Bump the backend group across 1 directory with 20 updates

[dependabot]

Bumps the backend group with 20 updates in the / directory:

Package	From	To
anyhow	1.0.100	1.0.102
axum	0.8.6	0.8.8
clap	4.5.49	4.5.60
config	0.15.18	0.15.19
futures	0.3.31	0.3.32
http	1.3.1	1.4.0
hyper	1.7.0	1.8.1
mockito	1.7.0	1.7.2
openssl	0.10.74	0.10.75
postgres-types	0.2.11	0.2.12
regex	1.12.2	1.12.3
serde_json	1.0.145	1.0.149
time	0.3.44	0.3.47
tokio	1.48.0	1.49.0
tokio-postgres	0.7.15	0.7.16
tower	0.5.2	0.5.3
tower-http	0.6.6	0.6.8
tracing	0.1.41	0.1.44
tracing-subscriber	0.3.20	0.3.22
uuid	1.18.1	1.21.0

Updates anyhow from 1.0.100 to 1.0.102

Release notes

Sourced from anyhow's releases.

1.0.102

• Remove backtrace dependency (#438, #439, #440, #441, #442)

1.0.101

• Add #[inline] to anyhow::Ok helper (#437, thanks @​Ibitier)

Commits

• 5c657b3 Release 1.0.102
• e737fb6 Merge pull request #442 from dtolnay/backtrace
• 7fe62b5 Further simply backtrace conditional compilation
• c8cb5ca Merge pull request #441 from dtolnay/backtrace
• de27df7 Delete CI use of --features=backtrace
• 9b67e5d Merge pull request #440 from dtolnay/backtrace
• efdb11a Simplify std_backtrace conditional code
• b8a9a70 Merge pull request #439 from dtolnay/backtrace
• a42fc2c Remove feature = "backtrace" conditional code
• 2a2a3ce Re-word backtrace feature comment
• Additional commits viewable in compare view

Updates axum from 0.8.6 to 0.8.8

Release notes

Sourced from axum's releases.

axum v0.8.8

• Clarify documentation for Router::route_layer (#3567)

#3567: tokio-rs/axum#3567

axum v0.8.7

• Relax implicit Send / Sync bounds on RouterAsService, RouterIntoService (#3555)
• Make it easier to visually scan for default features (#3550)
• Fix some documentation typos

#3550: tokio-rs/axum#3550 #3555: tokio-rs/axum#3555

Commits

• d07863f Release axum v0.8.8 and axum-extra v0.12.3
• 287c674 axum-extra: Make typed-routing feature enable routing feature (#3514)
• f5804aa SecondElementIs: Correct a small inconsistency (#3559)
• f51f3ba axum-extra: Add trailing newline to pretty JSON response (#3526)
• 816407a Fix integer underflow in try_range_response for empty files (#3566)
• 78656eb docs: Clarify route_layer does not apply middleware to the fallback handler...
• 4404f27 Release axum v0.8.7 and axum-extra v0.12.2
• 8f1545a Fix typo in extractors guide (#3554)
• 4fc3faa Relax implicit Send / Sync bounds (#3555)
• a05920c Make it easier to visually scan for default features (#3550)
• Additional commits viewable in compare view

Updates clap from 4.5.49 to 4.5.60

Release notes

Sourced from clap's releases.

v4.5.60

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

v4.5.59

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

v4.5.58

[4.5.58] - 2026-02-11

v4.5.57

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

v4.5.56

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

v4.5.55

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

v4.5.54

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

v4.5.53

[4.5.53] - 2025-11-19

Features

... (truncated)

Changelog

Sourced from clap's changelog.

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

[4.5.58] - 2026-02-11

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

... (truncated)

Commits

• 33d24d8 chore: Release
• 9332409 docs: Update changelog
• b7adce5 Merge pull request #6166 from fabalchemy/fix-dynamic-powershell-completion
• 009bba4 fix(clap_complete): Improve powershell registration
• d89d57d chore: Release
• f18b67e docs: Update changelog
• 9d218eb Merge pull request #6165 from epage/shirt
• 126440c fix(help): Correctly calculate padding for short-only args
• 9e3c05e test(help): Show panic with short, valueless arg
• c9898d0 test(help): Verify short with value
• Additional commits viewable in compare view

Updates config from 0.15.18 to 0.15.19

Changelog

Sourced from config's changelog.

[0.15.19] - 2025-11-12

Internal

• (ron) Update to 0.12

Commits

• e7ff326 chore: Release config version 0.15.19
• cbee54c chore: Update deps (#715)
• d53e906 chore: Update deps
• b10653a docs: Update changelog
• 527de7d fix: Update to latest ron (#714)
• 6c2cfd0 fix: Update to latest ron
• 16ef680 chore(deps): Update Rust Stable to v1.91 (#712)
• 2051f62 style: Make clippy happy
• bf6e256 chore: Update dependencies (#702)
• de242e0 chore: Update dependencies
• Additional commits viewable in compare view

Updates futures from 0.3.31 to 0.3.32

Release notes

Sourced from futures's releases.

0.3.32

• Bump MSRV of utility crates to 1.71. (#2989)
• Soft-deprecate ready! macro in favor of std::task::ready! added in Rust 1.64 (#2925)
• Soft-deprecate pin_mut! macro in favor of std::pin::pin! added in Rust 1.68 (#2929)
• Add FuturesOrdered::clear (#2927)
• Add mpsc::*Receiver::recv (#2947)
• Add mpsc::*Receiver::try_recv and deprecate mpsc::*Receiver::::try_next (#2944)
• Implement FusedStream for sink::With (#2948)
• Add no_std support for shared (#2868)
• Make Mutex::new() const (#2956)
• Add #[clippy::has_significant_drop] to guards (#2967)
• Remove dependency to pin-utils (#2929)
• Remove dependency on num_cpus (#2946)
• Performance improvements (#2983)
• Documentation improvements (#2925, #2926, #2940, #2971)

Changelog

Sourced from futures's changelog.

0.3.32 - 2026-02-15

• Bump MSRV of utility crates to 1.71. (#2989)
• Soft-deprecate ready! macro in favor of std::task::ready! added in Rust 1.64 (#2925)
• Soft-deprecate pin_mut! macro in favor of std::pin::pin! added in Rust 1.68 (#2929)
• Add FuturesOrdered::clear (#2927)
• Add mpsc::*Receiver::recv (#2947)
• Add mpsc::*Receiver::try_recv and deprecate mpsc::*Receiver::::try_next (#2944)
• Implement FusedStream for sink::With (#2948)
• Add no_std support for shared (#2868)
• Make Mutex::new() const (#2956)
• Add #[clippy::has_significant_drop] to guards (#2967)
• Remove dependency to pin-utils (#2929)
• Remove dependency on num_cpus (#2946)
• Performance improvements (#2983)
• Documentation improvements (#2925, #2926, #2940, #2971)

Commits

• d9bba94 Release 0.3.32
• 151e0b9 Add comments on rust-version field in Cargo.toml
• 4aaf00c Bump MSRV of utility crates to 1.71
• a4cce12 perf: improve AtomicWaker::wake performance (#2983)
• ba9d102 Add #[clippy::has_significant_drop] to guards (#2967)
• 20396a8 Fix rustdoc::broken_intra_doc_links warning
• 815f6eb Fix documentation of BiLock::lock (#2971)
• 0f0db04 futures-util: make Mutex::new() const (#2956)
• 5d6fc5e ci: Test big-endian target (s390x Linux)
• 9f739fe Ignore dead_code lint on Fn1 trait
• Additional commits viewable in compare view

Updates http from 1.3.1 to 1.4.0

Release notes

Sourced from http's releases.

v1.4.0

Highlights

• Add StatusCode::EARLY_HINTS constant for 103 Early Hints.
• Make StatusCode::from_u16 now a const fn.
• Make Authority::from_static now a const fn.
• Make PathAndQuery::from_static now a const fn.
• MSRV increased to 1.57 (allows legible const fn panic messages).

What's Changed

• Updated Rand dependency to v0.9.1 by @​FarzadMohtasham in hyperium/http#763
• Fix compilation on latest nightly by @​akonradi-signal in hyperium/http#769
• Avoid unnecessary .expect()s for empty HeaderMap by @​akonradi-signal in hyperium/http#768
• feat: show types in Extensions debug output by @​crepererum in hyperium/http#773
• Docs: Clarify the HeaderMap documentaion by @​Sol-Ell in hyperium/http#774
• style: update format for tests by @​seanmonstar in hyperium/http#782
• Make StatusCode::from_u16 const by @​coolreader18 in hyperium/http#761
• docs: Fix typo 'an' to 'and' in http::status module documentation by @​zxzxovo in hyperium/http#784
• fix: Prevent panic in try_reserve/try_with_capacity on capacity overflow by @​AriajSarkar in hyperium/http#787
• fix: Add reserve() to Extend impl for (Option, T)) by @​AriajSarkar in hyperium/http#788
• chore: minor improvement for docs by @​claudecodering in hyperium/http#790
• chore: bump MSRV to 1.57 by @​seanmonstar in hyperium/http#793
• Add EARLY_HINTS status code by @​mdevino in hyperium/http#758
• refactor(header): use better panic message in const HeaderName and HeaderValue by @​seanmonstar in hyperium/http#797
• docs: remove unnecessary extern crate sentence by @​tottoto in hyperium/http#799
• chore(ci): update to actions/checkout@v5 by @​tottoto in hyperium/http#800
• feat(uri): make Authority/PathAndQuery::from_static const by @​WaterWhisperer in hyperium/http#786
• refactor(header): inline FNV hasher to reduce dependencies by @​seanmonstar in hyperium/http#796
• v1.4.0 by @​seanmonstar in hyperium/http#803

New Contributors

• @​FarzadMohtasham made their first contribution in hyperium/http#763
• @​akonradi-signal made their first contribution in hyperium/http#769
• @​crepererum made their first contribution in hyperium/http#773
• @​Sol-Ell made their first contribution in hyperium/http#774
• @​coolreader18 made their first contribution in hyperium/http#761
• @​zxzxovo made their first contribution in hyperium/http#784
• @​AriajSarkar made their first contribution in hyperium/http#787
• @​claudecodering made their first contribution in hyperium/http#790
• @​mdevino made their first contribution in hyperium/http#758
• @​WaterWhisperer made their first contribution in hyperium/http#786

Full Changelog: hyperium/http@v1.3.1...v1.4.0

Changelog

Sourced from http's changelog.

1.4.0 (November 24, 2025)

• Add StatusCode::EARLY_HINTS constant for 103 Early Hints.
• Make StatusCode::from_u16 now a const fn.
• Make Authority::from_static now a const fn.
• Make PathAndQuery::from_static now a const fn.
• MSRV increased to 1.57 (allows legible const fn panic messages).

Commits

• b9625d8 v1.4.0
• 50b009c refactor(header): inline FNV hasher to reduce dependencies (#796)
• b370d36 feat(uri): make Authority/PathAndQuery::from_static const (#786)
• 0d74251 chore(ci): update to actions/checkout@v5 (#800)
• a760767 docs: remove unnecessary extern crate sentence (#799)
• fb1d457 refactor(header): use better panic message in const HeaderName and HeaderValu...
• 20dbd6e feat(status): Add 103 EARLY_HINTS status code (#758)
• e7a7337 chore: bump MSRV to 1.57
• 1888e28 tests: downgrade rand back to 0.8 for now
• 918bbc3 chore: minor improvement for docs (#790)
• Additional commits viewable in compare view

Updates hyper from 1.7.0 to 1.8.1

Release notes

Sourced from hyper's releases.

v1.8.1

Bug Fixes

• http1: fix consuming extra CPU from previous change (#3977) (4492f31e)

Full Changelog: hyperium/hyper@v1.8.0...v1.8.1

v1.8.0

Highlights

Features

• rt: add Timer::now() method to allow overriding the instant returned (#3965) (5509ebe6)

Bug Fixes

• http1: fix rare missed write wakeup on connections (#3952) (2377b893)
• http2: fix internals of HTTP/2 CONNECT upgrades (#3967) (58e0e7dc, closes #3966)

Breaking Changes

While technically breaking, it's assumed you will not need to do anything or be affected.

• The HTTP/2 client connection no longer allows an executor that can not spawn itself.

  This was an oversight originally. The client connection will now include spawning a future that keeps a copy of the executor to spawn other futures. Thus, if it is !Send, it needs to spawn !Send futures. The likelihood of executors that match the previously allowed behavior should be very remote.

  There is also technically a semver break in here, which is that the Http2ClientConnExec trait no longer dyn-compatible, because it now expects to be Clone. This should not break usage of the conn builder, because it already separately had E: Clone bounds. If someone were using dyn Http2ClientConnExec, that will break. However, there is no purpose for doing so, and it is not usable otherwise, since the trait only exists to propagate bounds into hyper. Thus, the breakage should not affect anyone. (58e0e7dc)

What's Changed

• chore(ci): update to actions/checkout@v5 by @​tottoto in hyperium/hyper#3935
• refactor(ffi): specify "C" ABI explicitly in ffi_fn! macro by @​1911860538 in hyperium/hyper#3937
• Update documented default values for http1::Builder by @​Will-Low in hyperium/hyper#3938
• fix(client): port tests to in-memory socket by @​cratelyn in hyperium/hyper#3947
• feat: allow overriding the instant returned from Timer by @​arielb1 in hyperium/hyper#3965
• fix(http1): poll_loop writes when ready by @​lthiery in hyperium/hyper#3952
• test(ready_stream): replace tracing with printlns by @​seanmonstar in hyperium/hyper#3973

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.8.1 (2025-11-13)

Bug Fixes

• http1: fix consuming extra CPU from previous change (#3977) (4492f31e)

v1.8.0 (2025-11-11)

Bug Fixes

• http1: fix rare missed write wakeup on connections (#3952) (2377b893)
• http2: fix internals of HTTP/2 CONNECT upgrades (#3967) (58e0e7dc, closes #3966)

Features

• rt: add Timer::now() method to allow overriding the instant returned (#3965) (5509ebe6)

Breaking Changes

• The HTTP/2 client connection no longer allows an executor that can not spawn itself.

  This was an oversight originally. The client connection will now include spawning a future that keeps a copy of the executor to spawn other futures. Thus, if it is !Send, it needs to spawn !Send futures. The likelihood of executors that match the previously allowed behavior should be very remote.

  There is also technically a semver break in here, which is that the Http2ClientConnExec trait no longer dyn-compatible, because it now expects to be Clone. This should not break usage of the conn builder, because it already separately had E: Clone bounds. If someone were using dyn Http2ClientConnExec, that will break. However, there is no purpose for doing so, and it is not usable otherwise, since the trait only exists to propagate bounds into hyper. Thus, the breakage should not affect anyone. (58e0e7dc)

Commits

• 166c6ca v1.8.1
• 4492f31 fix(http1): fix consuming extra CPU from previous change (#3977)
• dbe6f25 v1.8.0
• 58e0e7d fix(http2): fix internals of HTTP/2 CONNECT upgrades (#3967)
• 0a37a8c test(ready_stream): replace tracing with printlns (#3973)
• 2377b89 fix(http1): fix rare missed write wakeup on connections (#3952)
• 5509ebe feat(rt): add Timer::now() method to allow overriding the instant returned ...
• f9f8f44 tests(client): port tests to in-memory socket (#3947)
• 5803a9c docs(server): update default values for http1::Builder (#3938)
• e1e1f2b refactor(ffi): specify "C" ABI explicitly in ffi_fn! macro (#3937)
• Additional commits viewable in compare view

Updates mockito from 1.7.0 to 1.7.2

Release notes

Sourced from mockito's releases.

1.7.2

• Update to reqwest 0.13 by @​tottoto in lipanski/mockito#223
• Allow returning a different status code based on a request by @​songokas in lipanski/mockito#224

1.7.1

• Add headers method to Request struct by @​gustavomedeiross in lipanski/mockito#220
• Optimize body matching by checking binary match before UTF-8 conversion by @​Abimael10 in lipanski/mockito#221
• Refactor response body by @​tottoto in lipanski/mockito#222

Commits

• 2e16acf Bump to 1.7.2
• e404bdf Update docs
• e2c1692 Merge pull request #224 from songokas/status-code-from-request
• 86596b7 Allow returning a different status code based on a request
• 4a70878 Merge pull request #223 from tottoto/update-to-reqwest-0.13
• 35fccfb Update to reqwest 0.13
• 7f00a9c Bump to 1.7.1
• dff2b36 Bump to 1.7.0
• 9f776f9 Merge pull request #222 from tottoto/refactor-response-body
• 89c0121 Refactor response body
• Additional commits viewable in compare view

Updates openssl from 0.10.74 to 0.10.75

Release notes

Sourced from openssl's releases.

openssl-v0.10.75

What's Changed

• Fix a few typos (most of them found with codespell) by @​botovq in rust-openssl/rust-openssl#2502
• Use SHA256 test variant instead of SHA1 by @​abbra in rust-openssl/rust-openssl#2504
• pin home to an older version on MSRV CI by @​alex in rust-openssl/rust-openssl#2509
• Implement set_rsa_oaep_label for AWS-LC/BoringSSL by @​goffrie in rust-openssl/rust-openssl#2508
• sys/evp: add EVP_MAC symbols by @​huwcbjones in rust-openssl/rust-openssl#2510
• CI: bump LibreSSL 4.x branches to latest releases by @​botovq in rust-openssl/rust-openssl#2513
• Fix unsound OCSP find_status handling of optional next_update field by @​alex in rust-openssl/rust-openssl#2517
• Release openssl v0.10.75 and openssl-sys v0.9.111 by @​alex in rust-openssl/rust-openssl#2518

New Contributors

• @​abbra made their first contribution in rust-openssl/rust-openssl#2504
• @​goffrie made their first contribution in rust-openssl/rust-openssl#2508

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.74...openssl-v0.10.75

Commits

• 09b90d0 Merge pull request #2518 from alex/bump-for-release
• 26533f3 Release openssl v0.10.75 and openssl-sys v0.9.111
• 395ecca Merge pull request #2517 from alex/claude/fix-ocsp-find-status-011CUqcGFNKeKJ...
• cc26867 Fix unsound OCSP find_status handling of optional next_update field
• 95aa8e8 Merge pull request #2513 from botovq/libressl-stable
• e735a32 CI: bump LibreSSL 4.x branches to latest releases
• 21ab91d Merge pull request #2510 from huwcbjones/huw/sys/evp-mac
• d9161dc sys/evp: add EVP_MAC symbols
• 3fd4bf2 Merge pull request #2508 from goffrie/oaep-label
• 52022fd Implement set_rsa_oaep_label for AWS-LC/BoringSSL
• Additional commits viewable in compare view

Updates postgres-types from 0.2.11 to 0.2.12

Release notes

Sourced from postgres-types's releases.

postgres-types v0.2.12

Added

• Added ToSql implementation for Box<T> where T: ToSql.

Commits

• b0a62a5 Release postgres-types v0.2.12
• 36f7dcd Release postgres-protocol v0.6.10
• 46ea55c chore(ci): use committed lockfile
• 167084d build: commit lockfile
• f187cc5 build(deps): upgrade whoami to v2
• ac029de Add support for scalar queries.
• c7a615c fix(postgres-protocol): increase bind parameter limit from i16::MAX to u16::MAX
• 83e0dfb build: further improve -Zminimal-versions support
• 117872c fix: broken build caused by #1145
• 18022c0 Merge pull request #1145 from splitgraph/feat/type-modifier
• Additional commits viewable in compare view

Updates regex from 1.12.2 to 1.12.3

Changelog

Sourced from regex's changelog.

1.12.3 (2025-02-03)

This release excludes some unnecessary things from the archive published to crates.io. Specifically, fuzzing data and various shell scripts are now excluded. If you run into problems, please file an issue.

Improvements:

• #1319: Switch from a Cargo exclude list to an include list, and exclude some unnecessary stuff.

Commits

• b028e4f 1.12.3
• 5e195de regex-automata-0.4.14
• a3433f6 regex-syntax-0.8.9
• 0c07fae regex-lite-0.1.9
• 6a81006 cargo: exclude development scripts and fuzzing data
• 4733e28 automata: fix onepass::DFA::try_search_slots panic when too many slots are ...
• See full diff in compare view

Updates serde_json from 1.0.145 to 1.0.149

Release notes

Sourced from serde_json's releases.

v1.0.149

• Align arbitrary_precision number strings with zmij's formatting (#1306, thanks @​b41sh)

v1.0.148

• Update zmij dependency to 1.0

v1.0.147

• Switch float-to-string algorithm from Ryū to Żmij for better f32 and f64 serialization performance (#1304)

v1.0.146

• Set fast_arithmetic=64 for riscv64 (#1305, thanks @​Xeonacid)

Commits

• 4f6dbfa Release 1.0.149
• f3df680 Touch up PR 1306
• e16730f Merge pull request #1306 from b41sh/fix-float-number-display
• eeb2bcd Align arbitrary_precision number strings with zmij’s formatting
• 8b291c4 Release 1.0.148
• 1aefe15 Update to zmij 1.0
• 62d6e8d Release 1.0.147
• fd829a6 Merge pull request #1304 from dtolnay/zmij
• e757a3d Switch from ryu -> zmij for float formatting
• 75ad7e6 Release 1.0.146
• Additional commits viewable in compare view

Updates time from 0.3.44 to 0.3.47

Release notes

Sourced from time's releases.

v0.3.47

See the changelog for details.

v0.3.46

See the changelog for details.

v0.3.45

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.47 [2026-02-05]

Security

• The possibility of a stack exhaustion denial of service attack when parsing RFC 2822 has been eliminated. Previously, it was possible to craft input that would cause unbounded recursion. Now, the depth of the recursion is tracked, causing an error to be returned if it exceeds a reasonable limit.

  This attack vector requires parsing user-provided input, with any type, using the RFC 2822 format.

Compatibility

• Attempting to format a value with a well-known format (i.e. RFC 3339, RFC 2822, or ISO 8601) will error at compile time if the type being formatted does not provide sufficient information. This would previously fail at runtime. Similarly, attempting to format a value with ISO 8601 that is only configured for parsing (i.e. Iso8601::PARSING) will error at compile time.

Added

• Builder methods for format description modifiers, eliminating the need for verbose initialization when done manually.
• date!(2026-W01-2) is now supported. Previously, a space was required between W and 01.
• [end] now has a trailing_input modifier which can either be prohibit (the default) or discard. When it is discard, all remaining input is ignored. Note that if there are components after [end], they will still attempt to be parsed, likely resulting in an error.

Changed

• More performance gains when parsing.

Fixed

• If manually formatting a value, the number of bytes written was one short for some components. This has been fixed such that the number of bytes written is always correct.
• The possibility of integer overflow when parsing an owned format description has been effectively eliminated. This would previously wrap when overflow checks were disabled. Instead of storing the depth as u8, it is stored as u32. This would require multiple gigabytes of nested input to overflow, at which point we've got other problems and trivial mitigations are available by downstream users.

0.3.46 [2026-01-23]

Added

• All possible panics are now documented for the relevant methods.
• The need to use #[serde(default)] when using custom serde formats is documented. This applies only when deserializing an Option<T>.
• Duration::nanoseconds_i128 has been made public, mirroring std::time::Duration::from_nanos_u128.

... (truncated)

Commits

• d5144cd v0.3.47 release
• f6206b0 Guard against integer overflow in release mode
• 1c63dc7 Avoid denial of service when parsing Rfc2822
• 5940df6 Add builder methods to avoid verbose construction
• 00881a4 Manually format macros everywhere
• bb723b6 Add trailing_input modifier to end
• 31c4f8e Permit W12 in date! macro
• 490a17b Mark error paths in well-known formats as cold
• 6cb1896 Optimize Rfc2822 parsing
• 6d264d5 Remove erroneous #[inline(never)] attributes
• Additional commits viewable in compare view

Updates tokio from 1.48.0 to 1.49.0

Release notes

Sourced from tokio's releases.

Tokio v1.49.0

1.49.0 (January 3rd, 2026)

Added

• net: add support for TCLASS option on IPv6 (#7781)
• runtime: stabilize runtime::id::Id (#7125)
• task: implement Extend for JoinSet (

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml