build(deps): bump the cargo group across 1 directory with 11 updates

[dependabot]

Bumps the cargo group with 11 updates in the / directory:

Package	From	To
clap	4.4.7	4.5.50
color-eyre	0.6.2	0.6.5
const-hex	1.10.0	1.15.0
indicatif	0.17.7	0.18.1
reqwest	0.11.22	0.12.4
serde	1.0.190	1.0.193
serde-xml-rs	0.6.0	0.8.1
serde_yaml	0.9.27	0.9.34+deprecated
sha2	0.10.8	0.10.9
thiserror	1.0.50	2.0.17
tokio	1.33.0	1.48.0

Updates clap from 4.4.7 to 4.5.50

Release notes

Sourced from clap's releases.

v4.5.50

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

v4.5.48

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

v4.5.47

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

v4.5.46

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

v4.5.45

[4.5.45] - 2025-08-12

Fixes

• (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

v4.5.44

[4.5.44] - 2025-08-11

Features

• Add Command::mut_subcommands

... (truncated)

Changelog

Sourced from clap's changelog.

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

[4.5.49] - 2025-10-13

Fixes

• (help) Correctly wrap when ANSI escape codes are present

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

[4.5.45] - 2025-08-12

Fixes

• (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

[4.5.44] - 2025-08-11

Features

• Add Command::mut_subcommands

... (truncated)

Commits

• d8acd47 chore: Release
• 7c2b8d9 docs: Update changelog
• e69a2ea Merge pull request #5987 from mernen/fix-bash-comp-words-loop
• e03cc2e Merge pull request #5988 from cordx56/fix-builder-custom-version-docs
• 5ab2579 fix: Minor fix for builder docs about version
• 2f66432 fix(complete): Only parse arguments before current
• 4d9d210 test(complete): Illustrate current behavior in Bash
• 6abe2f8 chore: Release
• d5c7454 docs: Update changelog
• 5b2e960 Merge pull request #5985 from mernen/bash-cur
• Additional commits viewable in compare view

Updates color-eyre from 0.6.2 to 0.6.5

Commits

• f110d78 Bump color-eyre to 0.6.5, color-spantrace to 0.3.0
• 6534ecd Undo eyre version bump (DO NOT PUBLISH EYRE)
• 9f35b8c Exclude images from published crate (#239)
• 6e9ced8 re-bump eyre version
• 97c8469 Undo eyre version bump
• 067cf05 Bump color-eyre to 0.6.4 (#229)
• 9943e52 Update PyO3, clippy fixes (#228)
• a48e365 Bump color-eyre to 0.6.4
• b14c715 Merge branch 'clippy' into pyo3
• 4f70655 Update pyo3
• Additional commits viewable in compare view

Updates const-hex from 1.10.0 to 1.15.0

Commits

• edc0834 chore: Release const-hex version 1.15.0
• cd00642 Implement AsRef<str> for Buffer (#28)
• 1e33670 feat: display (#27)
• a42bce0 chore: update codspeed
• f332861 perf: improve x86 encode (#22)
• 63021c2 chore: switch benches to divan, add codspeed (#23)
• 78cd209 chore: update .gitignore
• 3c08e80 chore: enable devcontainer (#21)
• 056454c chore: Release const-hex version 1.14.1
• 128c82f fix: refine feature flag conditions to support riscv32im-unknown-none-elf (#20)
• Additional commits viewable in compare view

Updates indicatif from 0.17.7 to 0.18.1

Release notes

Sourced from indicatif's releases.

0.18.1

What's Changed

• Do not render "current" char if no "current" char is configured by @​Finomnis in console-rs/indicatif#719
• Update vt100 requirement from 0.15.1 to 0.16.1 by @​dependabot[bot] in console-rs/indicatif#723
• Bump MSRV to 1.71 with versioned lockfile by @​djc in console-rs/indicatif#735
• Fix wide_bar width computation with a multiline message by @​glehmann in console-rs/indicatif#738

0.18.0

Unfortunately 0.17.12 had to be yanked because the console upgrade was a semver-incompatible change. Rerelease as 0.18.0 instead.

What's Changed

• Bump version to 0.18.0 by @​djc in console-rs/indicatif#715

0.17.12

What's Changed

• Add ProgressBar::force_draw by @​jaheba in console-rs/indicatif#689
• Use width to truncate HumanFloatCount values by @​ReagentX in console-rs/indicatif#696
• ProgressStyle enable/disable colors based on draw target by @​tonywu6 in console-rs/indicatif#699
• Switch dep number_prefix to unit_prefix by @​kimono-koans in console-rs/indicatif#709
• draw_target: inline the format arg to silence clippy by @​chris-laplante in console-rs/indicatif#711
• Upgrade to console 0.16 by @​djc in console-rs/indicatif#712

0.17.11

What's Changed

• Change OnceCell to OnceLock in TabExpandedString by @​tgross35 in console-rs/indicatif#694

0.17.10

What's Changed

With some great performance improvements from @​jaheba.

• Fix bar-less text output by @​spoutn1k in console-rs/indicatif#659
• add tracing-indicatif create to integration list by @​emersonford in console-rs/indicatif#673
• Fix double prints by @​spoutn1k in console-rs/indicatif#671
• Only get draw_target-width when we actually draw by @​jaheba in console-rs/indicatif#683
• Make tab extension lazy by @​jaheba in console-rs/indicatif#684
• Make ProgressBar:set_tab_with take &self by @​jaheba in console-rs/indicatif#685
• Remove unnecessary spinner display in multi examples by @​shuntaka9576 in console-rs/indicatif#682
• Add dec and dec_length to ProgressBar by @​jaheba in console-rs/indicatif#690
• Update rand requirement from 0.8 to 0.9 by @​dependabot in console-rs/indicatif#693

0.17.9

What's Changed

• Mention ProgressTracker near list of template keys by @​djc in console-rs/indicatif#632
• tests: print whether colors are enabled to help diagnose spurious failure by @​chris-laplante in console-rs/indicatif#641

... (truncated)

Commits

• e836112 Bump version to 0.18.1
• e69d621 Fix wide_bar width computation with multiline a message
• 985f053 Bump MSRV to 1.71 (for console 0.16.1)
• 5436ffc Start versioning Cargo.lock
• e1f410d Update vt100 requirement from 0.15.1 to 0.16.1
• b3e94be Do not draw "current" char if none is configured
• 771a27e Add test for multicolor style without current char
• 354b732 Bump version to 0.18.0
• f46ba0a Bump version to 0.17.12
• 9f08f12 Upgrade to console 0.16
• Additional commits viewable in compare view

Updates reqwest from 0.11.22 to 0.12.4

Release notes

Sourced from reqwest's releases.

v0.12.4

What's Changed

• Add zstd support, enabled with zstd Cargo feature (thanks @​paolobarbolini!)
• Add ClientBuilder::read_timeout(Duration), which applies the duration for each read operation. The timeout resets after a successful read.

New Contributors

• @​SamuelMarks made their first contribution in seanmonstar/reqwest#2245

v0.12.3

What's Changed

• Add FromStr for dns::Name.
• Add ClientBuilder::built_in_webpki_certs(bool) to enable them separately.
• Add ClientBuilder::built_in_native_certs(bool) to enable them separately.
• Fix sending content-length: 0 for GET requests.
• Fix response body content_length() to return value when timeout is configured.
• Fix ClientBuilder::resolve() to use lowercase domain names.

New Contributors

• @​zuisong made their first contribution in seanmonstar/reqwest#2207
• @​djc made their first contribution in seanmonstar/reqwest#2222
• @​krant made their first contribution in seanmonstar/reqwest#2226
• @​Kriskras99 made their first contribution in seanmonstar/reqwest#2236

Full Changelog: seanmonstar/reqwest@v0.12.2...v0.12.3

v0.12.2

What's Changed

• Fix missing ALPN when connecting to socks5 proxy with rustls.
• Fix TLS version limits with rustls.
• Fix not detected ALPN h2 from server with native-tls.

New Contributors

• @​cxw620 made their first contribution in seanmonstar/reqwest#2165

Full Changelog: seanmonstar/reqwest@v0.12.1...v0.12.2

v0.12.1

What's Changed

• Fix ClientBuilder::interface() when no TLS is enabled.
• Fix TlsInfo::peer_certificate() being truncated with rustls.
• Fix panic if http2 feature disabled but TLS negotiated h2 in ALPN.
• Fix Display for Error to not include its source error.

New Contributors

• @​atouchet made their first contribution in seanmonstar/reqwest#2193
• @​mbme made their first contribution in seanmonstar/reqwest#2195

Full Changelog: seanmonstar/reqwest@v0.12.0...v0.12.1

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.12.4

• Add zstd support, enabled with zstd Cargo feature.
• Add ClientBuilder::read_timeout(Duration), which applies the duration for each read operation. The timeout resets after a successful read.

v0.12.3

• Add FromStr for dns::Name.
• Add ClientBuilder::built_in_webpki_certs(bool) to enable them separately.
• Add ClientBuilder::built_in_native_certs(bool) to enable them separately.
• Fix sending content-length: 0 for GET requests.
• Fix response body content_length() to return value when timeout is configured.
• Fix ClientBuilder::resolve() to use lowercase domain names.

v0.12.2

• Fix missing ALPN when connecting to socks5 proxy with rustls.
• Fix TLS version limits with rustls.
• Fix not detected ALPN h2 from server with native-tls.

v0.12.1

• Fix ClientBuilder::interface() when no TLS is enabled.
• Fix TlsInfo::peer_certificate() being truncated with rustls.
• Fix panic if http2 feature disabled but TLS negotiated h2 in ALPN.
• Fix Display for Error to not include its source error.

v0.12.0

• Upgrade to hyper, http, and http-body v1.
• Add better support for converting to and from http::Request and http::Response.
• Add http2 optional cargo feature, default on.
• Add charset optional cargo feature, default on.
• Add macos-system-configuration cargo feature, default on.
• Change all optional dependencies to no longer be exposed as implicit features.
• Add ClientBuilder::interface(str) to specify the local interface to bind to.
• Experimental: disables the http3 feature temporarily.

v0.11.27

• Add hickory-dns feature, deprecating trust-dns.
• (wasm) Fix Form::text() to not set octet-stream for plain text fields.

v0.11.26

• Revert system-configuration upgrade, which broke MSRV on macOS.

v0.11.25

• Fix Certificate::from_pem_bundle() parsing.

... (truncated)

Commits

• de5dbb1 v0.12.4
• 0f126f5 tests: fix blocking test about empty bodies and content-length
• 1073881 feat: add zstd support (#1866)
• 1af8945 feat: add ClientBuilder::read_timeout(dur) (#2241)
• e99da85 refactor: fix warnings related to mutability of self (#2245)
• 0720159 v0.12.3
• 9209695 Remove duplicate example for ClientBuilder::default_headers (#2236)
• e3a1565 fix: use lower case domain string when using resolve and resolve_to_addrs...
• b4c491a feat: allow fine-grained root certs for rustls (#2232)
• cf4295d chore: update winreg to 0.52.0 (#2226)
• Additional commits viewable in compare view

Updates serde from 1.0.190 to 1.0.193

Release notes

Sourced from serde's releases.

v1.0.193

• Fix field names used for the deserialization of RangeFrom and RangeTo (#2653, #2654, #2655, thanks @​emilbonnek)

v1.0.192

• Allow internal tag field in untagged variant (#2646, thanks @​robsdedude)

v1.0.191

• Documentation improvements

Commits

• 44613c7 Release 1.0.193
• c706281 Merge pull request #2655 from dtolnay/rangestartend
• 65d75b8 Add RangeFrom and RangeTo tests
• 332b0cb Merge pull request #2654 from dtolnay/rangestartend
• 8c4af41 Fix more RangeFrom / RangeEnd mixups
• 24a78f0 Merge pull request #2653 from emilbonnek/fix/range-to-from-de-mixup
• c91c334 Fix Range{From,To} deserialize mixup
• 2083f43 Update ui test suite to nightly-2023-11-19
• 4676abd Release 1.0.192
• 35700eb Merge pull request #2646 from robsdedude/fix/2643/allow-tag-field-in-untagged
• Additional commits viewable in compare view

Updates serde-xml-rs from 0.6.0 to 0.8.1

Release notes

Sourced from serde-xml-rs's releases.

0.8.1

Bug fix

• Remove leftover println (#232)

0.8.0

✨ Features:

• Namespace support for reading and writing
• #text as well as #content
• Log messages go from debug level to trace
• Serialize options in attributes and plain text

📝 Improved documentation

🐛 Bug fixes:

• Serializing sequences with attributes
• ...

💥 Breaking changes:

• $value replaced by #content and #text
• Attributes must now be deserialized to fields named @..., mirroring what was introduced in the serializer.
• Tuples become string only. This will be addressed in a future release

Commits

• 20efc42 🔖 Version 0.8.1
• 48a96a3 🐛 remove leftover println (#233)
• 525a952 💥 Namespaces and other niceties (#228)
• c0f2c07 🔖 Version 0.7.1
• 5eb0e42 Defer document declaration generation to xml-rs crate (#231)
• b1e2aaa 🔖 Version 0.7.0
• 84b964f 🎨 Clippy suggestions (#226)
• 17380a7 ✅ add testing of snippets in README (#224)
• 5b99a7f Fix README example (#212)
• 45ac5f8 ✨ Allow passing custom XML emitter (#222)
• Additional commits viewable in compare view

Updates serde_yaml from 0.9.27 to 0.9.34+deprecated

Release notes

Sourced from serde_yaml's releases.

0.9.34

As of this release, I am not planning to publish further versions of serde_yaml as none of my projects have been using YAML for a long time, so I have archived the GitHub repo and marked the crate deprecated in the version number. An official replacement isn't designated for those who still need to work with YAML, but https://crates.io/search?q=yaml&sort=relevance and https://crates.io/keywords/yaml has a number of reasonable-looking options available.

0.9.33

• Fix quadratic parse time for YAML containing deeply nested flow collections (dtolnay/unsafe-libyaml#26)

0.9.32

• Fix unused_imports warnings when compiled by rustc 1.78

0.9.31

• Add swap_remove and shift_remove methods on Mapping (#408)

0.9.30

• Update proc-macro2 to fix caching issue when using a rustc-wrapper such as sccache

0.9.29

• Turn on deny(unsafe_op_in_unsafe_fn) lint

0.9.28

• Update unsafe-libyaml dependency to pull in unaligned write fix

Commits

• 2009506 Release 0.9.34
• 3ba8462 Add unmaintained note
• 77236b0 Ignore dead code lint in tests
• f4c9ed9 Release 0.9.33
• b4edaee Pull in yaml_parser_fetch_more_tokens fix from libyaml
• 8a5542c Resolve non_local_definitions warning in test
• ea57d8c Release 0.9.32
• a52b7ac Resolve prelude redundant import warnings
• 9e0b8d3 Replace curly quotes with ascii straight quotes
• 2a77483 Release 0.9.31
• Additional commits viewable in compare view

Updates sha2 from 0.10.8 to 0.10.9

Commits

• 82c36a4 sha2: add soft-compact backend (backport of #686) (#687)
• c1e85ae ci: remove pre-1.56 jobs and other fixes (#688)
• a667dd9 skein: fix implementation for output sizes not multiple of 8 (#682)
• 62b6ff1 Fix blake2 and ascon-hash CI (#521)
• f3b657c Expose belt_compress to public (#520)
• 9f66cb8 md4: Optimize compress to improve hash performance (#519)
• 70a2b62 Add simpler code snippet to the documentation (#515)
• e3ab257 Update Cargo.lock
• c640781 ascon-hash: Add Zeroize feature (#480)
• cfda39f Update Cargo.lock
• See full diff in compare view

Updates thiserror from 1.0.50 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

• Use differently named __private module per patch release (#434)

2.0.16

• Add to "no-std" crates.io category (#429)

2.0.15

• Prevent Error::provide API becoming unavailable from a future new compiler lint (#427)

2.0.14

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#426)

2.0.13

• Documentation improvements

2.0.12

• Prevent elidable_lifetime_names pedantic clippy lint in generated impl (#413)

2.0.11

• Add feature gate to tests that use std (#409, #410, thanks @​Maytha8)

2.0.10

• Support errors containing a generic type parameter's associated type in a field (#408)

2.0.9

• Work around missing_inline_in_public_items clippy restriction being triggered in macro-generated code (#404)

2.0.8

• Improve support for macro-generated derive(Error) call sites (#399)

2.0.7

• Work around conflict with #[deny(clippy::allow_attributes)] (#397, thanks @​zertosh)

2.0.6

• Suppress deprecation warning on generated From impls (#396)

2.0.5

• Prevent deprecation warning on generated impl for deprecated type (#394)

2.0.4

• Eliminate needless_lifetimes clippy lint in generated From impls (#391, thanks @​matt-phylum)

2.0.3

• Support the same Path field being repeated in both Debug and Display representation in error message (#383)
• Improve error message when a format trait used in error message is not implemented by some field (#384)

2.0.2

• Fix hang on invalid input inside #[error(...)] attribute (#382)

2.0.1

... (truncated)

Commits

• 72ae716 Release 2.0.17
• 599fdce Merge pull request #434 from dtolnay/private
• 9ec05f6 Use differently named __private module per patch release
• d2c492b Raise minimum tested compiler to rust 1.76
• fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
• 819fe29 Update ui test suite to nightly-2025-09-12
• 259f48c Enforce trybuild >= 1.0.108
• 470e6a6 Update ui test suite to nightly-2025-08-24
• 544e191 Update actions/checkout@v4 -> v5
• cbc1eba Delete duplicate cap-lints flag from build script
• Additional commits viewable in compare view

Updates tokio from 1.33.0 to 1.48.0

Release notes

Sourced from tokio's releases.

Tokio v1.48.0

1.48.0 (October 14th, 2025)

The MSRV is increased to 1.71.

Added

• fs: add File::max_buf_size (#7594)
• io: export Chain of AsyncReadExt::chain (#7599)
• net: add SocketAddr::as_abstract_name (#7491)
• net: add TcpStream::quickack and TcpStream::set_quickack (#7490)
• net: implement AsRef<Self> for TcpStream and UnixStream (#7573)
• task: add LocalKey::try_get (#7666)
• task: implement Ord for task::Id (#7530)

Changed

• deps: bump windows-sys to version 0.61 (#7645)
• fs: preserve max_buf_size when cloning a File (#7593)
• macros: suppress clippy::unwrap_in_result in #[tokio::main] (#7651)
• net: remove PollEvented noise from Debug formats (#7675)
• process: upgrade Command::spawn_with to use FnOnce (#7511)
• sync: remove inner mutex in SetOnce (#7554)
• sync: use UnsafeCell::get_mut in Mutex::get_mut and RwLock::get_mut (#7569)
• time: reduce the generated code size of Timeout<T>::poll (#7535)

Fixed

• macros: fix hygiene issue in join! and try_join! (#7638)
• net: fix copy/paste errors in udp peek methods (#7604)
• process: fix error when runtime is shut down on nightly-2025-10-12 (#7672)
• runtime: use release ordering in wake_by_ref() even if already woken (#7622)
• sync: close the broadcast::Sender in broadcast::Sender::new() (#7629)
• sync: fix implementation of unused RwLock::try_* methods (#7587)

Unstable

• tokio: use cargo features instead of --cfg flags for taskdump and io_uring (#7655, #7621)
• fs: support io_uring in fs::write (#7567)
• fs: support io_uring with File::open() (#7617)
• fs: support io_uring with OpenOptions (#7321)
• macros: add local runtime flavor (#7375, #7597)

Documented

• io: clarify the zero capacity case of AsyncRead::poll_read (#7580)
• io: fix typos in the docs of AsyncFd readiness guards (#7583)
• net: clarify socket gets closed on drop (#7526)
• net: clarify the behavior of UCred::pid() on Cygwin (#7611)
• net: clarify the supported platform of set_reuseport() and reuseport() (#7628)

... (truncated)

Commits

• 556820f chore: prepare Tokio v1.48.0 (#7677)
• fd1659a chore: prepare tokio-macros v2.6.0 (#7676)
• 53e8aca ci: update nightly version to 2025-10-12 (#7670)
• 9e5527d process: fix error when runtime is shut down on nightly-2025-10-12 (#7672)
• 25a24de net: remove PollEvented noise from Debug formats (#7675)
• c1fa25f task: clarify the behavior of several spawn_local methods (#7669)
• e7e02fc fs: use FileOptions inside fs::File to support uring (#7617)
• f7a7f62 ci: remove cargo-deny Unicode-DFS-2016 license exception config (#7619)
• d1f1499 tokio: use cargo feature for taskdump support instead of cfg (#7655)
• ad6f618 runtime: clarify the behavior of Handle::block_on (#7665)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}