build(deps): bump the all-dependencies group with 4 updates

[dependabot]

Bumps the all-dependencies group with 4 updates: rand, tokio, tracing-appender and zip.

Updates rand from 0.10.0 to 0.10.1

Changelog

Sourced from rand's changelog.

[0.10.1] — 2026-02-11

This release includes a fix for a soundness bug; see #1763.

Changes

• Document panic behavior of make_rng and add #[track_caller] (#1761)
• Deprecate feature log (#1763)

#1761: rust-random/rand#1761 #1763: rust-random/rand#1763

Commits

• 27ff4cb Prepare v0.10.1: deprecate feature log (#1763)
• 98d0638 make_rng: document panic and add #[track_caller] (#1761)
• 54e5eaa Fix doc error (#1758)
• 1ce4c08 Bump itoa from 1.0.17 to 1.0.18 in the all-deps group (#1756)
• ccb734b docs: fix typo in doc comment (#1754)
• 357eb7d Bump libc from 0.2.182 to 0.2.183 in the all-deps group (#1753)
• 5e77fe5 Fix trait references in documentation (#1752)
• da89185 Bump the all-deps group with 3 updates (#1751)
• 50516ff Bump the all-deps group with 2 updates (#1749)
• fd71de9 Bump the all-deps group with 2 updates (#1747)
• Additional commits viewable in compare view

Updates tokio from 1.50.0 to 1.51.1

Release notes

Sourced from tokio's releases.

Tokio v1.51.1

1.51.1 (April 8th, 2026)

Fixed

• sync: fix semaphore reopens after forget (#8021)
• net: surface errors from SO_ERROR on recv for UDP sockets on Linux (#8001)

Fixed (unstable)

• metrics: fix worker_local_schedule_count test (#8008)
• rt: do not leak fd when cancelling io_uring open operation (#7983)

#7983: tokio-rs/tokio#7983 #8001: tokio-rs/tokio#8001 #8008: tokio-rs/tokio#8008 #8021: tokio-rs/tokio#8021

Tokio v1.51.0

1.51.0 (April 3rd, 2026)

Added

• net: implement get_peer_cred on Hurd (#7989)
• runtime: add tokio::runtime::worker_index() (#7921)
• runtime: add runtime name (#7924)
• runtime: stabilize LocalRuntime (#7557)
• wasm: add wasm32-wasip2 networking support (#7933)

Changed

• runtime: steal tasks from the LIFO slot (#7431)

Fixed

• docs: do not show "Available on non-loom only." doc label (#7977)
• macros: improve overall macro hygiene (#7997)
• sync: fix notify_waiters priority in Notify (#7996)
• sync: fix panic in Chan::recv_many when called with non-empty vector on closed channel (#7991)

#7431: tokio-rs/tokio#7431 #7557: tokio-rs/tokio#7557 #7921: tokio-rs/tokio#7921 #7924: tokio-rs/tokio#7924 #7933: tokio-rs/tokio#7933 #7977: tokio-rs/tokio#7977 #7989: tokio-rs/tokio#7989 #7991: tokio-rs/tokio#7991 #7996: tokio-rs/tokio#7996 #7997: tokio-rs/tokio#7997

Commits

• 98df02d chore: prepare Tokio v1.51.1 (#8023)
• 3ea11e2 sync: fix semaphore reopens after forget (#8021)
• c791213 rt: do not leak fd when cancelling io_uring open operation (#7983)
• ad8c59a net: surface errors from SO_ERROR on recv for UDP sockets on Linux (#8001)
• 654d38b metrics: fix worker_local_schedule_count test (#8008)
• 857ba80 docs: improve contributing docs on how to specify crates dependency versions ...
• 95b9342 chore: remove path deps for tokio-macros 2.7.0 (#8007)
• 0af06b7 chore: prepare Tokio v1.51.0 (#8005)
• 01a7f1d chore: prepare tokio-macros v2.7.0 (#8004)
• eeb55c7 runtime: steal tasks from the LIFO slot (#7431)
• Additional commits viewable in compare view

Updates tracing-appender from 0.2.4 to 0.2.5

Release notes

Sourced from tracing-appender's releases.

tracing-appender 0.2.5

Added

• Add latest symlink builder option (#3447)

Fixed

• Fix RollingFileAppender broken links in docs (#3445)
• Fix parsing of date from filename when no time is incuded (#3471)

#3445: tokio-rs/tracing#3445 #3447: tokio-rs/tracing#3447 #3471: tokio-rs/tracing#3471

Commits

• 53e1490 chore: prepare tracing-appender 0.2.5 (#3522)
• 4fb9ca3 examples: add per-layer filtering example (#3488)
• df05516 docs: improve assert message to mention a possible cause of hitting cloning a...
• 72cf52a docs: recommend configuring await-holding-invalid-types lint (#3463)
• 9545be1 attributes: silence clippy lints for #[instrument] on async functions for cra...
• 3160dc1 subscriber: skip RwLock in EnvFilter span callbacks when no dynamic directive...
• 3af2e54 appender: fix parsing of date from filename when no time is incuded (#3471)
• 412986f appender: fix RollingFileAppender broken links in docs (#3445)
• bdccf4d appender: add latest symlink builder option (#3447)
• 2c80f9d subscriber: propagate on_register_dispatch for Option<Layer> and Vec<Layer> (...
• Additional commits viewable in compare view

Updates zip from 8.4.0 to 8.5.1

Release notes

Sourced from zip's releases.

v8.5.1

🚜 Refactor

• change magic finder to stack buffer (#763)
• simplify extra field parsing (#764)

v8.5.0

🐛 Bug Fixes

• remove zip64 comment and add zip64 extensible data sector (#747)

🚜 Refactor

• remove useless magic in struct (#730)
• change extra_field from Arc<Vec> to Arc<[u8]> (#741)

⚙️ Miscellaneous Tasks

• cleanup README (#758)

Changelog

Sourced from zip's changelog.

8.5.1 - 2026-04-06

🚜 Refactor

• change magic finder to stack buffer (#763)
• simplify extra field parsing (#764)

8.5.0 - 2026-04-01

🐛 Bug Fixes

• remove zip64 comment and add zip64 extensible data sector (#747)

🚜 Refactor

• remove useless magic in struct (#730)
• change extra_field from Arc<Vec> to Arc<[u8]> (#741)

⚙️ Miscellaneous Tasks

• cleanup README (#758)

Commits

• 5c0a0a2 chore: release v8.5.1 (#766)
• e1fc904 ci(deps): bump github/codeql-action from 4.32.6 to 4.35.1 (#769)
• ef6392d refactor: change magic finder to stack buffer (#763)
• f6c64ff refactor: simplify extra field parsing (#764)
• 93ea679 chore: release v8.5.0 (#762)
• fbd0d41 refactor: remove useless magic in struct (#730)
• 1043e92 refactor: change extra_field from Arc<Vec> to Arc<[u8]> (#741)
• 2eb28b6 fix: remove zip64 comment and add zip64 extensible data sector (#747)
• 5f4a644 ci(deps): bump rust-lang/crates-io-auth-action from 1.0.3 to 1.0.4 (#761)
• 6469720 ci: Add static.crates.io to allowed hosts in CodeQL workflow (#759)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions