chore(deps): bump the cargo-deps group across 1 directory with 11 updates

[dependabot]

Bumps the cargo-deps group with 11 updates in the / directory:

Package	From	To
serde_json	1.0.149	1.0.150
pin-project	1.1.11	1.1.13
http	1.4.0	1.4.2
chrono	0.4.44	0.4.45
getrandom	0.4.2	0.4.3
quote	1.0.45	1.0.46
syn	2.0.117	2.0.118
trybuild	1.0.116	1.0.117
pulldown-cmark	0.13.3	0.13.4
tokio	1.50.0	1.52.3
warp	0.4.2	0.4.3

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates pin-project from 1.1.11 to 1.1.13

Release notes

Sourced from pin-project's releases.

1.1.13

• Suppress clippy::missing_trait_methods lint in generated code.

1.1.12

• Documentation improvements.

Changelog

Sourced from pin-project's changelog.

[1.1.13] - 2026-05-13

• Suppress clippy::missing_trait_methods lint in generated code.

[1.1.12] - 2026-05-05

• Documentation improvements.

Commits

• c3b6b85 Release 1.1.13
• 61a5c74 Ignore clippy::missing_trait_methods lint in generated code
• 31f59f8 ci,tools: Update config and script
• 2855546 Release 1.1.12
• 4e66d4b ci,tools: Update config and script
• f3c7f06 Update dev-dependencies
• d1bf779 Update changelog
• eb98dd1 tests: Update lint test
• 05f3825 ci,tools: Update config and script
• 96b8d5f Fix doc/comments
• Additional commits viewable in compare view

Updates http from 1.4.0 to 1.4.2

Release notes

Sourced from http's releases.

v1.4.1

tl;dr

• Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
• Fix Extend for HeaderMap to clamp max size hint and not overflow.
• Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
• Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

What's Changed

• chore(header): fix clippy::assign_op_pattern by @​rxc-amzn in hyperium/http#806
• ci: pin itoa in msrv job by @​seanmonstar in hyperium/http#813
• Remove unnecessary explicit lifetimes by @​jplatte in hyperium/http#815
• chore(ci): update to actions/checkout@v6 by @​tottoto in hyperium/http#819
• tests: update to rand 0.10 by @​tottoto in hyperium/http#818
• refactor: Remove usage of float instruction by @​AurelienFT in hyperium/http#823
• refactor(uri): consolidate PathAndQuery::from_shared and from_static by @​seanmonstar in hyperium/http#825
• fix(uri): reject Path::from_shared/from_static if doesn't start with slash by @​seanmonstar in hyperium/http#826
• Rephrase comment by @​daalfox in hyperium/http#827
• Fix typo in request builder docs by @​vleksis in hyperium/http#831
• fix: clamp Extend size hint so HeaderMap reserve cannot overflow by @​SAY-5 in hyperium/http#833
• fix(headers): fix stacked borrows for IterMut/ValuesIterMut by @​seanmonstar in hyperium/http#837
• fix(header): use a set_len guard in IntoIter drop by @​seanmonstar in hyperium/http#838

New Contributors

• @​rxc-amzn made their first contribution in hyperium/http#806
• @​AurelienFT made their first contribution in hyperium/http#823
• @​daalfox made their first contribution in hyperium/http#827
• @​vleksis made their first contribution in hyperium/http#831
• @​SAY-5 made their first contribution in hyperium/http#833

Full Changelog: hyperium/http@v1.4.0...v1.4.1

Changelog

Sourced from http's changelog.

1.4.2 (June 8, 2026)

• Fix uri::Builder to allow "*" as the path when scheme and authority are also set, used in HTTP/2 requests.
• Fix Uri to properly reject DEL characters.

1.4.1 (May 25, 2026)

• Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
• Fix Extend for HeaderMap to clamp max size hint and not overflow.
• Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
• Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

Commits

• 82db5b8 v1.4.2
• a9cdbf8 fix(uri): reject DEL character (#842)
• df75ca3 fix(uri): allow STAR paths with scheme/auth (#843)
• ec3f8ce feat(method): impl PartialOrd + Ord (#840)
• a24c968 v1.4.1
• bc3b044 fix(header): use a set_len guard in IntoIter drop (#838)
• 1b968dc fix(header): fix stacked borrows for IterMut/ValuesIterMut (#837)
• 6e2dd42 fix: clamp Extend size hint so HeaderMap reserve cannot overflow (#833)
• 68e0abb docs: fix typo in request builder docs (#831)
• 29dd307 docs(extensions): rephrase internal comment (#827)
• Additional commits viewable in compare view

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

• fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow by @​SAY-5 in chronotope/chrono#1787
• tz_data: fix tzdata locations on Android by @​caruschalalamove in chronotope/chrono#1789

Commits

• 1703382 Prepare 0.4.45 release
• 881f9ab tz_data: fix tzdata locations on Android
• f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
• c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
• 120686c Bump codecov/codecov-action from 5 to 6
• See full diff in compare view

Updates getrandom from 0.4.2 to 0.4.3

Changelog

Sourced from getrandom's changelog.

0.4.3 - 2026-06-17

Added

• wasm64-unknown-unknown target support for wasm_js backend #848

Changed

• Drop wasip2 and wasip3 dependencies in favor of manual bindings #830

#830: rust-random/getrandom#830 #848: rust-random/getrandom#848

Commits

• 5e7cd57 Release v0.4.3 (#853)
• 1ea268a Use manual bindings for WASIp2/3 (#830)
• f7290b0 Update Cargo.lock (#852)
• 16ce801 Update Cargo.lock (#850)
• e5adfca Add wasm64-unknown-unknown support for wasm_js backend (#848)
• 626df8d Update Cargo.lock (#846)
• 4a01cb2 Update Cargo.lock (#841)
• f87bf39 Update Cargo.lock (#836)
• eadb879 ci: re-enable build job for x86_64-pc-cygwin (#832)
• d715d73 CI: Reduce the number of packages that are updated for wasip2 MSRV test (#825)
• Additional commits viewable in compare view

Updates quote from 1.0.45 to 1.0.46

Release notes

Sourced from quote's releases.

1.0.46

• Avoid repeated get_span in quote_spanned (#329, thanks @​Noratrieb)

Commits

• bc4caf2 Release 1.0.46
• dc0e304 Format with rustfmt
• 712114c Drop arrow from syntax of quote_spanned_with_expanded_span
• f93ab8a Eliminate quote_spanned_with_expanded_span_as_expr macro
• 1ff3951 Eliminate __quote_spanned macro
• 64e913a Unify quote_spanned definitions
• 2978e8b Wrap comment to 80 columns
• 7f311a0 Fix PR 329 fat arrow spacing
• 313a8a2 Remove unneeded get_span from PR 329
• 0b33821 Merge pull request #329 from Noratrieb/avoid-repeat-expand
• Additional commits viewable in compare view

Updates syn from 2.0.117 to 2.0.118

Release notes

Sourced from syn's releases.

2.0.118

• Documentation improvements

Commits

• f033ef1 Release 2.0.118
• 45f65f7 Wrap long lint attributes
• b3f9bf8 Mirror PR 1975 from readme to crate-level rustdoc
• 97dc117 Wrap PR 1975 to 80 columns
• 0085b7a Lint repr_transparent_non_zst_fields has been removed
• 9fc1c9d Update test suite to nightly-2026-06-12
• 504bcc7 Update test suite to nightly-2026-06-09
• 353d20b Update test suite to nightly-2026-06-06
• f257a16 Update test suite to nightly-2026-05-25
• b706e6e Update test suite to nightly-2026-05-13
• Additional commits viewable in compare view

Updates trybuild from 1.0.116 to 1.0.117

Release notes

Sourced from trybuild's releases.

1.0.117

• Better error message when TRYBUILD env var is wrong (#332, thanks @​tisonkun)

Commits

• 333eb00 Release 1.0.117
• 820b8a5 Merge pull request #332 from tisonkun/patch-1
• 7e9d0a6 Update actions/checkout@v6 -> v7
• 8dd2668 Better error message when TRYBUILD env var is wrong
• 0ee8f5a Raise required compiler to Rust 1.85
• 4dec71c Resolve unnecessary_map_or clippy lint
• 7d7cc4c Raise required compiler to Rust 1.82
• See full diff in compare view

Updates pulldown-cmark from 0.13.3 to 0.13.4

Release notes

Sourced from pulldown-cmark's releases.

0.13.4

Fix panic in specific cases with TightParagraph.

What's Changed

• fix: panic in parser iterator for TightParagraph in some cases by @​Martin1887 in pulldown-cmark/pulldown-cmark#1096

Full Changelog: pulldown-cmark/pulldown-cmark@v0.13.3...v0.13.4

Commits

• 38e4d08 chore: cargo update
• 9c61031 chore: bump pulldown-cmark version to 0.13.4
• 709268f Merge pull request #1096 from pulldown-cmark/fix-1095
• c1d4450 Add test case from 1097
• 6fea453 fix: panic in parser iterator for TightParagraph in some cases
• See full diff in compare view

Updates tokio from 1.50.0 to 1.52.3

Release notes

Sourced from tokio's releases.

Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

• sync: fix underflow in mpsc channel len() (#8062)
• sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• sync: require that an RwLock has max_readers != 0 (#8076)
• sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

#8062: tokio-rs/tokio#8062 #8074: tokio-rs/tokio#8074 #8075: tokio-rs/tokio#8075 #8076: tokio-rs/tokio#8076

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

• runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

... (truncated)

Commits

• d875691 chore: prepare Tokio v1.52.3 (#8130)
• e1aebb0 Merge 'tokio-1.51.3' into 'tokio-1.52.x' (#8129)
• fd63094 chore: prepare Tokio v1.51.3 (#8127)
• 8c600d0 Merge 'tokio-1.47.5' into 'tokio-1.51.x' (#8123)
• 11bfc13 chore: prepare Tokio v1.47.5 (#8122)
• f085b62 sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• 30d25cc sync: require that an RwLock has max_readers != 0 (#8076)
• 9fccf53 sync: return Empty from try_recv() when mpsc is closed with outstanding p...
• ebf61b4 sync: fix underflow in mpsc channel len() (#8062)
• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• Additional commits viewable in compare view

Updates warp from 0.4.2 to 0.4.3

Changelog

Sourced from warp's changelog.

v0.4.3 (May 4, 2026)

• Features:
  • Re-implement addr::remote() filter from v0.3.x.
  • Implement From<&'static [u8]> for Body.
  • Add reply::stream() helper.
• Fixes:
  • Fix returning error from CORS if no request-method header.

Commits

• 707866c v0.4.3
• 418393d deps: update to tokio-tungstenite 0.29 (#1155)
• d7f6fdd fix(cors): don't error out if no request-method header in OPTIONS (#1158)
• de1ccd8 feat: reexpose Info::remote_addr() in log filter (#1151)
• 468f56b Provides warp::reply::stream (#1148)
• 7e86991 feat: reimplement warp::addr::remote() filter (#1149)
• 3449d3d feat: impl From\<&'static [u8]> for Body (#1144)
• dbb0d33 deps: update to tokio-tungstenite 0.28 (#1141)
• e7e2bb8 ci: update to actions/checkout@v5 (#1145)
• eaf00ef docs: replace doc_auto_cfg config with doc_cfg (#1142)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions