Bump the cargo group across 1 directory with 6 updates

[dependabot]

Bumps the cargo group with 6 updates in the / directory:

Package	From	To
bytes	1.4.0	1.11.1
h2	0.3.21	0.3.27
mio	0.8.8	0.8.11
rustix	0.37.23	0.37.28
rustls	0.21.6	0.21.12
tokio	1.32.0	1.49.0

Updates bytes from 1.4.0 to 1.11.1

Release notes

Sourced from bytes's releases.

Bytes v1.11.1

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

Bytes v1.11.0

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Bytes v1.10.1

1.10.1 (March 5th, 2025)

Fixed

• Fix memory leak when using to_vec with Bytes::from_owner (#773)

#773: tokio-rs/bytes#773

Bytes v1.10.0

1.10.0 (February 3rd, 2025)

Added

• Add feature to support platforms without atomic CAS (#467)
• try_get_* methods for Buf trait (#753)
• Implement Buf::chunks_vectored for Take (#617)
• Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

• Remove incorrect guarantee for chunks_vectored (#754)
• Ensure that tests pass under panic=abort (#749)

... (truncated)

Changelog

Sourced from bytes's changelog.

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

1.10.1 (March 5th, 2025)

Fixed

• Fix memory leak when using to_vec with Bytes::from_owner (#773)

1.10.0 (February 3rd, 2025)

Added

• Add feature to support platforms without atomic CAS (#467)
• try_get_* methods for Buf trait (#753)
• Implement Buf::chunks_vectored for Take (#617)
• Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

• Remove incorrect guarantee for chunks_vectored (#754)
• Ensure that tests pass under panic=abort (#749)

1.9.0 (November 27, 2024)

Added

• Add Bytes::from_owner to enable externally-allocated memory (#742)

Documented

... (truncated)

Commits

• 417dccd Release bytes v1.11.1 (#820)
• d0293b0 Merge commit from fork
• a7952fb chore: prepare bytes v1.11.0 (#804)
• 60cbb77 fix: BytesMut only reuse if src has remaining (#803)
• 7ce330f Move drop_fn of from_owner into vtable (#801)
• 4b53a29 Tweak BytesMut::remaining_mut (#795)
• 016fdbd Reserve capacity in BytesMut::put (#794)
• ef7f257 Specialize BytesMut::put::<Bytes> (#793)
• 8b4f54d Ignore BytesMut::freeze doctest on wasm (#790)
• 16132ad Fix latest clippy warnings (#787)
• Additional commits viewable in compare view

Updates h2 from 0.3.21 to 0.3.27

Release notes

Sourced from h2's releases.

v0.3.26

What's Changed

• Limit number of CONTINUATION frames for misbehaving connections.

See https://seanmonstar.com/blog/hyper-http2-continuation-flood/ for more info.

v0.3.25

What's Changed

• perf: optimize header list size calculations by @​Noah-Kennedy in hyperium/h2#750

Full Changelog: hyperium/h2@v0.3.24...v0.3.25

v0.3.24

Fixed

• Limit error resets for misbehaving connections.

v0.3.23

What's Changed

• cherry-pick fix: streams awaiting capacity lockout in hyperium/h2#734

v0.3.22

What's Changed

• Add header_table_size(usize) option to client and server builders.
• Improve throughput when vectored IO is not available.
• Update indexmap to 2.

New Contributors

• @​tottoto made their first contribution in hyperium/h2#714
• @​xiaoyawei made their first contribution in hyperium/h2#712
• @​Protryon made their first contribution in hyperium/h2#719
• @​4JX made their first contribution in hyperium/h2#638
• @​vuittont60 made their first contribution in hyperium/h2#724

Changelog

Sourced from h2's changelog.

0.3.27 (July 11, 2025)

• Fix notifying wakers when detecting local stream errors.

0.3.26 (April 3, 2024)

• Limit number of CONTINUATION frames for misbehaving connections.

0.3.25 (March 15, 2024)

• Improve performance decoding many headers.

0.3.24 (January 17, 2024)

• Limit error resets for misbehaving connections.

0.3.23 (January 10, 2024)

• Backport fix from 0.4.1 for stream capacity assignment.

0.3.22 (November 15, 2023)

• Add header_table_size(usize) option to client and server builders.
• Improve throughput when vectored IO is not available.
• Update indexmap to 2.

Commits

• f6237ac v0.3.27
• f61332e refactor: change local reset counter to use type system more
• 3f1a8e3 style: fix anonymous lifetime syntax
• 778aa7e fix: notify_recv after send_reset() in reset_on_recv_stream_err() to ensure l...
• be10b77 ci: pin more deps for MSRV job (#817)
• c0d9feb ci: pin deps for MSRV
• 5ccd9cf lints: fix unexpected cfgs warnings
• e6e3e9c fix: return a WriteZero error if frames cannot be written (#783)
• 357127e v0.3.26
• 1a357aa fix: limit number of CONTINUATION frames allowed
• Additional commits viewable in compare view

Updates mio from 0.8.8 to 0.8.11

Changelog

Sourced from mio's changelog.

0.8.11

• Fix receiving IOCP events after deregistering a Windows named pipe (tokio-rs/mio#1760, backport pr: tokio-rs/mio#1761).

0.8.10

Added

• Solaris support (tokio-rs/mio#1724).

0.8.9

Added

• ESP-IDF framework support (tokio-rs/mio#1692).
• AIX operating system support (tokio-rs/mio#1704).
• Vita support (tokio-rs/mio#1721).
• {UnixListener,UnixStream}:bind_addr (tokio-rs/mio#1630).
• mio_unsupported_force_poll_poll and mio_unsupported_force_waker_pipe unsupported configuration flags to force a specific poll or waker implementation (tokio-rs/mio#1684, tokio-rs/mio#1685, tokio-rs/mio#1692).

Fixed

• The pipe(2) based waker (swapped file descriptors) (tokio-rs/mio#1722).
• The duplicate waker check to work correctly with cloned Registrys. (tokio-rs/mio#1706).

Commits

• 0328bde Release v0.8.11
• 7084498 Fix warnings
• 90d4fe0 named-pipes: fix receiving IOCP events after deregister
• c710a30 Add v0.8.x to the CI
• c29e21c Release v0.8.10
• f6a20da Add Solaris operating system support (#1724)
• e80c3b2 Release v0.8.9
• 862786b Fix importing of IoSourceState
• 4034872 Add support for vita target
• 8eb4010 Fix receiver and sender fd in pipe based waker
• Additional commits viewable in compare view

Updates rustix from 0.37.23 to 0.37.28

Commits

• 89b7a8d chore: Release rustix version 0.37.28
• f51ecb1 Check for a missing DT_HASH section in the VDSO parser (#1254) (#1257)
• b720e07 Remove naked_functions feature usage for x86 (#722) (#1182)
• b38dc51 chore: Release rustix version 0.37.27
• a2d9c8e Fix p{read,write}v{,v2}'s encoding of the offset argument on Linux. (#896) (#...
• dce2777 chore: Release rustix version 0.37.26
• 06dbe83 Fix sendmsg_unix's address encoding. (#885) (#886)
• 00b84d6 chore: Release rustix version 0.37.25
• cad15a7 Fixes for Dir on macOS, FreeBSD, and WASI.
• df3c3a1 Merge pull request from GHSA-c827-hfw6-qwvm
• Additional commits viewable in compare view

Updates rustls from 0.21.6 to 0.21.12

Commits

• 3633152 Cargo: v0.21.11 -> v0.21.12
• 0baaeba proj: MSRV 1.61 -> 1.63
• 6fd691a tls13: fix clippy::unnecessary_lazy_evaluations finding
• 6da5337 Test for illegal IP address in server name extension
• 75f8857 Ignore server_name extension containing IP address
• 7b8d1db Prepare 0.21.11
• ebcb478 complete_io: bail out if progress is impossible
• 20f35df Regression test for complete_io infinite loop bug
• 2f2aae1 Don't specially handle unauthenticated close_notify alerts
• e163587 Don't deny warnings from nightly clippy
• Additional commits viewable in compare view

Updates tokio from 1.32.0 to 1.49.0

Release notes

Sourced from tokio's releases.

Tokio v1.49.0

1.49.0 (January 3rd, 2026)

Added

• net: add support for TCLASS option on IPv6 (#7781)
• runtime: stabilize runtime::id::Id (#7125)
• task: implement Extend for JoinSet (#7195)
• task: stabilize the LocalSet::id() (#7776)

Changed

• net: deprecate {TcpStream,TcpSocket}::set_linger (#7752)

Fixed

• macros: fix the hygiene issue of join! and try_join! (#7766)
• runtime: revert "replace manual vtable definitions with Wake" (#7699)
• sync: return TryRecvError::Disconnected from Receiver::try_recv after Receiver::close (#7686)
• task: remove unnecessary trait bounds on the Debug implementation (#7720)

Unstable

• fs: handle EINTR in fs::write for io-uring (#7786)
• fs: support io-uring with tokio::fs::read (#7696)
• runtime: disable io-uring on EPERM (#7724)
• time: add alternative timer for better multicore scalability (#7467)

Documented

• docs: fix a typos in bounded.rs and park.rs (#7817)
• io: add SyncIoBridge cross-references to copy and copy_buf (#7798)
• io: doc that AsyncWrite does not inherit from std::io::Write (#7705)
• metrics: clarify that num_alive_tasks is not strongly consistent (#7614)
• net: clarify the cancellation safety of the TcpStream::peek (#7305)
• net: clarify the drop behavior of unix::OwnedWriteHalf (#7742)
• net: clarify the platform-dependent backlog in TcpSocket docs (#7738)
• runtime: mention LocalRuntime in new_current_thread docs (#7820)
• sync: add missing period to mpsc::Sender::try_send docs (#7721)
• sync: clarify the cancellation safety of oneshot::Receiver (#7780)
• sync: improve the docs for the errors of mpsc (#7722)
• task: add example for spawn_local usage on local runtime (#7689)

#7125: tokio-rs/tokio#7125 #7195: tokio-rs/tokio#7195 #7305: tokio-rs/tokio#7305 #7467: tokio-rs/tokio#7467 #7614: tokio-rs/tokio#7614 #7686: tokio-rs/tokio#7686 #7689: tokio-rs/tokio#7689

... (truncated)

Commits

• e3b89bb chore: prepare Tokio v1.49.0 (#7824)
• 4f577b8 Merge 'tokio-1.47.3' into 'master'
• f320197 chore: prepare Tokio v1.47.3 (#7823)
• ea6b144 ci: freeze rustc on nightly-2025-01-25 in netlify.toml (#7652)
• 264e703 Merge tokio-1.43.4 into tokio-1.47.x (#7822)
• dfb0f00 chore: prepare Tokio v1.43.4 (#7821)
• 4a91f19 ci: fix wasm32-wasip1 tests (#7788)
• 601c383 ci: upgrade FreeBSD from 14.2 to 14.3 (#7758)
• 484cb52 sync: return TryRecvError::Disconnected from Receiver::try_recv after `Re...
• 16f20c3 rt: mention LocalRuntime in new_current_thread docs (#7820)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.50%. Comparing base (bf7eb12) to head (0a53d20).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##            main      #55       +/-   ##
==========================================
+ Coverage   0.00%   74.50%   +74.50%     
==========================================
  Files          2        2               
  Lines         57       51        -6     
==========================================
+ Hits           0       38       +38     
+ Misses        57       13       -44     

Flag	Coverage Δ
unittests	74.50% <ø> (+74.50%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.