Skip to content

chore(deps): bump the all-cargo group across 1 directory with 6 updates#35

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/all-cargo-e72b10108d
Open

chore(deps): bump the all-cargo group across 1 directory with 6 updates#35
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/all-cargo-e72b10108d

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Bumps the all-cargo group with 5 updates in the / directory:

Package From To
tokio 1.52.1 1.52.2
jsonwebtoken 9.3.1 10.3.0
sha2 0.10.9 0.11.0
serde_with 3.18.0 3.19.0
tower-http 0.6.8 0.6.10

Updates tokio from 1.52.1 to 1.52.2

Release notes

Sourced from tokio's releases.

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Commits

Updates jsonwebtoken from 9.3.1 to 10.3.0

Changelog

Sourced from jsonwebtoken's changelog.

10.3.0 (2026-01-27)

  • Export everything needed to define your own CryptoProvider
  • Fix type confusion with exp/nbf when not required

10.2.0 (2025-11-06)

  • Remove Clone bound from decode functions

10.1.0 (2025-10-18)

  • add dangerous::insecure_decode
  • Implement TryFrom &Jwk for DecodingKey

10.0.0 (2025-09-29)

  • BREAKING: now using traits for crypto backends, you have to choose between aws_lc_rs and rust_crypto
  • Add Clone bound to decode
  • Support decoding byte slices
  • Support JWS
Commits

Updates sha2 from 0.10.9 to 0.11.0

Commits

Updates serde_with from 3.18.0 to 3.19.0

Release notes

Sourced from serde_with's releases.

serde_with v3.19.0

Added

  • Add support for hashbrown v0.17 (#940)

    This extends the existing support for hashbrown to the newly released version.

Commits
  • b4cbda0 Bump version to 3.19.0. (#942)
  • 727de67 Bump version to 3.19.0.
  • 2d4f83d Add support for hashbrown 0.17.0 (#941)
  • 79262f4 Add support for hashbrown 0.17.0
  • 6e286a3 Bump the github-actions group with 2 updates (#937)
  • 1bdf8a2 Bump the github-actions group with 2 updates
  • 1e9f316 Bump rust-lang/crates-io-auth-action from 1.0.3 to 1.0.4 in the github-action...
  • f7aaca9 Bump rust-lang/crates-io-auth-action in the github-actions group
  • 652dc89 Autofix GitHub Actions issue found by zizmor (#934)
  • d884e01 Update pre-commit configuration (#933)
  • Additional commits viewable in compare view

Updates serde_with_macros from 3.18.0 to 3.19.0

Release notes

Sourced from serde_with_macros's releases.

serde_with v3.19.0

Added

  • Add support for hashbrown v0.17 (#940)

    This extends the existing support for hashbrown to the newly released version.

Commits
  • b4cbda0 Bump version to 3.19.0. (#942)
  • 727de67 Bump version to 3.19.0.
  • 2d4f83d Add support for hashbrown 0.17.0 (#941)
  • 79262f4 Add support for hashbrown 0.17.0
  • 6e286a3 Bump the github-actions group with 2 updates (#937)
  • 1bdf8a2 Bump the github-actions group with 2 updates
  • 1e9f316 Bump rust-lang/crates-io-auth-action from 1.0.3 to 1.0.4 in the github-action...
  • f7aaca9 Bump rust-lang/crates-io-auth-action in the github-actions group
  • 652dc89 Autofix GitHub Actions issue found by zizmor (#934)
  • d884e01 Update pre-commit configuration (#933)
  • Additional commits viewable in compare view

Updates tower-http from 0.6.8 to 0.6.10

Release notes

Sourced from tower-http's releases.

tower-http-0.6.10

Added

  • follow-redirect: expose Attempt::method() and Attempt::previous_method() so redirect policies can react to method changes across redirects (e.g. POST to GET on 301/303) (#559)

Fixed

  • Restore tokio and async-compression as no-op features. These will be removed next breaking release (#667)

#559: tower-rs/tower-http#559 #667: tower-rs/tower-http#667

What's Changed

New Contributors

Full Changelog: tower-rs/tower-http@tower-http-0.6.9...tower-http-0.6.10

tower-http-0.6.9

Added:

  • on-early-drop: middleware that detects when a response future or response body is dropped before completion (#636)

    Two events get hooks: the response future being dropped before the inner service produces a response, and the response body being dropped before reaching end-of-stream.

    Install custom callbacks with OnEarlyDropLayer::builder():

    use http::Request;
use tower_http::on_early_drop::{OnBodyDropFn, OnEarlyDropLayer};
let layer = OnEarlyDropLayer::builder()
.on_future_drop(|req: &Request<()>| {
let uri = req.uri().clone();
move || eprintln!("future dropped for {}", uri)
})
.on_body_drop(OnBodyDropFn::new(|req: &Request<()>| {

... (truncated)

Commits
  • 4532fc2 v0.6.10
  • 8508cb2 follow_redirect: expose previous and next request methods (#559)
  • 890f66a fix gate-ing of atomic64 in tests (#607)
  • 578c2b2 fix: restore tokio and async-compression as no-op features (#667)
  • eab7cbf v0.6.9
  • 9c64770 feat(on-early-drop): Add middleware for client early drop detection (#636)
  • 67786ff ci: Remove unnecessary protoc setup (#665)
  • e442e2b examples: Use axum::body::to_bytes (#650)
  • 218fe6b Make AsyncReadBody::with_capacity public (#415)
  • ffd4d7c trace: adds back call to classify_eos on trailers (#483)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the all-cargo group across 1 directory with 6 updates
e725b8b 
Bumps the all-cargo group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [tokio](https://github.com/tokio-rs/tokio) | `1.52.1` | `1.52.2` |
| [jsonwebtoken](https://github.com/Keats/jsonwebtoken) | `9.3.1` | `10.3.0` |
| [sha2](https://github.com/RustCrypto/hashes) | `0.10.9` | `0.11.0` |
| [serde_with](https://github.com/jonasbb/serde_with) | `3.18.0` | `3.19.0` |
| [tower-http](https://github.com/tower-rs/tower-http) | `0.6.8` | `0.6.10` |



Updates `tokio` from 1.52.1 to 1.52.2
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.52.1...tokio-1.52.2)

Updates `jsonwebtoken` from 9.3.1 to 10.3.0
- [Changelog](https://github.com/Keats/jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](Keats/jsonwebtoken@v9.3.1...v10.3.0)

Updates `sha2` from 0.10.9 to 0.11.0
- [Commits](RustCrypto/hashes@sha2-v0.10.9...sha2-v0.11.0)

Updates `serde_with` from 3.18.0 to 3.19.0
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](jonasbb/serde_with@v3.18.0...v3.19.0)

Updates `serde_with_macros` from 3.18.0 to 3.19.0
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](jonasbb/serde_with@v3.18.0...v3.19.0)

Updates `tower-http` from 0.6.8 to 0.6.10
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](tower-rs/tower-http@tower-http-0.6.8...tower-http-0.6.10)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.52.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-cargo
- dependency-name: jsonwebtoken
  dependency-version: 10.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-cargo
- dependency-name: sha2
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-cargo
- dependency-name: serde_with
  dependency-version: 3.19.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: all-cargo
- dependency-name: serde_with_macros
  dependency-version: 3.19.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: all-cargo
- dependency-name: tower-http
  dependency-version: 0.6.10
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: all-cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants