Bump the cargo group across 1 directory with 2 updates

[dependabot]

Bumps the cargo group with 2 updates in the /examples/rust/actix_api directory: actix-http and rand.

Updates actix-http from 3.9.0 to 3.12.1

Release notes

Sourced from actix-http's releases.

actix-http: v3.12.1

Notice: This release contains a security fix. Users are encouraged to update to this version ASAP.

• SECURITY: Reject HTTP/1 requests with ambiguous request framing from Content-Length and Transfer-Encoding headers to prevent request smuggling.
• Encode the HTTP/1 Connection: Upgrade header in Camel-Case when camel-case header formatting is enabled.#3953
• Fix HeaderMap iterators' len() and size_hint() implementations for multi-value headers.
• Update rand dependency to 0.10.
• Update sha1 dependency to 0.11.

#3953: actix/actix-web#3953

actix-http: v3.12.0

• Minimum supported Rust version (MSRV) is now 1.88.
• Increase default HTTP/2 flow control window sizes. #3638
• Expose configuration methods to improve upload throughput. #3638
• Fix truncated body ending without error when connection closed abnormally. #3067
• Add config/method for TCP_NODELAY. #3918
• Do not compress 206 Partial Content responses. #3191
• Fix lingering sockets and client stalls when responding early to dropped chunked request payloads. #2972

#3638: actix/actix-web#3638 #3067: actix/actix-web#3067 #3918: actix/actix-web#3918 #3191: actix/actix-web#3191 #2972: actix/actix-web#2972

actix-http: v3.11.2

• Properly wake Payload receivers when feeding errors or EOF.
• Add ServiceConfigBuilder type to facilitate future configuration extensions.
• Add a configuration option to allow/disallow half closed connections in HTTP/1. This defaults to allow, reverting the change made in 3.11.1.
• Shutdown connections when HTTP Responses are written without reading full Requests.

actix-http: v3.11.1

• Prevent more hangs after client disconnects.
• More malformed WebSocket frames are now gracefully rejected.
• Using TestRequest::set_payload() now sets a Content-Length header.

actix-http: v3.11.0

• Update brotli dependency to 8.

actix-http: v3.10.0

Added

• Add header::CLEAR_SITE_DATA constant.
• Add Extensions::get_or_insert[_with]() methods.
• Implement From<Bytes> for Payload.
• Implement From<Vec<u8>> for Payload.

... (truncated)

Commits

• 0fb8945 chore(http): prepare v3.12.1 (#4029)
• 3c056bd Merge commit from fork
• e6d0991 chore(multipart,derive): prepare 0.8.0 (#4027)
• 4434a49 fix(multipart): count ignored fields towards MultipartFormConfig li… (#4026)
• be62050 fix(multipart): set cap for parser buffering (#4025)
• be4566d fix(multipart): do not parse with fixed index not to panic (#4024)
• 6d2c2f4 chore(http): upgrade sha1 to 0.11 (#4022)
• 253cd4f chore: address new advisories (#4023)
• e766ca6 chore: upgrade rand to 0.10.1 (#4021)
• d747959 build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.15 to 2.0.16 (#4018)
• Additional commits viewable in compare view

Updates rand from 0.8.5 to 0.8.6

Changelog

Sourced from rand's changelog.

[0.8.6] - 2026-04-14

This release back-ports a fix from v0.10. See also #1763.

Changes

• Deprecate feature log (#1772)

#1763: rust-random/rand#1763 #1772: rust-random/rand#1772

• Drop the experimental simd_support feature.

Commits

• 5309f25 0.8.6 (#1772): update for recent nightly rustc and backport #1764
• 1126d03 When testing rustc 1.36, use compatible dependencies.
• 143b602 Add Cargo.lock.msrv.
• 9be86f2 Fix cross build test.
• 5e0d50d Drop simd_support.
• 8ff02f0 Upgrade cache action.
• 4ad0cc3 Don't test for unsupported target architecture.
• 258e6d0 Address warning.
• 9f0e676 Mark some internal traits as potentially unused.
• 6f123c1 Workaround never constructed and never used warning.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/CommunityToolkit/Aspire/main/eng/scripts/dogfood-pr.sh | bash -s -- 1290

Or

• Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/CommunityToolkit/Aspire/main/eng/scripts/dogfood-pr.ps1) } 1290"