chore(deps): bump the minor-and-patch group across 1 directory with 11 updates

[dependabot]

Bumps the minor-and-patch group with 11 updates in the / directory:

Package	From	To
http	1.4.0	1.4.2
regex	1.12.3	1.12.4
serde_json	1.0.149	1.0.150
log	0.4.29	0.4.32
sysinfo	0.39.1	0.39.3
tar	0.4.45	0.4.46
rustls-native-certs	0.8.3	0.8.4
tower-http	0.6.10	0.6.11
chrono	0.4.44	0.4.45
serde_with	3.20.0	3.21.0
uuid	1.23.1	1.23.3

Updates http from 1.4.0 to 1.4.2

Release notes

Sourced from http's releases.

v1.4.1

tl;dr

• Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
• Fix Extend for HeaderMap to clamp max size hint and not overflow.
• Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
• Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

What's Changed

• chore(header): fix clippy::assign_op_pattern by @​rxc-amzn in hyperium/http#806
• ci: pin itoa in msrv job by @​seanmonstar in hyperium/http#813
• Remove unnecessary explicit lifetimes by @​jplatte in hyperium/http#815
• chore(ci): update to actions/checkout@v6 by @​tottoto in hyperium/http#819
• tests: update to rand 0.10 by @​tottoto in hyperium/http#818
• refactor: Remove usage of float instruction by @​AurelienFT in hyperium/http#823
• refactor(uri): consolidate PathAndQuery::from_shared and from_static by @​seanmonstar in hyperium/http#825
• fix(uri): reject Path::from_shared/from_static if doesn't start with slash by @​seanmonstar in hyperium/http#826
• Rephrase comment by @​daalfox in hyperium/http#827
• Fix typo in request builder docs by @​vleksis in hyperium/http#831
• fix: clamp Extend size hint so HeaderMap reserve cannot overflow by @​SAY-5 in hyperium/http#833
• fix(headers): fix stacked borrows for IterMut/ValuesIterMut by @​seanmonstar in hyperium/http#837
• fix(header): use a set_len guard in IntoIter drop by @​seanmonstar in hyperium/http#838

New Contributors

• @​rxc-amzn made their first contribution in hyperium/http#806
• @​AurelienFT made their first contribution in hyperium/http#823
• @​daalfox made their first contribution in hyperium/http#827
• @​vleksis made their first contribution in hyperium/http#831
• @​SAY-5 made their first contribution in hyperium/http#833

Full Changelog: hyperium/http@v1.4.0...v1.4.1

Changelog

Sourced from http's changelog.

1.4.2 (June 8, 2026)

• Fix uri::Builder to allow "*" as the path when scheme and authority are also set, used in HTTP/2 requests.
• Fix Uri to properly reject DEL characters.

1.4.1 (May 25, 2026)

• Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
• Fix Extend for HeaderMap to clamp max size hint and not overflow.
• Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
• Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

Commits

• 82db5b8 v1.4.2
• a9cdbf8 fix(uri): reject DEL character (#842)
• df75ca3 fix(uri): allow STAR paths with scheme/auth (#843)
• ec3f8ce feat(method): impl PartialOrd + Ord (#840)
• a24c968 v1.4.1
• bc3b044 fix(header): use a set_len guard in IntoIter drop (#838)
• 1b968dc fix(header): fix stacked borrows for IterMut/ValuesIterMut (#837)
• 6e2dd42 fix: clamp Extend size hint so HeaderMap reserve cannot overflow (#833)
• 68e0abb docs: fix typo in request builder docs (#831)
• 29dd307 docs(extensions): rephrase internal comment (#827)
• Additional commits viewable in compare view

Updates regex from 1.12.3 to 1.12.4

Changelog

Sourced from regex's changelog.

1.12.4 (2025-06-09)

This release includes a performance optimization for compilation of regexes with very large character classes.

Improvements:

• #1308: Avoid re-canonicalizing the entire interval set when pushing new class ranges.

Commits

• 7b96fdc 1.12.4
• 7b89cf0 deps: update to regex-syntax 0.8.11
• 1401679 regex-syntax-0.8.11
• d709000 changelog: 1.12.4
• 9825c74 syntax: avoid re-canonicalizing the entire IntervalSet on push (#1308)
• a7f2ff6 docs: clarify regex-lite word boundaries
• 2c7b172 docs: clarify unsupported Anchored::Pattern searches
• 839d16b regex-syntax-0.8.10
• c4865a0 syntax: fix negation handling in HIR translation
• d8761c0 cargo: also include benches
• Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates log from 0.4.29 to 0.4.32

Release notes

Sourced from log's releases.

0.4.32

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729
• Prepare for 0.4.32 release by @​KodrAus in rust-lang/log#730

Full Changelog: rust-lang/log@0.4.31...0.4.32

0.4.31

What's Changed

• fix typos in kv compile errors and log documentation by @​Isvane in rust-lang/log#726
• Leverage static str key when possible by @​tisonkun in rust-lang/log#727
• Prepare for 0.4.31 release by @​KodrAus in rust-lang/log#728

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

0.4.30

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Changelog

Sourced from log's changelog.

[0.4.32] - 2026-06-04

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729

Full Changelog: rust-lang/log@0.4.31...0.4.32

[0.4.31] - 2026-06-02

What's Changed

• Leverage static str key when possible by @​tisonkun in rust-lang/log#727

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

[0.4.30] - 2026-05-21

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Commits

• a5b5b21 Merge pull request #730 from rust-lang/cargo/0.4.32
• c8d3b12 prepare for 0.4.32 release
• ce6cd9f Merge pull request #729 from tisonkun/kv-std-support
• 20b3b05 drop cfg-feature=kv as it is already met
• 7bc1200 kv::std_support may not need value-bag
• 5808392 Merge pull request #728 from rust-lang/cargo/0.4.31
• 86d739f prepare for 0.4.31 release
• c906cfb Merge pull request #727 from tisonkun/leverage-static-str-key-when-possible
• 756c279 leverage str literal as well
• 3dd250d rename Key::from_static_str to from_str_static
• Additional commits viewable in compare view

Updates sysinfo from 0.39.1 to 0.39.3

Changelog

Sourced from sysinfo's changelog.

0.39.3

• Unix: Fix retrieval of Network::mac_addr.
• Linux: Improve retrieval of process information if process terminates while doing so.

0.39.2

• Windows: Greatly improve performance of System::refresh_cpu_specifics when CPU usage is not requested.
• iOS: Fix compilation error when user feature is enabled.
• Linux: Correctly set thread information for processes.

Commits

• 3d1c52a Update crate version to 0.39.3
• cce524d Update CHANGELOG for 0.39.3 version
• 891085c Unix: Fix retrieval of Network::mac_addr
• 1f327b5 linux: prevent TOCTOU data loss when process terminates during refresh
• c43234a Update crate version to 0.39.2
• b71467e Update CHANGELOG for 0.39.2 version
• 345915a Improve code readability
• 35f3c18 Fix fmt and clippy
• 4bf1fe4 Windows: skip PDH setup when cpu_usage isn't requested (#1664)
• 2be72d7 Stub get_users on iOS via app_store::users
• Additional commits viewable in compare view

Updates tar from 0.4.45 to 0.4.46

Release notes

Sourced from tar's releases.

0.4.46

Security

• archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm) by @​cgwalters in composefs/tar-rs#454

See also GHSA-3cv2-h65g-fgmm

Other changes

• ci: Fix and re-enable reverse dependency testing by @​cgwalters in composefs/tar-rs#444
• Update astral-tokio-tar requirement from 0.5 to 0.6 by @​dependabot[bot] in composefs/tar-rs#446
• Update some links by @​atouchet in composefs/tar-rs#445
• Add support of absolute paths by @​zxvfc in composefs/tar-rs#426
• docs: Expand notes on concurrent mutations and following symlinks by @​cgwalters in composefs/tar-rs#453
• Update repo links by @​cgwalters in composefs/tar-rs#451
• ci: Add crates.io trusted publishing workflow by @​cgwalters in composefs/tar-rs#456
• Release 0.4.46 by @​cgwalters in composefs/tar-rs#455

New Contributors

• @​dependabot[bot] made their first contribution in composefs/tar-rs#446
• @​atouchet made their first contribution in composefs/tar-rs#445
• @​zxvfc made their first contribution in composefs/tar-rs#426

Full Changelog: composefs/tar-rs@0.4.45...0.4.46

Commits

• fc459c1 Release 0.4.46
• 43e05a8 ci: Add crates.io trusted publishing workflow
• bba5666 Update repo links
• cd94c46 docs: Document TOCTOU / concurrent-mutation threat model
• 1b4997c builder: Expand docs for follow_symlinks and append_dir_all
• bab14dd archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm)
• 2349b49 Add support of absolute paths
• 39d0311 Update some links
• 59d803e Update astral-tokio-tar requirement from 0.5 to 0.6
• 8296b9a ci: Fix and re-enable reverse dependency testing (#444)
• See full diff in compare view

Updates rustls-native-certs from 0.8.3 to 0.8.4

Release notes

Sourced from rustls-native-certs's releases.

0.8.4

What's Changed

• Exclude development script by @​weiznich in rustls/rustls-native-certs#216
• Update README.md with CertificateResult by @​jleffell in rustls/rustls-native-certs#225
• chore(docsrs): make docs.rs build work by @​joshuachp in rustls/rustls-native-certs#222
• Ignore empty entries in SSL_CERT_DIR by @​sliekens in rustls/rustls-native-certs#242

Commits

• 9d1f11e Bump version to 0.8.4
• a008aa1 Take semver-compatible dependency versions
• 26d43e3 Ignore empty entries in SSL_CERT_DIR
• 4d4f4de build(deps): bump serial_test from 3.4.0 to 3.5.0 in the crates-io group
• 8707835 Take semver-compatible dependency updates
• f89af49 Apply suggestions from nightly clippy
• 4ea7b7b build(deps): bump rustls from 0.23.38 to 0.23.39 in the crates-io group
• fa48b0a Take semver-compatible dependency updates
• 559fd3d build(deps): bump the crates-io group with 2 updates
• 0346ae5 Take semver-compatible dependency updates
• Additional commits viewable in compare view

Updates tower-http from 0.6.10 to 0.6.11

Release notes

Sourced from tower-http's releases.

tower-http-0.6.11

Added

• set-header: add SetMultipleResponseHeadersLayer and SetMultipleResponseHeader for setting multiple response headers at once. Supports overriding, appending, and if_not_present modes. Header values can be fixed or computed dynamically via closures (#672)

  use http::{Response, header::{self, HeaderValue}};
  use http_body::Body as _;
  use tower_http::set_header::response::SetMultipleResponseHeadersLayer;
  let layer = SetMultipleResponseHeadersLayer::overriding(vec![
  (header::X_FRAME_OPTIONS, HeaderValue::from_static("DENY")).into(),
  (header::CONTENT_LENGTH, |res: &Response<MyBody>| {
  res.body().size_hint().exact()
  .map(|size| HeaderValue::from_str(&size.to_string()).unwrap())
  }).into(),
  ]);

• set-header: add SetMultipleRequestHeadersLayer and SetMultipleRequestHeaders for setting multiple request headers at once, mirroring the response-side API (#677)

• classify: add From<i32> and From<NonZeroI32> impls for GrpcCode. Unrecognized status codes map to GrpcCode::Unknown (#506)

Changed

• compression: compress application/grpc-web responses. Previously all application/grpc* content types were excluded from compression; now only application/grpc (non-web) is excluded (#408)

Fixed

• fs: fix ServeDir returning 500 instead of 405 for non-GET/HEAD requests when call_fallback_on_method_not_allowed is enabled but no fallback service is configured (#587)
• fs: remove duplicate cfg attribute on is_reserved_dos_name (#675)

#408: tower-rs/tower-http#408 #506: tower-rs/tower-http#506 #587: tower-rs/tower-http#587 #672: tower-rs/tower-http#672 #675: tower-rs/tower-http#675 #677: tower-rs/tower-http#677

All PRs

• ci: fix flaky encoding test, add nightly stress test job by @​jlizen in tower-rs/tower-http#670

... (truncated)

Commits

• 1d082ef v0.6.11
• 9c3117d feat: set multiple request header (#677)
• 667e7c7 Remove duplicate cfg attribute for is_reserved_dos_name (#675)
• 7551a9b feat(set_header): refactor and improve multiple header middleware (#672)
• 991e9ee add From<i32> impl for GrpcCode (#506)
• 3962dba Do compress grpc-web responses (#408)
• f0b3bb6 Fix serve_dir method not allowed handling when no fallback is configured (#587)
• d1a571b ci: use static timeout in stress-test workflow (#671)
• 309555a ci: fix flaky encoding test, add nightly stress test job (#670)
• See full diff in compare view

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

• fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow by @​SAY-5 in chronotope/chrono#1787
• tz_data: fix tzdata locations on Android by @​caruschalalamove in chronotope/chrono#1789

Commits

• 1703382 Prepare 0.4.45 release
• 881f9ab tz_data: fix tzdata locations on Android
• f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
• c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
• 120686c Bump codecov/codecov-action from 5 to 6
• See full diff in compare view

Updates serde_with from 3.20.0 to 3.21.0

Release notes

Sourced from serde_with's releases.

serde_with v3.21.0

Security

• GHSA-7gcf-g7xr-8hxj: KeyValueMap serialization panics on empty sequence or map entries Bad or attacker controlled values could cause a panic while allocating too large values. Fixed in #966 by setting a maximum allocation size during the creation of collections like Vec or sets.

  Thanks to @​7thParkk for reporting the issue.

Added

• Add NoneAsZero adapter that maps Option<NonZero*> to a plain integer, encoding None as 0 by @​SAY-5 (#486)

Changed

• Re-enable link-to-definition on docs.rs (#964)

Fixed

• Fix some doc links to point to the correct types (#963)
• Re-enable unused_qualifications and fix the resulting findings by @​lms0806 (#962)

Commits

• 0f4ca67 Update changelog for 3.21.0 (#967)
• 7654841 Update changelog for 3.21.0
• c8a1d82 Protect all collection creations against capacity overflow by using `size_hin...
• 6ad5fa5 Properly feature gate the vec_with_capacity_cautious function
• ef7d141 Protect all collection creations against capacity overflow by using `size_hin...
• a348da3 Add serde_as deserialize_as explain (#958)
• 2e5bc20 Bump the github-actions group with 3 updates (#965)
• 927a3d6 Bump the github-actions group with 3 updates
• 62d14ec Enable link-to-definition on docs.rs again, after the upstream issue was reso...
• 4584d94 Enable link-to-definition on docs.rs again, after the upstream issue was reso...
• Additional commits viewable in compare view

Updates uuid from 1.23.1 to 1.23.3

Release notes

Sourced from uuid's releases.

v1.23.3

What's Changed

• Fix up parser panic on empty input by @​KodrAus in uuid-rs/uuid#886
• Prepare for 1.23.3 release by @​KodrAus in uuid-rs/uuid#887

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3

v1.23.2

What's Changed

• Improve error messages for ambiguous formats by @​KodrAus in uuid-rs/uuid#882
• Prepare for 1.23.2 release by @​KodrAus in uuid-rs/uuid#883

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

Commits

• 20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
• 62232ca prepare for 1.23.3 release
• 2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
• 2d034d4 fix some invalid indexers on error reporting
• a8b9f14 update fuzz infra and run in CI
• d119657 Merge pull request #883 from uuid-rs/cargo/v1.23.2
• 0651cfc prepare for 1.23.2 release
• e8dea0c Merge pull request #882 from uuid-rs/fix/error-msgs
• bdc429a fix up serde messages
• d4342e4 make indexes 0 based and fix up more error messages
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions