update s3s version

[houseme]

Type of Change

• New Feature
• Bug Fix
• Documentation
• Performance Improvement
• Test/CI
• Refactor
• Other:

Related Issues

Summary of Changes

Checklist

• I have read and followed the CONTRIBUTING.md guidelines
• Passed make pre-commit
• Added/updated necessary tests
• Documentation updated (if needed)
• CI/CD passed (if applicable)

Impact

• Breaking change (compatibility)
• Requires doc/config/deployment update
• Other impact:

Additional Notes

---

Thank you for your contribution! Please ensure your PR follows the community standards (CODE_OF_CONDUCT.md) and sign the CLA if this is your first contribution.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
cargo/async-lock	3.4.2	🟢 4.5	Details Check Score Reason Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/libz-rs-sys	0.5.5	Unknown	Unknown
cargo/reqwest	0.12.28	🟢 5.4	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 6 Found 18/29 approved changesets -- score normalized to 6 Maintained 🟢 10 20 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/s3s	0.13.0-alpha	Unknown	Unknown
cargo/serde_json	1.0.146	🟢 6.4	Details Check Score Reason Maintained 🟢 8 9 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8 Code-Review ⚠️ 1 Found 5/27 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/zlib-rs	0.5.5	Unknown	Unknown

Scanned Files

• Cargo.lock

[Copilot]

Pull request overview

This PR updates the s3s library from version 0.12.0-rc.6 to 0.13.0-alpha, along with several related dependency updates.

• Updates s3s dependency to version 0.13.0-alpha from the main branch
• Updates reqwest from 0.12.26 to 0.12.28 and serde_json from 1.0.145 to 1.0.146
• Includes transitive dependency updates for async-lock, libz-rs-sys, and zlib-rs

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
Cargo.toml	Updates s3s to 0.13.0-alpha, reqwest to 0.12.28, and serde_json to 1.0.146
Cargo.lock	Reflects updated dependency versions and git commit hash for s3s (f6198bbf), along with transitive dependency updates

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.