Skip to content

chore(dep): bump the deps group with 8 updates#222

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/deps-efb566d6f4
Open

chore(dep): bump the deps group with 8 updates#222
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/deps-efb566d6f4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps the deps group with 8 updates:

Package From To
tokio 1.50.0 1.52.1
clap 4.6.0 4.6.1
openssl 0.10.76 0.10.78
pyo3 0.28.2 0.28.3
rand 0.10.0 0.10.1
clap_complete 4.6.0 4.6.3
diesel 2.3.7 2.3.9
reqwest 0.13.2 0.13.3

Updates tokio from 1.50.0 to 1.52.1

Release notes

Sourced from tokio's releases.

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

  • runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

  • io: AioSource::register_borrowed for I/O safety support (#7992)
  • net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

  • runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
  • taskdump: add trace_with() for customized task dumps (#8025)
  • taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
  • fs: support io_uring in AsyncRead for File (#7907)

Changed

  • runtime: improve spawn_blocking scalability with sharded queue (#7757)
  • runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

  • runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

  • docs: fix typo in oneshot::Sender::send docs (#8026)
  • docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
  • net: add docs on ConnectionRefused errors with UDP sockets (#7870)

#7757: tokio-rs/tokio#7757 #7870: tokio-rs/tokio#7870 #7907: tokio-rs/tokio#7907 #7992: tokio-rs/tokio#7992 #8010: tokio-rs/tokio#8010 #8025: tokio-rs/tokio#8025 #8026: tokio-rs/tokio#8026 #8028: tokio-rs/tokio#8028 #8029: tokio-rs/tokio#8029

... (truncated)

Commits
  • 905c146 chore: prepare to release v1.52.1 (#8059)
  • 56aaa43 rt: revert #7757 to fix regression in spawn_blocking (#8057)
  • 57ff47a ci: update trybuild to expect output from rustc 1.95.0 (#8058)
  • 812de3e ci: bump taiki-e/cache-cargo-install-action from 1 to 3 (#8053)
  • ba82e73 ci: use Dependabot to keep github actions up to date (#8052)
  • 2e85f9d ci: replace cirrus-ci with freebsd-vm (#8041)
  • a7e1cd8 ci: update GitHub Actions workflows to use latest tool versions (#8047)
  • 5f7be0a chore: perpare 1.52.0 (#8045)
  • 36d12d2 taskdump: allow impl FnMut() in taskdumps instead of just fn() (#8040)
  • f943312 fs: support io-uring in AsyncRead for File (#7907)
  • Additional commits viewable in compare view

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Commits
  • 1420275 chore: Release
  • d2c817d docs: Update changelog
  • f88c94e Merge pull request #6341 from epage/sep
  • acbb822 fix(complete): Reduce risk of conflict with actual subcommands
  • a49fadb refactor(complete): Pull out subcommand separator
  • ddc008b Merge pull request #6332 from epage/update
  • 497dc50 chore: Update compatible dependencies
  • dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
  • 54bdaa3 chore(deps): Update j178/prek-action action to v2
  • f0d30d9 chore: Release
  • Additional commits viewable in compare view

Updates openssl from 0.10.76 to 0.10.78

Release notes

Sourced from openssl's releases.

openssl-v0.10.78

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.77...openssl-v0.10.78

openssl-v0.10.77

What's Changed

New Contributors

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.76...openssl-v0.10.77

Commits
  • a6debf5 Release openssl v0.10.78 and openssl-sys v0.9.114 (#2609)
  • 09b425e Check derive output buffer length on OpenSSL 1.1.x (#2606)
  • 826c388 Error for short out in MdCtxRef::digest_final() (#2608)
  • 1d10902 Validate callback-returned lengths in PSK and cookie trampolines (#2607)
  • 5af6895 Reject oversized length returns from password callback trampoline (#2605)
  • 718d07f fix inverted bounds assertion in AES key unwrap (#2604)
  • 53cc69d Add support for LibreSSL 4.3.x (#2603)
  • 0b41e79 Fix dangling stack pointer in custom extension add callback (#2599)
  • cbdedf8 Avoid panic for overlong OIDs (#2598)
  • 1fc51ef openssl 4 support (#2591)
  • Additional commits viewable in compare view

Updates pyo3 from 0.28.2 to 0.28.3

Release notes

Sourced from pyo3's releases.

PyO3 0.28.3

This patch contains several fixes for stability of the PyO3 0.28.x series:

  • Python::attach and Python::try_attach will no longer return before the thread initializing the interpreter has finished runnning site.py when using the auto-initialize feature.
  • Fix unsoundness in PyBytesWriter::write_vectored when targeting the Python 3.15 prerelease interpreter.
  • Fix possible deadlock in .into_pyobject() implementation for C-like #[pyclass] enums.

A couple of edge cases causing compile failures were also fixed.

Thank you to the following contributors for the improvements:

@​alex @​bschoenmaeckers @​chirizxc @​davidhewitt @​Embers-of-the-Fire @​Icxolu @​maurosilber @​ngoldbaum

Changelog

Sourced from pyo3's changelog.

[0.28.3] - 2026-04-02

Fixed

  • Fix compile error with #[pyclass(get_all)] on a type named Probe. #5837
  • Fix compile error in debug builds related to _Py_NegativeRefcount with Python < 3.12. #5847
  • Fix a race condition where Python::attach or try_attach could return before site.py had finished running. #5903
  • Fix unsoundness in PyBytesWriter::write_vectored with Python 3.15 prerelease versions. #5907
  • Fix deadlock in .into_pyobject() implementation for C-like #[pyclass] enums. #5928
Commits

Updates rand from 0.10.0 to 0.10.1

Changelog

Sourced from rand's changelog.

[0.10.1] — 2026-02-11

This release includes a fix for a soundness bug; see #1763.

Changes

  • Document panic behavior of make_rng and add #[track_caller] (#1761)
  • Deprecate feature log (#1763)

#1761: rust-random/rand#1761 #1763: rust-random/rand#1763

Commits

Updates clap_complete from 4.6.0 to 4.6.3

Release notes

Sourced from clap_complete's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Changelog

Sourced from clap_complete's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

5.0.0 - TBD

available through unstable-v5 feature flag

Breaking Changes

  • Made ArgPredicate non_exhaustive
  • (help) Change default Command::term_width to "source format"
  • (help) Change default Command::max_term_width to 100
  • (derive) Vec<Vec<T>> types are now assuming to capture occurrences
  • (derive) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

Features

  • (derive) Group values by their occurrence with Vec<Vec<T>>

[Unreleased] - ReleaseDate

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Commits
  • 7e0bcca chore: Release
  • 0f09905 docs: Update changelog
  • 9706951 Merge pull request #6353 from truffle-dev/feat-completer-arg-index
  • ac0d148 feat(complete): Index-aware ValueCompleter
  • 1565a3c test(complete): Cover indexed multi-value case
  • 48fc10a Merge pull request #6350 from stefankreutz/missing_docs
  • 7d4c353 docs: Hint at clippy's missing docs lint
  • f6a6701 chore(deps): Update Rust Stable to v1.95 (#6347)
  • ac5fda6 chore: Release
  • b73c627 docs: Update changelog
  • Additional commits viewable in compare view

Updates diesel from 2.3.7 to 2.3.9

Changelog

Sourced from diesel's changelog.

[2.3.9] 2026-04-30

  • Removed a dbg! statement from the Mysql backend that caused unwanted output
  • Fix a regression in #[derive(AsChangeset)] introduced in 2.3.8 where structs with a type or const generic parameter referenced in a field type failed to compile with error[E0425]: cannot find type 'T' in this scope. The diagnostic helper functions added to improve AsChangeset error messages now forward all generic parameters of the input struct, not only lifetimes.

[2.3.8] 2026-04-24

  • Added support for libsqlite3-sys 0.37.0
  • Raise a compile-time error when mixing aggregate and non-aggregate expressions in an ORDER BY clause without a GROUP BY clause
  • Calling .count() or .select(aggregate_expr) on a query that already has a non-aggregate .order_by() clause now raises a compile-time error instead of generating invalid SQL that would be rejected by the database at runtime (fixes #3815)
  • Added documentation for migration transaction behaviour at the crate root
  • Improved compile time error messages for #[derive(AsChangeset)]
  • Allow to use generic types in infix_operator!()
  • Fixes for several instances of unsound, unspecified or otherwise dangerous behaviour:
    • Unsound string construction in SqliteValue::read_text/FromSql<Text, Sqlite> for String
    • Invalid alignment for over aligned data in SqliteConnection::register_function for aggregate functions
    • Potential memory leaks in SqliteConnection::register_function
    • Access to padding bytes while serializing Date/time types in the Mysql backend
    • SQL Option Injection in PostgreSQL COPY FROM/TO
    • Unspecified pointer cast in Debug/Display implementation of batch INSERT statements for SQLite
    • Invalid call order of SQLite API functions in SqliteValue::read_text/FromSql<Text, Sqlite> for String/SqliteValue::read_blob()/FromSql<Binary, Sqlite> for Vec<u8>
    • Potential unsound pointer access for FromSql<Binary, _> for Vec<u8> and FromSql<Text, _> for String for third party backends (requires changes to the third party backend as well)
Commits
  • 2e7eb35 Also bump derives version
  • b3a16a3 Merge pull request #5046 from apastrana6/ap/fix-derive-as-changeset
  • 9f0a6c1 Prepare a 2.3.9 release
  • adcc896 Enable some clippy lints to prevent having dbg in a release again
  • 66760df Remove MySQL time serializer debug output
  • 58820dc Merge pull request #5036 from weiznich/prepare_2.3.8
  • 895b5ba Prepare a 2.3.8 release
  • ea008d3 Fix several UB instances
  • 64003c6 Merge pull request #5034 from ayarotsky/fix-reject-aggregate-select-with-non-...
  • 49b936e Merge pull request #5012 from ayarotsky/fix-aggregate-expressions-and-order-by
  • Additional commits viewable in compare view

Updates reqwest from 0.13.2 to 0.13.3

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(dep): bump the deps group with 8 updates
d997cd0 
Bumps the deps group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [tokio](https://github.com/tokio-rs/tokio) | `1.50.0` | `1.52.1` |
| [clap](https://github.com/clap-rs/clap) | `4.6.0` | `4.6.1` |
| [openssl](https://github.com/rust-openssl/rust-openssl) | `0.10.76` | `0.10.78` |
| [pyo3](https://github.com/pyo3/pyo3) | `0.28.2` | `0.28.3` |
| [rand](https://github.com/rust-random/rand) | `0.10.0` | `0.10.1` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.6.0` | `4.6.3` |
| [diesel](https://github.com/diesel-rs/diesel) | `2.3.7` | `2.3.9` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.13.2` | `0.13.3` |


Updates `tokio` from 1.50.0 to 1.52.1
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.50.0...tokio-1.52.1)

Updates `clap` from 4.6.0 to 4.6.1
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.6.0...clap_complete-v4.6.1)

Updates `openssl` from 0.10.76 to 0.10.78
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.76...openssl-v0.10.78)

Updates `pyo3` from 0.28.2 to 0.28.3
- [Release notes](https://github.com/pyo3/pyo3/releases)
- [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md)
- [Commits](PyO3/pyo3@v0.28.2...v0.28.3)

Updates `rand` from 0.10.0 to 0.10.1
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@0.10.0...0.10.1)

Updates `clap_complete` from 4.6.0 to 4.6.3
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.6.0...clap_complete-v4.6.3)

Updates `diesel` from 2.3.7 to 2.3.9
- [Release notes](https://github.com/diesel-rs/diesel/releases)
- [Changelog](https://github.com/diesel-rs/diesel/blob/main/CHANGELOG.md)
- [Commits](diesel-rs/diesel@v2.3.7...v2.3.9)

Updates `reqwest` from 0.13.2 to 0.13.3
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.13.2...v0.13.3)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.52.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: clap
  dependency-version: 4.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
- dependency-name: openssl
  dependency-version: 0.10.78
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
- dependency-name: pyo3
  dependency-version: 0.28.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
- dependency-name: rand
  dependency-version: 0.10.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
- dependency-name: clap_complete
  dependency-version: 4.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
- dependency-name: diesel
  dependency-version: 2.3.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
- dependency-name: reqwest
  dependency-version: 0.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants