build(deps): bump the patch group across 1 directory with 13 updates

[dependabot]

Bumps the patch group with 13 updates in the / directory:

Package	From	To
tracing	0.1.41	0.1.43
tracing-subscriber	0.3.20	0.3.22
axum	0.8.6	0.8.7
hyper-util	0.1.17	0.1.18
libsql	0.9.24	0.9.29
bb8	0.9.0	0.9.1
smol_str	0.3.2	0.3.4
tokio-util	0.7.16	0.7.17
reqwest	0.12.22	0.12.24
hostname	0.4.1	0.4.2
picky	7.0.0-rc.15	7.0.0-rc.20
rustls	0.23.33	0.23.35
openssl	0.10.74	0.10.75

Updates tracing from 0.1.41 to 0.1.43

Release notes

Sourced from tracing's releases.

tracing 0.1.43

Important

The previous release [0.1.42] was yanked because #3382 was a breaking change. See further details in #3424. This release contains all the changes from that version, plus a revert for the problematic part of the breaking PR.

Fixed

• Revert "make valueset macro sanitary" (#3425)

#3382: tokio-rs/tracing#3382 #3424: tokio-rs/tracing#3424 #3425: tokio-rs/tracing#3425 [0.1.42]: https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.42

tracing 0.1.42

Important

The [Span::record_all] method has been removed from the documented API. It was always unsuable via the documented API as it requried a ValueSet which has no publically documented constructors. The method remains, but should not be used outside of tracing macros.

Added

• attributes: Support constant expressions as instrument field names (#3158)
• Add record_all! macro for recording multiple values in one call (#3227)
• core: Improve code generation at trace points significantly (#3398)

Changed

• tracing-core: updated to 0.1.35 (#3414)
• tracing-attributes: updated to 0.1.31 (#3417)

Fixed

• Fix "name / parent" variant of event! (#2983)
• Remove 'r#' prefix from raw identifiers in field names (#3130)
• Fix perf regression when release_max_level_* not set (#3373)
• Use imported instead of fully qualified path (#3374)
• Make valueset macro sanitary (#3382)

Documented

• core: Add missing dyn keyword in Visit documentation code sample (#3387)

#2983: tokio-rs/tracing#2983 #3130: tokio-rs/tracing#3130 #3158: tokio-rs/tracing#3158

... (truncated)

Commits

• 64e1c8d chore: prepare tracing 0.1.43 (#3427)
• 7c44f7b tracing: revert "make valueset macro sanitary" (#3425)
• cdaf661 chore: prepare tracing-mock 0.1.0-beta.2 (#3422)
• a164fd3 chore: prepare tracing-journald 0.3.2 (#3421)
• 405397b chore: prepare tracing-appender 0.2.4 (#3420)
• a9eeed7 chore: prepare tracing-subscriber 0.3.21 (#3419)
• 5bd5505 chore: prepare tracing 0.1.42 (#3418)
• 5508623 chore: prepare tracing-attributes 0.1.31 (#3417)
• d92b4c0 chore: prepare tracing-core 0.1.35 (#3414)
• 9751b6e chore: run tracing-subscriber tests with all features (#3412)
• Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.20 to 0.3.22

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.22

Important

The previous release [0.3.21] was yanked as it depended explicitly on [tracing-0.1.42], which was yanked due to a breaking change (see #3424 for details). This release contains all the changes from the previous release, plus an update to the newer version of tracing.

Changed

• tracing: updated to 0.1.43 (#3427)

#3424: tokio-rs/tracing#3424 #3427: tokio-rs/tracing#3427 [0.3.21]: https://github.com/tokio-rs/tracing/releases/tag/tracing-subscriber-0.3.21 [tracing-0.1.42]: https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.42

tracing-subscriber 0.3.21

Fixed

• Change registry exit to decrement local span ref only (#3331)
• Make Layered propagate on_register_dispatch (#3379)

Changed

• tracing: updated to 0.1.42 (#3418)

Performance

• Remove clone_span on enter (#3289)

Documented

• Fix a few small things in the format module (#3339)
• Fix extra closing brace in layer docs (#3350)
• Fix link in FmtSpan docs (#3411)

#3289: tokio-rs/tracing#3289 #3331: tokio-rs/tracing#3331 #3339: tokio-rs/tracing#3339 #3350: tokio-rs/tracing#3350 #3379: tokio-rs/tracing#3379 #3411: tokio-rs/tracing#3411 #3418: tokio-rs/tracing#3418

Commits

• cc44064 chore: prepare tracing-subscriber 0.3.22 (#3428)
• 64e1c8d chore: prepare tracing 0.1.43 (#3427)
• 7c44f7b tracing: revert "make valueset macro sanitary" (#3425)
• cdaf661 chore: prepare tracing-mock 0.1.0-beta.2 (#3422)
• a164fd3 chore: prepare tracing-journald 0.3.2 (#3421)
• 405397b chore: prepare tracing-appender 0.2.4 (#3420)
• a9eeed7 chore: prepare tracing-subscriber 0.3.21 (#3419)
• 5bd5505 chore: prepare tracing 0.1.42 (#3418)
• 5508623 chore: prepare tracing-attributes 0.1.31 (#3417)
• d92b4c0 chore: prepare tracing-core 0.1.35 (#3414)
• Additional commits viewable in compare view

Updates axum from 0.8.6 to 0.8.7

Release notes

Sourced from axum's releases.

axum v0.8.7

• Relax implicit Send / Sync bounds on RouterAsService, RouterIntoService (#3555)
• Make it easier to visually scan for default features (#3550)
• Fix some documentation typos

#3550: tokio-rs/axum#3550 #3555: tokio-rs/axum#3555

Commits

• 4404f27 Release axum v0.8.7 and axum-extra v0.12.2
• 8f1545a Fix typo in extractors guide (#3554)
• 4fc3faa Relax implicit Send / Sync bounds (#3555)
• a05920c Make it easier to visually scan for default features (#3550)
• 6d5e6d5 Use extensions directly in from_request_parts (#3542)
• fe607e6 Fixes wording typo (#3540)
• f9ce3e5 Release axum-extra 0.12.1
• 12e1cf9 Add back package.metadata.docs.rs for axum-extra
• 914a35a Release axum-extra 0.12.0
• e20e90d Upgrade axum-extra to prost v0.14 (#3517)
• Additional commits viewable in compare view

Updates hyper-util from 0.1.17 to 0.1.18

Release notes

Sourced from hyper-util's releases.

v0.1.18

Highlights

• Fix rt::TokioTimer to support Tokio's paused time.
• Fix client::proxy::match::Matcher to parse auth without passwords.

What's Changed

• chore(ci): add a github actions workflow to preview rustdocs of a PR by @​seanmonstar in hyperium/hyper-util#229
• chore(ci): fix rustdoc preview job by @​seanmonstar in hyperium/hyper-util#231
• chore(ci): fix rustdoc preview workflow typo by @​seanmonstar in hyperium/hyper-util#232
• docs: replace auto_doc_cfg by @​seanmonstar in hyperium/hyper-util#237
• perf(client): avoid redundant memory copies of Host header by @​0x676e67 in hyperium/hyper-util#235
• chore: bump windows-registry to 0.6 by @​Vaiz in hyperium/hyper-util#236
• fix: fix msrv on windows and macos target by @​tottoto in hyperium/hyper-util#239
• chore(ci): update to actions/checkout@v5 by @​tottoto in hyperium/hyper-util#240
• fix: allow proxy env URIs without password by @​karanabe in hyperium/hyper-util#241
• fix: support fake time by @​arielb1 in hyperium/hyper-util#238

New Contributors

• @​Vaiz made their first contribution in hyperium/hyper-util#236
• @​karanabe made their first contribution in hyperium/hyper-util#241
• @​arielb1 made their first contribution in hyperium/hyper-util#238

Thanks

• @​tottoto
• @​seanmonstar

Full Changelog: hyperium/hyper-util@v0.1.17...v0.1.18

Changelog

Sourced from hyper-util's changelog.

0.1.18 (2025-11-13)

• Fix rt::TokioTimer to support Tokio's paused time.
• Fix client::proxy::match::Matcher to parse auth without passwords.

Commits

• 203c956 v0.1.18
• d91ea8e fix(rt): support fake time in legacy client and TokioTimer (#238)
• dde14d3 fix(client): Proxy Matcher to handle proxy auth without password (#241)
• b9dc3d2 chore(ci): update to actions/checkout@v5 (#240)
• d4f5706 ci: fix msrv on windows and macos target (#239)
• 3c8dbe4 chore: bump windows-registry to 0.6 (#236)
• 72bbd22 perf(client): avoid redundant memory copies of Host header (#235)
• 1c8f7c6 docs: replace auto_doc_cfg (#237)
• 66afc93 chore(ci): use auto pr ref in rustdoc-preview workflow
• faf5ca2 chore(ci): fix rustdoc preview workflow typo (#232)
• Additional commits viewable in compare view

Updates libsql from 0.9.24 to 0.9.29

Commits

• 6702c3d 0.9.29
• 571a1ce Add new Connection API to install SQLite update hooks. (#1839)
• 9c76991 Add new Connection API to install SQLite update hooks.
• 19b1c7a 0.9.28
• 8753185 libsql-sqlite3: Fix missing hasCodec argument in test2.c
• 49842d1 libsql-sqlite3: Optimize pager codec check more (#2189)
• 0555bdd libsql-sqlite3: Optimize pager codec check more
• 5379778 0.9.26
• 84146a1 libsql-sqlite3: Optimize libsql_pager_has_codec() function (#2185)
• 6d6ba1e libsql-sqlite3: Optimize libsql_pager_has_codec() function
• Additional commits viewable in compare view

Updates bb8 from 0.9.0 to 0.9.1

Commits

• 70c96d6 Bump version to 0.9.1
• 9bbb9b2 api: expose pool configuration
• d5bc7d2 api: move trivial state() getter down
• 8853b62 api: move trait impls below inherent impl
• b9e929d Inline generic bounds
• ac8de39 Add bb8-tonic to README.md
• 0cb8d94 Add completed and pending gets statistics getters
• 36f6454 Provide get_started statistic
• b34c071 redis: Support redis v1.0.0-rc.1
• 7d13fe2 redis: Fix conditional compilation of portable-atomic
• Additional commits viewable in compare view

Updates smol_str from 0.3.2 to 0.3.4

Changelog

Sourced from smol_str's changelog.

0.3.4 - 2025-10-23

• Added rust-version field to Cargo.toml

0.3.3 - 2025-10-23

• Optimise StrExt::to_ascii_lowercase_smolstr, StrExt::to_ascii_uppercase_smolstr ~2x speedup inline, ~4-22x for heap.
• Optimise StrExt::to_lowercase_smolstr, StrExt::to_uppercase_smolstr ~2x speedup inline, ~5-50x for heap.
• Optimise StrExt::replace_smolstr, StrExt::replacen_smolstr for single ascii replace, ~3x speedup inline & heap.

Commits

• 02336c5 Publish 0.3.4
• bf2e3d7 Publish 0.3.3
• 8f4deab Update changelog
• 97ef5f3 Mark replacen_1_ascii as unsafe
• 026103b Optimise replacen 1-ascii when count >= len
• 104784a Optimise replacen_smolstr for single ascii replace
• 08a9dc8 Add test from_buf_and_chars_size_hinted_heap & fix
• 22feb5f Update changelog
• 3122a9a Optimise to_{lower,upper}case_smolstr
• 81c8790 CI: Add TEST_BENCHES
• Additional commits viewable in compare view

Updates tokio-util from 0.7.16 to 0.7.17

Commits

• 454fd8c chore: prepare tokio-util v0.7.17 (#7719)
• 4421022 codec: remove unnecessary trait bounds on all Framed constructors (#7716)
• 5a709e3 io_uring: change Completable to not return io::Result (#7702)
• 5efb1c3 io: doc that AsyncWrite does not inherit from Write (#7705)
• f490029 runtime: revert "replace manual vtable definitions with Wake" (#7699)
• d25778f task: add tests for task::Builder::spawn_local (#7697)
• b8318fa task: add tests for spawn_local in panic scenarios (#7694)
• acfdb87 task: use #[tokio::test] explicitly in tests/task_builder.rs (#7698)
• d060401 sync: return TryRecvError::Disconnected from Receiver::try_recv after `Re...
• 5dacc2e task: add tests for spawn_local and spawn_local_on (#7609)
• Additional commits viewable in compare view

Updates reqwest from 0.12.22 to 0.12.24

Release notes

Sourced from reqwest's releases.

v0.12.24

Highlights

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

What's Changed

• build(deps): silence unused deps in WASM build by @​0x676e67 in seanmonstar/reqwest#2799
• perf(util): avoid extra copy when base64 encoding by @​0x676e67 in seanmonstar/reqwest#2805
• docs: fix method name in changelog entry by @​johannespfrang in seanmonstar/reqwest#2807
• chore: Align the name usage of TotalTimeout by @​Xuanwo in seanmonstar/reqwest#2657
• refactor(cookie): add CookieService by @​linyihai in seanmonstar/reqwest#2787
• Fixes typo in retry max_retries_per_request doc comment re 2813 by @​dmackinn in seanmonstar/reqwest#2824
• test(multipart): fix build failure with no-default-features by @​0x676e67 in seanmonstar/reqwest#2801
• refactor(cookie): avoid duplicate cookie insertion by @​0x676e67 in seanmonstar/reqwest#2834

New Contributors

• @​johannespfrang made their first contribution in seanmonstar/reqwest#2807
• @​dmackinn made their first contribution in seanmonstar/reqwest#2824

Full Changelog: seanmonstar/reqwest@v0.12.23...v0.12.24

v0.12.23

tl;dr

• 🇺🇩🇸 Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• 🔁 Add ClientBuilder::retries(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
• Add http3_* options to blocking::ClientBuilder.
• Fix default TCP timeout values to enabled and faster.
• Fix SOCKS proxies to default to port 1080
• (wasm) Add cache methods to RequestBuilder.

What's Changed

• Minimize package size by @​weiznich in seanmonstar/reqwest#2759
• chore(dev-dependencies): bump brotli by @​seanmonstar in seanmonstar/reqwest#2760
• upgrade hickory-dns to 0.25 by @​seanmonstar in seanmonstar/reqwest#2761
• Re-expose http3 options in blocking::clientBuilder by @​ducaale in seanmonstar/reqwest#2770
• fix(proxy): restore default port 1080 for SOCKS proxies without explicit port by @​0x676e67 in seanmonstar/reqwest#2771
• ci: use msrv-aware cargo in msrv job by @​seanmonstar in seanmonstar/reqwest#2779
• feat: add request cache option for wasm by @​Spxg in seanmonstar/reqwest#2775
• style(client): use std::task::ready! macro to simplify Poll branch match by @​0x676e67 in seanmonstar/reqwest#2781
• fix: add default tcp keepalive and user_timeout values by @​seanmonstar in seanmonstar/reqwest#2780
• feat: add unix_socket() option to client builder by @​seanmonstar in seanmonstar/reqwest#2624
• Add retry policies by @​seanmonstar in seanmonstar/reqwest#2763
• refactor: loosen retry for_host parameter bounds by @​Enduriel in seanmonstar/reqwest#2792
• feat: add dns_resolver2 that is more ergonomic and flexible by @​seanmonstar in seanmonstar/reqwest#2793
• Prepare v0.12.23 by @​seanmonstar in seanmonstar/reqwest#2795

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.12.24

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

v0.12.23

• Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• Add ClientBuilder::retry(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
• Add http3_* options to blocking::ClientBuilder.
• Fix default TCP timeout values to enabled and faster.
• Fix SOCKS proxies to default to port 1080
• (wasm) Add cache methods to RequestBuilder.

Commits

• b126ca4 v0.12.24
• 4023493 refactor: change fast_random from xorshift to siphash a counter
• fd61bc9 refactor(cookie): avoid duplicate cookie insertion (#2834)
• 0bfa526 test(multipart): fix build failure with no-default-features (#2801)
• 994b8a0 docs: typo in retry max_retries_per_request (#2824)
• da0702b refactor(cookie): de-duplicate cookie support as CookieService middleware (...
• 7ebddea chore: align internal name usage of TotalTimeout (#2657)
• b540a4e chore(readme): use correct CI status badge
• e4550c4 docs: fix method name in changelog entry (#2807)
• f4694a2 perf(util): avoid extra copy when base64 encoding (#2805)
• Additional commits viewable in compare view

Updates hostname from 0.4.1 to 0.4.2

Release notes

Sourced from hostname's releases.

0.4.2

What's Changed

• Update URLs by @​atouchet in djc/hostname#32
• Bump windows-link dependency 0.2 by @​MarijnS95 in djc/hostname#33
• Release 0.4.2 by @​MarijnS95 in djc/hostname#34
• Prepare 0.4.2 by @​djc in djc/hostname#35

Commits

• c697709 Drop unsupported mips targets
• fedf49b Add Dependabot config
• 78bd371 Use separate job for MSRV checks
• ed1ace4 Upgrade to windows-bindgen 0.65
• 5682e0c Enable codegen tests on non-Windows platforms
• fc4492a Drop explicit html_root_url
• e3687ed Remove CHANGELOG.md in favor of GitHub Releases
• ad7ef34 Update version in Cargo.lock
• ef9e3c4 Release 0.4.2
• 673020f Bump windows-link dependency 0.2
• Additional commits viewable in compare view

Updates picky from 7.0.0-rc.15 to 7.0.0-rc.20

Commits

• 628bbca chore(release): prepare for publishing (#431)
• 0fe43da fix(picky): pin leftover pre-release crypto crates (#430)
• 9829751 ci(npm): migrate publishing to OIDC authentication (#429)
• 68c0b0f refactor(picky-asn1-der): remove num-bigint-dig (#427)
• 14abf7e chore(release): prepare for publishing (#426)
• 9081890 build(deps): get rid of num-bigint-dig (#425)
• d96e761 build(deps): remove lazy_static (#424)
• 24caa6f chore(release): prepare for publishing (#420)
• abc63dd feat: support parsing certs with MLDSA public keys (#411)
• 4edf52b build(deps): bump thiserror from 1.0.69 to 2.0.17 (#409)
• Additional commits viewable in compare view

Updates rustls from 0.23.33 to 0.23.35

Commits

• 7768cd2 Bump version to 0.23.35
• 6ed925e Address nightly clippy::derivable_impls lints
• 645095f Pass through attributes for enum_builder!
• 90e28d6 fix: only add ocsp in ConfigBuilder::with_single_cert_with_ocsp if
• 4cee226 Cargo: rustls v0.23.33 -> v0.23.34
• 278391e Remove use of doc_auto_cfg
• 31ca6af Avoid use of docsrs cfg
• See full diff in compare view

Updates openssl from 0.10.74 to 0.10.75

Release notes

Sourced from openssl's releases.

openssl-v0.10.75

What's Changed

• Fix a few typos (most of them found with codespell) by @​botovq in rust-openssl/rust-openssl#2502
• Use SHA256 test variant instead of SHA1 by @​abbra in rust-openssl/rust-openssl#2504
• pin home to an older version on MSRV CI by @​alex in rust-openssl/rust-openssl#2509
• Implement set_rsa_oaep_label for AWS-LC/BoringSSL by @​goffrie in rust-openssl/rust-openssl#2508
• sys/evp: add EVP_MAC symbols by @​huwcbjones in rust-openssl/rust-openssl#2510
• CI: bump LibreSSL 4.x branches to latest releases by @​botovq in rust-openssl/rust-openssl#2513
• Fix unsound OCSP find_status handling of optional next_update field by @​alex in rust-openssl/rust-openssl#2517
• Release openssl v0.10.75 and openssl-sys v0.9.111 by @​alex in rust-openssl/rust-openssl#2518

New Contributors

• @​abbra made their first contribution in rust-openssl/rust-openssl#2504
• @​goffrie made their first contribution in rust-openssl/rust-openssl#2508

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.74...openssl-v0.10.75

Commits

• 09b90d0 Merge pull request #2518 from alex/bump-for-release
• 26533f3 Release openssl v0.10.75 and openssl-sys v0.9.111
• 395ecca Merge pull request #2517 from alex/claude/fix-ocsp-find-status-011CUqcGFNKeKJ...
• cc26867 Fix unsound OCSP find_status handling of optional next_update field
• 95aa8e8 Merge pull request #2513 from botovq/libressl-stable
• e735a32 CI: bump LibreSSL 4.x branches to latest releases
• 21ab91d Merge pull request #2510 from huwcbjones/huw/sys/evp-mac
• d9161dc sys/evp: add EVP_MAC symbols
• 3fd4bf2 Merge pull request #2508 from goffrie/oaep-label
• 52022fd Implement set_rsa_oaep_label for AWS-LC/BoringSSL
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.