622 Rewrite constraint matching to avoid permissive catch-all branch
  • See full diff in compare view

Updates wasip2 from 1.0.2+wasi-0.2.9 to 1.0.3+wasi-0.2.9

Commits

Updates winnow from 1.0.1 to 1.0.2

Changelog

Sourced from winnow's changelog.

[1.0.2] - 2026-04-21

Fixes

  • Support TreeError in binary::bits (regression from 1.0.0)
Commits
  • 05d3cd2 chore: Release
  • 7ac7c0f docs: Update changelog
  • ac12806 Merge pull request #909 from epage/tree
  • 6ed2d5f fix(error): Support Bits with TreeError
  • f09c7a4 chore(deps): Update Rust Stable to v1.95 (#906)
  • 7f8c41c Merge pull request #905 from winnow-rs/renovate/j178-prek-action-2.x
  • c40231c Merge pull request #904 from winnow-rs/renovate/codecov-codecov-action-6.x
  • 93b12c0 chore(deps): Update j178/prek-action action to v2
  • 7780f54 chore(deps): Update codecov/codecov-action action to v6
  • See full diff in compare view

Updates wit-bindgen from 0.51.0 to 0.57.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the rust-minor group with 11 updates
028f1b0 
Bumps the rust-minor group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [tokio](https://github.com/tokio-rs/tokio) | `1.51.1` | `1.52.1` |
| [bitstream-io](https://github.com/tuffy/bitstream-io) | `4.9.0` | `4.10.0` |
| [clap](https://github.com/clap-rs/clap) | `4.6.0` | `4.6.1` |
| [clap_derive](https://github.com/clap-rs/clap) | `4.6.0` | `4.6.1` |
| [hyper-rustls](https://github.com/rustls/hyper-rustls) | `0.27.8` | `0.27.9` |
| [portable-atomic-util](https://github.com/taiki-e/portable-atomic-util) | `0.2.6` | `0.2.7` |
| [pxfm](https://github.com/awxkee/pxfm) | `0.1.28` | `0.1.29` |
| [rustls-webpki](https://github.com/rustls/webpki) | `0.103.11` | `0.103.13` |
| [wasip2](https://github.com/bytecodealliance/wasi-rs) | `1.0.2+wasi-0.2.9` | `1.0.3+wasi-0.2.9` |
| [winnow](https://github.com/winnow-rs/winnow) | `1.0.1` | `1.0.2` |
| [wit-bindgen](https://github.com/bytecodealliance/wit-bindgen) | `0.51.0` | `0.57.1` |


Updates `tokio` from 1.51.1 to 1.52.1
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.51.1...tokio-1.52.1)

Updates `bitstream-io` from 4.9.0 to 4.10.0
- [Changelog](https://github.com/tuffy/bitstream-io/blob/master/CHANGES.md)
- [Commits](tuffy/bitstream-io@v4.9.0...v4.10.0)

Updates `clap` from 4.6.0 to 4.6.1
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.6.0...clap_complete-v4.6.1)

Updates `clap_derive` from 4.6.0 to 4.6.1
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@v4.6.0...v4.6.1)

Updates `hyper-rustls` from 0.27.8 to 0.27.9
- [Release notes](https://github.com/rustls/hyper-rustls/releases)
- [Commits](rustls/hyper-rustls@v/0.27.8...v/0.27.9)

Updates `portable-atomic-util` from 0.2.6 to 0.2.7
- [Release notes](https://github.com/taiki-e/portable-atomic-util/releases)
- [Changelog](https://github.com/taiki-e/portable-atomic-util/blob/main/CHANGELOG.md)
- [Commits](taiki-e/portable-atomic-util@v0.2.6...v0.2.7)

Updates `pxfm` from 0.1.28 to 0.1.29
- [Release notes](https://github.com/awxkee/pxfm/releases)
- [Commits](awxkee/pxfm@0.1.28...0.1.29)

Updates `rustls-webpki` from 0.103.11 to 0.103.13
- [Release notes](https://github.com/rustls/webpki/releases)
- [Commits](rustls/webpki@v/0.103.11...v/0.103.13)

Updates `wasip2` from 1.0.2+wasi-0.2.9 to 1.0.3+wasi-0.2.9
- [Commits](bytecodealliance/wasi-rs@wasip2-1.0.2...wasip2-1.0.3)

Updates `winnow` from 1.0.1 to 1.0.2
- [Changelog](https://github.com/winnow-rs/winnow/blob/main/CHANGELOG.md)
- [Commits](winnow-rs/winnow@v1.0.1...v1.0.2)

Updates `wit-bindgen` from 0.51.0 to 0.57.1
- [Release notes](https://github.com/bytecodealliance/wit-bindgen/releases)
- [Commits](bytecodealliance/wit-bindgen@v0.51.0...v0.57.1)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.52.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-minor
- dependency-name: bitstream-io
  dependency-version: 4.10.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: rust-minor
- dependency-name: clap
  dependency-version: 4.6.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: rust-minor
- dependency-name: clap_derive
  dependency-version: 4.6.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: rust-minor
- dependency-name: hyper-rustls
  dependency-version: 0.27.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: rust-minor
- dependency-name: portable-atomic-util
  dependency-version: 0.2.7
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: rust-minor
- dependency-name: pxfm
  dependency-version: 0.1.29
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: rust-minor
- dependency-name: rustls-webpki
  dependency-version: 0.103.13
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: rust-minor
- dependency-name: wasip2
  dependency-version: 1.0.3+wasi-0.2.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: rust-minor
- dependency-name: winnow
  dependency-version: 1.0.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: rust-minor
- dependency-name: wit-bindgen
  dependency-version: 0.57.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: rust-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Apr 22, 2026
@torokati44 torokati44 enabled auto-merge (rebase) April 22, 2026 10:03
@torokati44 torokati44 merged commit 17b8900 into main Apr 22, 2026
9 checks passed
@dependabot dependabot Bot deleted the dependabot/cargo/rust-minor-5f2118fba6 branch April 22, 2026 10:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@torokati44