deps: bump the rust-minor group with 9 updates

[dependabot]

Bumps the rust-minor group with 9 updates:

Package	From	To
clap	4.5.60	4.6.1
clap_complete	4.5.66	4.6.5
tokio	1.50.0	1.52.3
serde_json	1.0.149	1.0.150
hyper	1.8.1	1.9.0
webbrowser	1.2.0	1.2.1
tracing-subscriber	0.3.22	0.3.23
uuid	1.22.0	1.23.1
assert_cmd	2.2.0	2.2.2

Updates clap from 4.5.60 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

[4.6.0] - 2026-03-12

Compatibility

• Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

• Update dependencies

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates clap_complete from 4.5.66 to 4.6.5

Release notes

Sourced from clap_complete's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• c8c9355 chore: Release
• af74def docs: Update changelog
• c96f222 Merge pull request #6368 from truffle-dev/fix/fish-env-escaping
• 49a05cd fix(complete): Two-pass quote fish env-completer
• e791004 test(complete): Snapshot fish env quoting cases
• 87ec1ad chore: Release
• 78f2529 docs: Update changelog
• b61f270 Merge pull request #6369 from Metbcy/fix/zsh-completion-ordering
• 74c6666 fix(complete): Keep zsh candidate order
• d142d8f Merge pull request #6360 from epage/string
• Additional commits viewable in compare view

Updates tokio from 1.50.0 to 1.52.3

Release notes

Sourced from tokio's releases.

Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

• sync: fix underflow in mpsc channel len() (#8062)
• sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• sync: require that an RwLock has max_readers != 0 (#8076)
• sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

#8062: tokio-rs/tokio#8062 #8074: tokio-rs/tokio#8074 #8075: tokio-rs/tokio#8075 #8076: tokio-rs/tokio#8076

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

• runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

... (truncated)

Commits

• d875691 chore: prepare Tokio v1.52.3 (#8130)
• e1aebb0 Merge 'tokio-1.51.3' into 'tokio-1.52.x' (#8129)
• fd63094 chore: prepare Tokio v1.51.3 (#8127)
• 8c600d0 Merge 'tokio-1.47.5' into 'tokio-1.51.x' (#8123)
• 11bfc13 chore: prepare Tokio v1.47.5 (#8122)
• f085b62 sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• 30d25cc sync: require that an RwLock has max_readers != 0 (#8076)
• 9fccf53 sync: return Empty from try_recv() when mpsc is closed with outstanding p...
• ebf61b4 sync: fix underflow in mpsc channel len() (#8062)
• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates hyper from 1.8.1 to 1.9.0

Release notes

Sourced from hyper's releases.

v1.9.0

Features

• client:
  • expose HTTP/2 current max stream count (#4026) (d51cb715)
  • add HTTP/2 max_local_error_reset_streams option (#4021) (57787459)
• error: add 'Error::is_parse_version_h2' method (393c77c7)
• http1: add UpgradeableConnection::into_parts (e21205cf)

Bug Fixes

• ffi: validate null pointers before dereferencing in request/response functions (#4038 (28e73ccd)
• http1:
  • allow keep-alive for chunked requests with trailers (#4043) (7211ec25, closes #4044)
  • use case-insensitive matching for trailer fields (#4011) (3b344cac, closes #4010)
  • use httparse config for Servers (#4002) (bcb8ec57, closes #3923)
• http2:
  • cancel sending client request body on response future drop (#4042) (5b17a69e, closes #4040)
  • non-utf8 char in Connection header may cause panic when calling to_str (#4019) (c36ca8a5)

Refactors and chores

• docs(error): add more information about is_incomplete_message by @​seanmonstar in hyperium/hyper#3978
• Run cargo-audit in CI to check for known vulnerabilities in dependencies. by @​f0rki in hyperium/hyper#3246
• refactor(http1): simplify match of Token parse error by @​seanmonstar in hyperium/hyper#3981
• refactor(http1): use saturating_sub instead of manual impl by @​seanmonstar in hyperium/hyper#3983
• refactor(http1): replace many args of Chunked::step with struct by @​seanmonstar in hyperium/hyper#3982
• docs: fix comment in put_slice() by @​coryan in hyperium/hyper#3986
• test(lib): fix unused warnings due to feature gating test imports by @​seanmonstar in hyperium/hyper#3997
• docs: improve Read trait and ReadBufCursor documentation by @​majiayu000 in hyperium/hyper#4000
• fix: use h1 parser config when parsing server req by @​0xPoe in hyperium/hyper#4002
• test(server): fix flaky disable_keep_alive_mid_request by @​seanmonstar in hyperium/hyper#4009
• chore(ci): update to actions/checkout@v6 by @​tottoto in hyperium/hyper#4005
• chore(ci): update to cargo-check-external-types 0.4.0 by @​tottoto in hyperium/hyper#4006
• update copyright year to 2026 by @​jasmyhigh in hyperium/hyper#4007
• refactor: avoid unwrap examples by @​0xPoe in hyperium/hyper#4001
• fix(http1): use case-insensitive matching for trailer fields by @​HueCodes in hyperium/hyper#4011
• chore: convert bug report template to GitHub form by @​njg7194 in hyperium/hyper#4015
• chore(ci): force toml mode in yq selecting msrv by @​seanmonstar in hyperium/hyper#4020
• fix: non-utf8 char may cause panic when calling to_str by @​cuiweixie in hyperium/hyper#4019
• feat(http2/client): add max_local_error_reset_streams option by @​ffuugoo in hyperium/hyper#4021
• chore: drop pin-utils dependency by @​tottoto in hyperium/hyper#4023
• [minor] doc: Fix HTTP/2 max concurrent stream link by @​dentiny in hyperium/hyper#4037
• fix(ffi): validate null pointers before dereferencing in request/resp… by @​DhruvaD1 in hyperium/hyper#4038
• h2: expose current max stream count by @​howardjohn in hyperium/hyper#4026
• fix(http1): allow keep-alive for chunked requests with trailers by @​wi-adam in hyperium/hyper#4043
• fix(http2): cancel pipe_task and send RST_STREAM on response future drop by @​mmishra100 in hyperium/hyper#4042
• Add APIs to allow switching an HTTP1 connection to HTTP2 if H2 preface is seen by @​pborzenkov in hyperium/hyper#3996

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.9.0 (2026-03-31)

Bug Fixes

• ffi: validate null pointers before dereferencing in request/response functions (#4038 (28e73ccd)
• http1:
  • allow keep-alive for chunked requests with trailers (#4043) (7211ec25, closes #4044)
  • use case-insensitive matching for trailer fields (#4011) (3b344cac, closes #4010)
  • use httparse config for Servers (#4002) (bcb8ec57, closes #3923)
• http2:
  • cancel sending client request body on response future drop (#4042) (5b17a69e, closes #4040)
  • non-utf8 char in Connection header may cause panic when calling to_str (#4019) (c36ca8a5)

Features

• client:
  • expose HTTP/2 current max stream count (#4026) (d51cb715)
  • add HTTP/2 max_local_error_reset_streams option (#4021) (57787459)
• error: add 'Error::is_parse_version_h2' method (393c77c7)
• http1: add UpgradeableConnection::into_parts (e21205cf)

Commits

• 0d6c7d5 v1.9.0
• e21205c feat(http1): add UpgradeableConnection::into_parts
• 393c77c feat(error): add 'Error::is_parse_version_h2' method
• 5b17a69 fix(http2): cancel sending client request body on response future drop (#4042)
• 7211ec2 fix(http1): allow keep-alive for chunked requests with trailers (#4043)
• d51cb71 feat(client): expose HTTP/2 current max stream count (#4026)
• 28e73cc fix(ffi): validate null pointers before dereferencing in request/response fun...
• e13e783 docs(client): fix HTTP/2 max concurrent stream link to spec (#4037)
• 8ba9008 chore(dependencies): drop pin-utils dependency (#4023)
• 5778745 feat(client): add HTTP/2 max_local_error_reset_streams option (#4021)
• Additional commits viewable in compare view

Updates webbrowser from 1.2.0 to 1.2.1

Release notes

Sourced from webbrowser's releases.

v1.2.1

Fixed

• Windows: work around Wine bug where AssocQueryStringW() doesn't return actual string length. See #114

Changelog

Sourced from webbrowser's changelog.

[1.2.1] - 2026-04-16

Fixed

• Windows: work around broken AssocQueryStringW() not returning actual string length. See #114

Commits

• 7e06c08 Release v1.2.1 [skip ci]
• 2909f18 Merge #114
• c3c238e Release v1.2.0 [skip ci]
• 88d8a30 fix tests after rand upgrade
• f197c25 update dev dependencies
• 109c863 fix lints
• cab5588 android: jni 0.22 update, exception checks, support any 'Context'
• d0a4f70 HACK: windows: Work around broken AssocQueryStringW() not returning actual ...
• See full diff in compare view

Updates tracing-subscriber from 0.3.22 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

• Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

Commits

• 54ede4d chore: prepare tracing-subscriber 0.3.23 (#3490)
• 37558d5 subscriber: allow ansi sanitization to be disabled (#3484)
• efc690f core: add missing const (#3449)
• 0c32367 core: Use const initializers instead of once_cell
• 9feb241 docs: add arcswap reload crate to related (#3442)
• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• See full diff in compare view

Updates uuid from 1.22.0 to 1.23.1

Release notes

Sourced from uuid's releases.

v1.23.1

What's Changed

• Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
• fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
• Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

• @​guybedford made their first contribution in uuid-rs/uuid#877
• @​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

v1.23.0

What's Changed

• feat: add support for 'hyphenated' format in the serde module by @​FrenchDilettante in uuid-rs/uuid#865
• Fix a number of bugs in time-related code by @​KodrAus in uuid-rs/uuid#872
• Reword invalid char error message by @​KodrAus in uuid-rs/uuid#873
• Impl cleanups by @​KodrAus in uuid-rs/uuid#874
• Use LazyLock to synchronize v1/v6 context initialization by @​KodrAus in uuid-rs/uuid#875
• Prepare for 1.23.0 release by @​KodrAus in uuid-rs/uuid#876

New Contributors

• @​FrenchDilettante made their first contribution in uuid-rs/uuid#865

Special thanks

@​meng-xu-cs raised a series of bugs against the timestamp logic in uuid using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better uuid library for everyone. Thanks!

Deprecations

This release includes the following deprecations:

• Context: Renamed to ContextV1
• Timestamp::from_gregorian: Renamed to Timestamp::from_gregorian_time

Change to Version::Max

Version::Max's u8 representation has changed from 0xff to 0x0f to match the value returned by Uuid::get_version_num.

Change to Uuid::get_version for the max UUID

Uuid::get_version will only return Some(Version::Max) if the UUID is actually the max UUID (all bytes are 0xff). Previously it would return Some if only the version field was 0x0f. This change matches the behaviour of the nil UUID, which only returns Some(Version::Nil) if the UUID is the nil UUID (all bytes are 0x00).

Full Changelog: uuid-rs/uuid@v1.22.0...v1.23.0

Commits

• ca0c85f Merge pull request #879 from uuid-rs/cargo/v1.23.1
• b4db015 prepare for 1.23.1 release
• 771069d Merge pull request #878 from aznashwan/fix-from-gregorian-deprecation-note
• 80994a2 fix: Timestamp::from_gregorian deprecation note
• 90c5be8 Merge pull request #877 from guybedford/remove-wasm-bindgen-msrv
• 8b8c4f4 Remove deprecated feature from wasm-bindgen dependency
• 00ab922 Merge pull request #876 from uuid-rs/cargo/v1.23.0
• 726ba45 prepare for 1.23.0 release
• 996dade Merge pull request #875 from uuid-rs/fix/context-ordering
• e140479 simplify a use stmt
• Additional commits viewable in compare view

Updates assert_cmd from 2.2.0 to 2.2.2

Changelog

Sourced from assert_cmd's changelog.

[2.2.2] - 2026-05-11

Fixes

• Ensure #[track_caller] works for better panic messages

[2.2.1] - 2026-04-17

Internal

• Dependency update

Commits

• feece89 chore: Release assert_cmd version 2.2.2
• 367cdf7 docs: Update changelog
• a98cc85 Merge pull request #289 from marcospb19/track_caller
• cd2e167 fix: .success() not reporting panic location
• 45a1c74 chore(deps): Update Prek to v0.3.13 (#293)
• f1d9b5b chore(deps): Update Prek to v0.3.12 (#292)
• 1d34bab Merge pull request #291 from epage/template
• d9a70ad style: Make clippy happy
• 4f5b5af chore: Update from _rust template
• 1e1d586 chore(renovate): Fix the tag
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.