chore(deps): bump the all-cargo group with 3 updates

[dependabot]

Bumps the all-cargo group with 3 updates: tokio, h2 and tower-http.

Updates tokio from 1.52.1 to 1.52.2

Release notes

Sourced from tokio's releases.

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Commits

• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• f82bcf3 Merge 'tokio-1.51.2' into 'tokio-1.52.x' (#8114)
• 7db9bc4 test: revert "remove churn() task from lifo_stealable" (#8114)
• 64834ec chore: prepare Tokio v1.51.2 (#8113)
• 967f571 runtime: revert "steal tasks from the LIFO slot" (#8100)
• 9271e3e Merge tokio-1.51.x (for #8101) into tokio-1.52.x (#8106)
• cd1823f Revert "Pin stable to 1.94 for tokio-1.51.x" (#8106)
• a97cf12 Merge tokio-1.47.x (commit 670a907c55c7) into tokio-1.51.x (#8105)
• bde3f20 Pin stable to 1.94 for tokio-1.51.x (#8105)
• 670a907 ci: fix CI on tokio-1.47.x (#8101)
• Additional commits viewable in compare view

Updates h2 from 0.4.13 to 0.4.14

Release notes

Sourced from h2's releases.

v0.4.14

What's Changed

• fix(stream): avoid RST before initial HEADERS on idle streams by @​DDtKey in hyperium/h2#875
• fix: filter stream initiator in recv_go_away (#885) by @​ofek-sha in hyperium/h2#886
• perf(header): optimize HeaderValue creation via zero-copy sharing by @​0x676e67 in hyperium/h2#884
• Add header_table_size to server builder by @​ArniDagur in hyperium/h2#888
• check final response in poll_informational by @​zh-jq in hyperium/h2#889
• fix: Avoid capacity leak or panic when a stream is cancelled after reserve_capacity by @​ArniDagur in hyperium/h2#893
• fix: Flow control capacity leak with padded frames by @​ArniDagur in hyperium/h2#894
• fix: Account for connection flow control on DATA after GOAWAY by @​ArniDagur in hyperium/h2#895
• fix: set_reset must notify send task (missed wakeup) by @​ArniDagur in hyperium/h2#897
• Prepare v0.4.14 by @​seanmonstar in hyperium/h2#901

New Contributors

• @​ofek-sha made their first contribution in hyperium/h2#886
• @​0x676e67 made their first contribution in hyperium/h2#884
• @​ArniDagur made their first contribution in hyperium/h2#888
• @​zh-jq made their first contribution in hyperium/h2#889

Full Changelog: hyperium/h2@v0.4.13...v0.4.14

Changelog

Sourced from h2's changelog.

0.4.14 (May 5, 2026)

• Add header_table_size() option to server builder.
• Fix leaking connection flow control of padded DATA frames when stream is reset.
• Fix leaking connection flow control when canceling a stream after reserving capacity.
• Fix leaking connection flow control when receiving a DATA frame after GOAWAY.
• Fix waking the poll_capacity when locally reseting a stream from library.
• Fix sending HEADERS on a reset stream before the RST_STREAM frame.
• Fix receiving GOAWAY to not close peer-initiated streams.
• Optimize header value decoding to copy less bytes.

Commits

• e2826c5 v0.4.14
• 30998f2 fix: set_reset must notify send task (missed wakeup) (#897)
• d9689ea fix: Account for connection flow control on DATA after GOAWAY (#895)
• 08129b2 fix: Flow control capacity leak with padded frames (#894)
• 1e68f99 fix: Avoid panic or capacity leak when a stream is cancelled after reserve_ca...
• dbc204e fix: check final response in poll_informational (#889)
• ac5cdd0 feat: add 'header_table_size()' to server builder (#888)
• 55a0d9d perf(header): optimize HeaderValue decoding via zero-copy sharing (#884)
• f5f1594 fix: filter stream initiator in recv_go_away (#886)
• 5634ddd fix: avoid RST before initial HEADERS on idle streams (#875)
• See full diff in compare view

Updates tower-http from 0.6.8 to 0.6.9

Release notes

Sourced from tower-http's releases.

tower-http-0.6.9

Added:

• on-early-drop: middleware that detects when a response future or response body is dropped before completion (#636)

  Two events get hooks: the response future being dropped before the inner service produces a response, and the response body being dropped before reaching end-of-stream.

  Install custom callbacks with OnEarlyDropLayer::builder():

  use http::Request;
  use tower_http::on_early_drop::{OnBodyDropFn, OnEarlyDropLayer};
  let layer = OnEarlyDropLayer::builder()
  .on_future_drop(|req: &Request<()>| {
  let uri = req.uri().clone();
  move || eprintln!("future dropped for {}", uri)
  })
  .on_body_drop(OnBodyDropFn::new(|req: &Request<()>| {
  let uri = req.uri().clone();
  move |parts: &http::response::Parts| {
  let status = parts.status;
  move || eprintln!("body dropped for {} status {}", uri, status)
  }
  }));

  Or route both events through a trace::OnFailure hook with EarlyDropsAsFailures. Place this layer inside a TraceLayer so the emitted events inherit the request span:

  use tower::ServiceBuilder;
  use tower_http::on_early_drop::{OnEarlyDropLayer, EarlyDropsAsFailures};
  use tower_http::trace::{DefaultOnFailure, TraceLayer};
  let stack = ServiceBuilder::new()
  .layer(TraceLayer::new_for_http())
  .layer(OnEarlyDropLayer::new(
  EarlyDropsAsFailures::new(DefaultOnFailure::default()),
  ));

• fs: make AsyncReadBody::with_capacity public (#415)

Changed:

... (truncated)

Commits

• eab7cbf v0.6.9
• 9c64770 feat(on-early-drop): Add middleware for client early drop detection (#636)
• 67786ff ci: Remove unnecessary protoc setup (#665)
• e442e2b examples: Use axum::body::to_bytes (#650)
• 218fe6b Make AsyncReadBody::with_capacity public (#415)
• ffd4d7c trace: adds back call to classify_eos on trailers (#483)
• c983e4f chore: remove implicit tokio feature (#628)
• d15a21b enable clippy for tower-http and fix current issues (#407)
• 91bdd3b Check for reserved DOS names (#663)
• 0d608fd Fix clippy warnings (#659)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions