chore(deps): bump the cargo-deps group across 1 directory with 12 updates

[dependabot]

Bumps the cargo-deps group with 12 updates in the / directory:

Package	From	To
quote	1.0.45	1.0.46
syn	2.0.117	2.0.118
trybuild	1.0.116	1.0.117
log	0.4.31	0.4.33
getrandom	0.4.2	0.4.3
anyhow	1.0.102	1.0.103
chrono	0.4.44	0.4.45
regex	1.12.3	1.12.4
bytes	1.11.1	1.12.0
env_logger	0.11.10	0.11.11
tower-http	0.6.11	0.7.0
uuid	1.23.2	1.23.4

Updates quote from 1.0.45 to 1.0.46

Release notes

Sourced from quote's releases.

1.0.46

• Avoid repeated get_span in quote_spanned (#329, thanks @​Noratrieb)

Commits

• bc4caf2 Release 1.0.46
• dc0e304 Format with rustfmt
• 712114c Drop arrow from syntax of quote_spanned_with_expanded_span
• f93ab8a Eliminate quote_spanned_with_expanded_span_as_expr macro
• 1ff3951 Eliminate __quote_spanned macro
• 64e913a Unify quote_spanned definitions
• 2978e8b Wrap comment to 80 columns
• 7f311a0 Fix PR 329 fat arrow spacing
• 313a8a2 Remove unneeded get_span from PR 329
• 0b33821 Merge pull request #329 from Noratrieb/avoid-repeat-expand
• Additional commits viewable in compare view

Updates syn from 2.0.117 to 2.0.118

Release notes

Sourced from syn's releases.

2.0.118

• Documentation improvements

Commits

• f033ef1 Release 2.0.118
• 45f65f7 Wrap long lint attributes
• b3f9bf8 Mirror PR 1975 from readme to crate-level rustdoc
• 97dc117 Wrap PR 1975 to 80 columns
• 0085b7a Lint repr_transparent_non_zst_fields has been removed
• 9fc1c9d Update test suite to nightly-2026-06-12
• 504bcc7 Update test suite to nightly-2026-06-09
• 353d20b Update test suite to nightly-2026-06-06
• f257a16 Update test suite to nightly-2026-05-25
• b706e6e Update test suite to nightly-2026-05-13
• Additional commits viewable in compare view

Updates trybuild from 1.0.116 to 1.0.117

Release notes

Sourced from trybuild's releases.

1.0.117

• Better error message when TRYBUILD env var is wrong (#332, thanks @​tisonkun)

Commits

• 333eb00 Release 1.0.117
• 820b8a5 Merge pull request #332 from tisonkun/patch-1
• 7e9d0a6 Update actions/checkout@v6 -> v7
• 8dd2668 Better error message when TRYBUILD env var is wrong
• 0ee8f5a Raise required compiler to Rust 1.85
• 4dec71c Resolve unnecessary_map_or clippy lint
• 7d7cc4c Raise required compiler to Rust 1.82
• See full diff in compare view

Updates log from 0.4.31 to 0.4.33

Release notes

Sourced from log's releases.

0.4.32

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729
• Prepare for 0.4.32 release by @​KodrAus in rust-lang/log#730

Full Changelog: rust-lang/log@0.4.31...0.4.32

Changelog

Sourced from log's changelog.

[0.4.33] - 2026-06-20

What's Changed

• Fixed key comparison by @​matteo-zeggiotti-ok in rust-lang/log#732

New Contributors

• @​matteo-zeggiotti-ok made their first contribution in rust-lang/log#732

Full Changelog: rust-lang/log@0.4.32...0.4.33

[0.4.32] - 2026-06-04

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729

Full Changelog: rust-lang/log@0.4.31...0.4.32

Commits

• f405739 Merge pull request #734 from rust-lang/cargo/0.4.33
• 6a24abf prepare for 0.4.33 release
• 87e0621 Merge pull request #732 from matteo-zeggiotti-ok/fix-key-comparison
• a9b5711 Review: fallback to the &str hash
• cc89cc6 Review: fixed other comparisons
• 920e7dc Review: fixed comparison on MaybeStaticStr
• 0d71d3c Fixed key comparison
• a5b5b21 Merge pull request #730 from rust-lang/cargo/0.4.32
• c8d3b12 prepare for 0.4.32 release
• ce6cd9f Merge pull request #729 from tisonkun/kv-std-support
• Additional commits viewable in compare view

Updates getrandom from 0.4.2 to 0.4.3

Changelog

Sourced from getrandom's changelog.

0.4.3 - 2026-06-17

Added

• wasm64-unknown-unknown target support for wasm_js backend #848

Changed

• Drop wasip2 and wasip3 dependencies in favor of manual bindings #830

#830: rust-random/getrandom#830 #848: rust-random/getrandom#848

Commits

• 5e7cd57 Release v0.4.3 (#853)
• 1ea268a Use manual bindings for WASIp2/3 (#830)
• f7290b0 Update Cargo.lock (#852)
• 16ce801 Update Cargo.lock (#850)
• e5adfca Add wasm64-unknown-unknown support for wasm_js backend (#848)
• 626df8d Update Cargo.lock (#846)
• 4a01cb2 Update Cargo.lock (#841)
• f87bf39 Update Cargo.lock (#836)
• eadb879 ci: re-enable build job for x86_64-pc-cygwin (#832)
• d715d73 CI: Reduce the number of packages that are updated for wasip2 MSRV test (#825)
• Additional commits viewable in compare view

Updates anyhow from 1.0.102 to 1.0.103

Release notes

Sourced from anyhow's releases.

1.0.103

• Fix Stacked Borrows violation (UB) in Error::downcast_mut (#451, #452)

Commits

• 5bdb0e2 Release 1.0.103
• e621bd3 Merge pull request #452 from dtolnay/downcast
• 6e8c000 Eliminate pointer->reference->pointer during downcast
• 67c4abd Add regression test for issue 451
• 917a169 Update actions/upload-artifact@v6 -> v7
• d9dc3fa Update actions/checkout@v6 -> v7
• 841522b Raise minimum tested compiler to rust 1.85
• See full diff in compare view

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

• fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow by @​SAY-5 in chronotope/chrono#1787
• tz_data: fix tzdata locations on Android by @​caruschalalamove in chronotope/chrono#1789

Commits

• 1703382 Prepare 0.4.45 release
• 881f9ab tz_data: fix tzdata locations on Android
• f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
• c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
• 120686c Bump codecov/codecov-action from 5 to 6
• See full diff in compare view

Updates regex from 1.12.3 to 1.12.4

Changelog

Sourced from regex's changelog.

1.12.4 (2025-06-09)

This release includes a performance optimization for compilation of regexes with very large character classes.

Improvements:

• #1308: Avoid re-canonicalizing the entire interval set when pushing new class ranges.

Commits

• 7b96fdc 1.12.4
• 7b89cf0 deps: update to regex-syntax 0.8.11
• 1401679 regex-syntax-0.8.11
• d709000 changelog: 1.12.4
• 9825c74 syntax: avoid re-canonicalizing the entire IntervalSet on push (#1308)
• a7f2ff6 docs: clarify regex-lite word boundaries
• 2c7b172 docs: clarify unsupported Anchored::Pattern searches
• 839d16b regex-syntax-0.8.10
• c4865a0 syntax: fix negation handling in HIR translation
• d8761c0 cargo: also include benches
• Additional commits viewable in compare view

Updates bytes from 1.11.1 to 1.12.0

Release notes

Sourced from bytes's releases.

Bytes v1.12.0

1.12.0 (June 18th, 2026)

Added

• Add BytesMut::extend_from_within() (#818)
• Add BytesMut::try_unsplit() (#746)

Fixed

• Fix panic in get_int if nbytes is zero (#806)

Changed

• Pass vtable data by value (#826)
• Exclude development scripts from published package (#810)

Documented

• Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)

Changelog

Sourced from bytes's changelog.

1.12.0 (June 18th, 2026)

Added

• Add BytesMut::extend_from_within() (#818)
• Add BytesMut::try_unsplit() (#746)

Fixed

• Fix panic in get_int if nbytes is zero (#806)

Changed

• Pass vtable data by value (#826)
• Exclude development scripts from published package (#810)

Documented

• Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)

Commits

• 91402ce Release bytes v1.12.0 (#831)
• 2256e6d chore: add safety comments on unsafe blocks (#827)
• 245adff Pass vtable data by value (#826)
• 00cc5ff Implement BytesMut::extend_from_within (#818)
• 5b79d31 Merge tag 'v1.11.1'
• 804ee6d Make try_unsplit method public (#746)
• fd426ca Exclude development scripts from published package (#810)
• b4ed70d Add test for copy_to_bytes() -> BytesMut avoiding clone (#809)
• 94e4291 Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capac...
• acd1e0f Fix get_int if nbytes is zero (#806)
• See full diff in compare view

Updates env_logger from 0.11.10 to 0.11.11

Release notes

Sourced from env_logger's releases.

v0.11.11

[0.11.11] - 2026-06-25

Internal

• Updated env_filter

Changelog

Sourced from env_logger's changelog.

[0.11.11] - 2026-06-25

Internal

• Updated env_filter

Commits

• b4d3f2b chore: Release
• cc2b2ef chore: Release
• 69e27d1 docs: Update changelog
• 166880d Merge pull request #411 from epage/parse
• 0a580d0 fix(filter): Remove 'parse' on no_std
• 78d8ef1 Merge pull request #404 from cagatay-y/feature/filter-no_std
• 132fe86 feat(filter): Add support for no_std environments
• 4feafa4 refactor(env_filter): Fix unreachable pub warning
• 92f8d8d Merge pull request #410 from rust-cli/renovate/crate-ci-typos-1.x
• 4e57784 chore(deps): Update pre-commit hook crate-ci/typos to v1.47.0
• Additional commits viewable in compare view

Updates tower-http from 0.6.11 to 0.7.0

Release notes

Sourced from tower-http's releases.

tower-http-0.7.0

Changes since 0.6.11

Added

• csrf: add cross-site request forgery (CSRF) protection middleware, porting the cross-origin protection scheme introduced in Go 1.25 (#699)

  use tower::ServiceBuilder;
  use tower_http::csrf::CsrfLayer;
  // Rejects cross-origin state-changing requests using Sec-Fetch-Site,
  // an Origin allow-list, and an Origin/Host fallback. No per-request
  // token state required.
  let layer = CsrfLayer::new().add_trusted_origin("https://example.com")?;
  let service = ServiceBuilder::new().layer(layer).service_fn(handler);

• timeout: add DeadlineBody for non-resetting body timeouts, applied via the new RequestBodyDeadlineLayer and ResponseBodyDeadlineLayer (#688)

  Unlike TimeoutBody, which resets its deadline on every frame, DeadlineBody caps the total time of a body transfer. A slow client trickling one byte at a time never trips an idle timeout but will trip a deadline.

  use std::time::Duration;
  use tower::ServiceBuilder;
  use tower_http::timeout::RequestBodyDeadlineLayer;
  // Abort the request body transfer after 30s total, regardless of how
  // frequently data arrives.
  let service = ServiceBuilder::new()
  .layer(RequestBodyDeadlineLayer::new(Duration::from_secs(30)))
  .service_fn(handler);

• fs: add strong ETag support to ServeDir, including If-Match and If-None-Match precondition handling per RFC 9110. 304 Not Modified responses now carry the ETag and Last-Modified validators (#691)

• fs: add a Backend trait to make ServeDir work with non-filesystem sources (e.g. embedded assets or object storage). The default TokioBackend preserves existing behavior. Use ServeDir::with_backend() to plug in custom implementations (#684)

  use tower_http::services::fs::ServeDir;
  // MyBackend implements tower_http::services::fs::Backend.
  // The default ServeDir::new() continues to use TokioBackend (local FS).
  let service = ServeDir::with_backend("assets", MyBackend::new());

• fs: add html_as_default_extension option to ServeDir, appending .html when the request path has no extension (#519)

• fs: add redirect_path_prefix option to ServeDir, prepending a prefix on trailing-slash redirects so the service can be mounted under a sub-path (#486)

• validate-request: add ValidateRequestHeaderLayer::has_header_value() to reject requests when a header does not have an expected value (#360)

• body: UnsyncBoxBody::new() constructor and From<ServeFileSystemResponseBody> conversion to avoid double-boxing when combining ServeDir responses with other body types (#537)

• limit: implement Default for limit::ResponseBody when the wrapped body also implements Default (#679)

Changed

... (truncated)

Commits

• b194fcf v0.7.0
• af828a6 feat(follow_redirect)!: preserve request extensions across redirects (#706)
• 8cb8d99 feat(ValidateRequestHeaderLayer): add has_header("...").with_value("...") fun...
• 3b56d2d feat!: Add configurable Backend trait for ServeDir, bump MSRV 1.65 (#684)
• 8508716 Add redirect_path_prefix option (#486)
• 56327b2 Add Windows drive-prefix path regression test (#705)
• 54c6db8 feat(compression)!: upgrade SizeAbove threshold from u16 to u64 (#704)
• 68cd6d8 Add DeadlineBody for non-resetting body timeouts (#688)
• fa8a98c feat(fs): add strong ETag support to ServeDir (#691)
• 36d2205 fix: Make SetMultiple*Header Clone for !Clone http bodies (#703)
• Additional commits viewable in compare view

Updates uuid from 1.23.2 to 1.23.4

Release notes

Sourced from uuid's releases.

v1.23.4

What's Changed

• Fix up name of fuzz script in readme by @​KodrAus in uuid-rs/uuid#888
• document fixes by @​frostyplanet in uuid-rs/uuid#889
• Prepare for 1.23.4 release by @​KodrAus in uuid-rs/uuid#890

New Contributors

• @​frostyplanet made their first contribution in uuid-rs/uuid#889

Full Changelog: uuid-rs/uuid@v1.23.3...v1.23.4

v1.23.3

What's Changed

• Fix up parser panic on empty input by @​KodrAus in uuid-rs/uuid#886
• Prepare for 1.23.3 release by @​KodrAus in uuid-rs/uuid#887

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3

Commits

• 3296d64 Merge pull request #890 from uuid-rs/cargo/v1.23.4
• cba53d0 prepare for 1.23.4 release
• e347af4 Merge pull request #889 from frostyplanet/main
• e9bf55c doc: Fix broken link warnings
• 5351af4 doc: Enable feature flag label for docs.rs
• 1e6a966 Merge pull request #888 from uuid-rs/KodrAus-patch-1
• c9619f6 fix up name of fuzz script in readme
• 20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
• 62232ca prepare for 1.23.3 release
• 2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
tower-http	[>= 0.4.a, < 0.5]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Size Comparison

Details

examples	master (KB)	pull request (KB)	diff (KB)	diff (%)
async_clock	99.982	99.982	0	0.000%
boids	164.761	164.756	-0.005	-0.003%
communication_child_to_parent	93.441	93.441	0	0.000%
communication_grandchild_with_grandparent	105.728	105.726	-0.002	-0.002%
communication_grandparent_to_grandchild	102.047	102.051	+0.004	+0.004%
communication_parent_to_child	90.831	90.830	-0.001	-0.001%
contexts	106.013	106.013	0	0.000%
counter	86.002	86.002	0	0.000%
counter_functional	88.017	88.018	+0.001	+0.001%
dyn_create_destroy_apps	89.888	89.890	+0.002	+0.002%
file_upload	98.588	98.587	-0.001	-0.001%
function_delayed_input	94.325	94.323	-0.002	-0.002%
function_memory_game	168.268	168.264	-0.004	-0.002%
function_router	400.137	400.351	+0.214	+0.053%
function_todomvc	164.799	164.795	-0.004	-0.002%
futures	235.746	235.746	0	0.000%
game_of_life	100.379	100.379	0	0.000%
immutable	257.006	257.701	+0.695	+0.271%
inner_html	80.490	80.490	0	0.000%
js_callback	109.514	109.510	-0.004	-0.004%
keyed_list	175.614	175.612	-0.002	-0.001%
mount_point	83.914	83.914	0	0.000%
nested_list	112.494	112.491	-0.003	-0.003%
node_refs	91.437	91.436	-0.001	-0.001%
password_strength	1768.707	1771.107	+2.400	+0.136%
portals	93.335	93.338	+0.003	+0.003%
router	366.336	366.562	+0.226	+0.062%
suspense	113.720	113.720	0	0.000%
timer	88.232	88.232	0	0.000%
timer_functional	99.092	99.089	-0.003	-0.003%
todomvc	141.784	141.784	0	0.000%
two_apps	85.896	85.896	0	0.000%
web_worker_fib	136.136	136.148	+0.013	+0.009%
web_worker_prime	186.218	186.221	+0.003	+0.002%
webgl	82.636	82.635	-0.001	-0.001%

✅ None of the examples has changed their size significantly.