chore(deps): bump the production-dependencies group across 1 directory with 12 updates

[dependabot]

Bumps the production-dependencies group with 12 updates in the / directory:

Package	From	To
smol_str	0.3.2	0.3.5
miniserde	0.1.43	0.1.45
serde_json	1.0.145	1.0.149
serde_qs	1.0.0-rc.4	1.0.0-rc.5
chrono	0.4.42	0.4.43
thiserror	2.0.17	2.0.18
tracing	0.1.43	0.1.44
insta	1.44.3	1.46.1
httpmock	0.7.0	0.8.2
tokio	1.48.0	1.49.0
axum	0.8.7	0.8.8
uuid	1.19.0	1.20.0

Updates smol_str from 0.3.2 to 0.3.5

Commits

• See full diff in compare view

Updates miniserde from 0.1.43 to 0.1.45

Release notes

Sourced from miniserde's releases.

0.1.45

• Update zmij dependency to 1.0

0.1.44

• Switch float-to-string algorithm from Ryū to Żmij for better f32 and f64 serialization performance (#63)

Commits

• 5a19cba Release 0.1.45
• f3778f8 Update to zmij 1.0
• ef35b50 Release 0.1.44
• 5e8dd2b Merge pull request #63 from dtolnay/zmij
• 4b686b0 Switch from ryu -> zmij for float formatting
• 7fe18ea Exclude benchmark dependencies from being compiled by miri
• 898a087 Format with rustfmt 1.8.0-nightly
• 3813789 Switch from cargo bench to criterion
• 7d47b08 Update actions/upload-artifact@v5 -> v6
• 4bbbfdc Update actions/upload-artifact@v4 -> v5
• Additional commits viewable in compare view

Updates serde_json from 1.0.145 to 1.0.149

Release notes

Sourced from serde_json's releases.

v1.0.149

• Align arbitrary_precision number strings with zmij's formatting (#1306, thanks @​b41sh)

v1.0.148

• Update zmij dependency to 1.0

v1.0.147

• Switch float-to-string algorithm from Ryū to Żmij for better f32 and f64 serialization performance (#1304)

v1.0.146

• Set fast_arithmetic=64 for riscv64 (#1305, thanks @​Xeonacid)

Commits

• 4f6dbfa Release 1.0.149
• f3df680 Touch up PR 1306
• e16730f Merge pull request #1306 from b41sh/fix-float-number-display
• eeb2bcd Align arbitrary_precision number strings with zmij’s formatting
• 8b291c4 Release 1.0.148
• 1aefe15 Update to zmij 1.0
• 62d6e8d Release 1.0.147
• fd829a6 Merge pull request #1304 from dtolnay/zmij
• e757a3d Switch from ryu -> zmij for float formatting
• 75ad7e6 Release 1.0.146
• Additional commits viewable in compare view

Updates serde_qs from 1.0.0-rc.4 to 1.0.0-rc.5

Release notes

Sourced from serde_qs's releases.

v1.0.0-rc.5

Other

• fix typos and improve clarity in documentation comments (#157)

Changelog

Sourced from serde_qs's changelog.

1.0.0-rc.5 - 2026-01-09

Other

• fix typos and improve clarity in documentation comments (#157)

Commits

• 1ed4cf7 chore: release v1.0.0-rc.5 (#158)
• 17d5515 chore: fix typos and improve clarity in documentation comments (#157)
• See full diff in compare view

Updates chrono from 0.4.42 to 0.4.43

Release notes

Sourced from chrono's releases.

0.4.43

What's Changed

• Install extra components for lint workflow by @​djc in chronotope/chrono#1741
• Upgrade windows-bindgen to 0.64 by @​djc in chronotope/chrono#1742
• Improve windows-bindgen setup by @​djc in chronotope/chrono#1744
• Drop stabilized feature doc_auto_cfg by @​djc in chronotope/chrono#1745
• Faster RFC 3339 parsing by @​djc in chronotope/chrono#1748
• Update windows-bindgen requirement from 0.64 to 0.65 by @​dependabot[bot] in chronotope/chrono#1751
• add NaiveDate::abs_diff by @​Kinrany in chronotope/chrono#1752
• Add feature gated defmt support. by @​pebender in chronotope/chrono#1747
• Drop deny lints, eager Debug impls are a mixed blessing by @​djc in chronotope/chrono#1753
• chore: minor improvement for docs by @​spuradage in chronotope/chrono#1756
• Added doctest for the NaiveDate years_since function by @​LucasBou in chronotope/chrono#1755
• Prepare 0.4.43 by @​djc in chronotope/chrono#1765
• Update copyright year to 2026 in LICENSE.txt by @​taozui472 in chronotope/chrono#1767

Commits

• 45caaa9 Update copyright year to 2026 in LICENSE.txt
• 1c0b8f0 Bump version to 0.4.43
• a03e43b Upgrade windows-bindgen to 0.66
• 4fedaba Ignore bincode advisory
• f4b7bbd Bump actions/checkout from 5 to 6
• db12973 Added doctest for the NaiveDate years_since function (#1755)
• 34b5f49 chore: minor improvement for docs
• 8c82711 Bump actions/setup-node from 5 to 6
• ea1f11b Drop deny lints, eager Debug impls are a mixed blessing
• 35f9f2d Add feature gated defmt support.
• Additional commits viewable in compare view

Updates thiserror from 2.0.17 to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

• Make compatible with project-level needless_lifetimes = "forbid" (#443, thanks @​LucaCappelletti94)

Commits

• dc0f6a2 Release 2.0.18
• 0275292 Touch up PR 443
• 3c33bc6 Merge pull request #443 from LucaCappelletti94/master
• 995939c Reproduce issue 442
• 21653d1 Made clippy lifetime allows conditional
• 45e5388 Update actions/upload-artifact@v5 -> v6
• 386aac1 Update actions/upload-artifact@v4 -> v5
• ec50561 Update actions/checkout@v5 -> v6
• 247eab5 Update name of empty_enum clippy lint
• 91b181f Raise required compiler to Rust 1.68
• Additional commits viewable in compare view

Updates tracing from 0.1.43 to 0.1.44

Release notes

Sourced from tracing's releases.

tracing 0.1.44

Fixed

• Fix record_all panic (#3432)

Changed

• tracing-core: updated to 0.1.36 (#3440)

#3432: tokio-rs/tracing#3432 #3440: tokio-rs/tracing#3440

Commits

• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• cc44064 chore: prepare tracing-subscriber 0.3.22 (#3428)
• See full diff in compare view

Updates insta from 1.44.3 to 1.46.1

Release notes

Sourced from insta's releases.

1.46.1

Release Notes

• Fix inline snapshot corruption when multiple snapshots appear inside with_settings! macro. #858

Install cargo-insta 1.46.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.46.1/cargo-insta-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.46.1/cargo-insta-installer.ps1 | iex"

Download cargo-insta 1.46.1

File	Platform	Checksum
cargo-insta-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
cargo-insta-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
cargo-insta-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
cargo-insta-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum
cargo-insta-x86_64-unknown-linux-musl.tar.xz	x64 MUSL Linux	checksum

1.46.0

Release Notes

• Add INSTA_PENDING_DIR environment variable for Bazel and other hermetic build systems. When set, pending snapshots are written to a separate directory while keeping the source tree read-only. We are very open to feedback on this feature. #852
• Fix documentation for test.runner_fallback config key. #853

Install cargo-insta 1.46.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.46.0/cargo-insta-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.46.0/cargo-insta-installer.ps1 | iex"

Download cargo-insta 1.46.0

... (truncated)

Changelog

Sourced from insta's changelog.

1.46.1

• Fix inline snapshot corruption when multiple snapshots appear inside with_settings! macro. #858

1.46.0

• Add INSTA_PENDING_DIR environment variable for Bazel and other hermetic build systems. When set, pending snapshots are written to a separate directory while keeping the source tree read-only. We are very open to feedback on this feature. #852
• Fix documentation for test.runner_fallback config key. #853

1.45.1

• Fix backward compatibility with TOML format produced by insta < 1.45.0. #849 (@​chitoku-k)

1.45.0

• Add external diff tool support via INSTA_DIFF_TOOL environment variable. When set, insta uses the specified tool (e.g., delta, difftastic) to display snapshot diffs instead of the built-in diff. The tool is invoked as <tool> <old_file> <new_file>. #844
• Add test.disable_nextest_doctest config option to insta.yaml, allowing users to silence the nextest doctest warning via config instead of passing --dnd every time. #842
• Skip non-insta snapshot files in unreferenced detection. Projects using both insta and other snapshot tools (like vitest or jest) can now use --unreferenced=reject without false positives on .snap files from other tools. #846
• Collect warnings from tests for display after run. Ensures deprecation warnings are visible even when nextest suppresses stdout/stderr from passing tests. #840
• Update TOML serialization to be up-to-date and backwards-compatible. #834 (@​spoutn1k)
• Support clippy::needless_raw_strings lint by only using raw strings when content contains backslashes or quotes. #828

Commits

• 8a5b775 Release 1.46.1 (#859)
• 822f404 Fix inline snapshot corruption with multiple snapshots in with_settings! (#858)
• 7d27e3a Release 1.46.0 (#855)
• 3aa59d6 Add INSTA_PENDING_DIR environment variable for hermetic builds (#852)
• fd40cf7 Fix docs for test.runner_fallback config key (#853)
• ac191ba Add test for multiline snapshots without special characters (#848)
• 55f6999 Release 1.45.1 (#850)
• 00b1cd4 Fix backward compatibility with TOML format produced by insta < 1.45.0 (#849)
• 681a026 Release 1.45.0 (#847)
• ad233cd Skip non-insta snapshot files in unreferenced detection (#846)
• Additional commits viewable in compare view

Updates httpmock from 0.7.0 to 0.8.2

Release notes

Sourced from httpmock's releases.

v0.8.2

This release includes bug fixes, documentation enhancements and new features, such as dynamic responders.

The following pull requests have been merged:

• #178: "Expose proxy method to obtain the recorded yaml without saving to a file" (thanks @​janeisklar)
• #180: "Add missing query parameters in recordings"
• #181: "Append Headers Instead of Inserting"
• #182: "Add Dynamic Responses"
• #184: "Use read_file in body_from_file"

v0.8.1

This release includes bug fixes and documentation enhancements.

The following pull requests have been merged:

• #179: "Use scheme of target url for forwarding"

v0.8.0

This release includes refactoring, dependency updates, and internal cleanups. No breaking changes expected.

The minimum required Rust version has been increased to 1.82.

The following pull requests have been merged:

• #172: "Update Rust edition to 2021" (thanks @​FalkWoldmann)
• #169: "Proxy HTTPS fix"
• #167: "Replace log and env_logger with tracing and tracing-subscriber" (thanks @​FalkWoldmann)
• #166: "Remove unused code" (thanks @​FalkWoldmann)
• #163: "fix: issue 162, non localhost hosts match" (thanks @​Thomblin)
• #160: "Replace custom read_file with std::fs::read_to_string" (thanks @​FalkWoldmann)
• #158: "Improve async executor support"
• #156: "Bump async-object-pool to replace async-std"
• #153: "ci(deps): bump actions/checkout from 4 to 5"
• #152: "Fix missing standalone routes"
• #151: "Cleanup unused test functions"
• #147: "ci(deps): bump codecov/codecov-action from 2 to 5"
• #146: "cargo(deps): update thiserror requirement from 1 to 2"
• #145: "ci(deps): bump actions/checkout from 2 to 4"
• #144: "ci(deps): bump docker/build-push-action from 4 to 6
• #141: "cargo(deps): update path-tree requirement from >=0.8.0, <0.8.1 to >=0.8.0, <0.8.4"
• #140: "ci(deps): bump docker/login-action from 1 to 3"
• #139: "ci(deps): bump withastro/action from 2 to 4"
• #138: "Create dependabot.yml" (thanks @​FalkWoldmann)
• #136: "Replace async_std with tokio" (thanks @​FalkWoldmann)

v0.8.0-alpha.1

BREAKING CHANGES

• A new MockServer::reset method was added that resets a mock server. Thanks for providing the pull request for this feature, @​dax.
• The default port for standalone server was changed from 5000 to 5050 due to conflicts with system services on macOS.
• Custom matcher functions are now closures rather than functions.
• When::json_body_partial was renamed to json_body_includes.

... (truncated)

Changelog

Sourced from httpmock's changelog.

Version 0.8.2

The following pull requests have been merged:

• #178: "Expose proxy method to obtain the recorded yaml without saving to a file" (thanks @​janeisklar)
• #180: "Add missing query parameters in recordings"
• #181: "Append Headers Instead of Inserting"
• #182: "Add Dynamic Responses"
• #184: "Use read_file in body_from_file"

Version 0.8.1

This release includes bug fixes and documentation enhancements.

The following pull requests have been merged:

• #179: "Use scheme of target url for forwarding"

Version 0.8.0

This release includes refactoring, dependency updates, and internal cleanups. No breaking changes expected.

The minimum required Rust version has been increased to 1.82.

The following pull requests have been merged:

• #172: "Update Rust edition to 2021" (thanks @​FalkWoldmann)
• #169: "Proxy HTTPS fix"
• #167: "Replace log and env_logger with tracing and tracing-subscriber" (thanks @​FalkWoldmann)
• #166: "Remove unused code" (thanks @​FalkWoldmann)
• #163: "fix: issue 162, non localhost hosts match" (thanks @​Thomblin)
• #160: "Replace custom read_file with std::fs::read_to_string" (thanks @​FalkWoldmann)
• #158: "Improve async executor support"
• #156: "Bump async-object-pool to replace async-std"
• #153: "ci(deps): bump actions/checkout from 4 to 5"
• #152: "Fix missing standalone routes"
• #151: "Cleanup unused test functions"
• #147: "ci(deps): bump codecov/codecov-action from 2 to 5"
• #146: "cargo(deps): update thiserror requirement from 1 to 2"
• #145: "ci(deps): bump actions/checkout from 2 to 4"
• #144: "ci(deps): bump docker/build-push-action from 4 to 6
• #141: "cargo(deps): update path-tree requirement from >=0.8.0, <0.8.1 to >=0.8.0, <0.8.4"
• #140: "ci(deps): bump docker/login-action from 1 to 3"
• #139: "ci(deps): bump withastro/action from 2 to 4"
• #138: "Create dependabot.yml" (thanks @​FalkWoldmann)
• #136: "Replace async_std with tokio" (thanks @​FalkWoldmann)

Version 0.8.0-beta.1

This release mainly contains internal improvements and bugfixes. The minimum required Rust version has been increased to 1.81. Apart from the updated MSRV, there are no breaking changes.

The following pull requests have been merged:

• #112: "Fix building without cookies feature" by @​jayvdb.

... (truncated)

Commits

• 02efcf9 add disclaimer for custom responders to documentation
• 5b6f04a add disclaimer for custom responders to documentation
• 52bf5d5 raise version to 0.8.2
• 211d072 Merge pull request #182 from httpmock/dynamic-response
• d903d57 fix https with http2 flag
• 470f623 switch to httpbingo for forwarding to a real server
• 7a1732b switch to httpbingo for forwarding to a real server
• 47597b3 add dynamic responses to changelog
• 34f5bc2 rename reply method
• 4f8edf7 mention dynamic responses in docs
• Additional commits viewable in compare view

Updates tokio from 1.48.0 to 1.49.0

Release notes

Sourced from tokio's releases.

Tokio v1.49.0

1.49.0 (January 3rd, 2026)

Added

• net: add support for TCLASS option on IPv6 (#7781)
• runtime: stabilize runtime::id::Id (#7125)
• task: implement Extend for JoinSet (#7195)
• task: stabilize the LocalSet::id() (#7776)

Changed

• net: deprecate {TcpStream,TcpSocket}::set_linger (#7752)

Fixed

• macros: fix the hygiene issue of join! and try_join! (#7766)
• runtime: revert "replace manual vtable definitions with Wake" (#7699)
• sync: return TryRecvError::Disconnected from Receiver::try_recv after Receiver::close (#7686)
• task: remove unnecessary trait bounds on the Debug implementation (#7720)

Unstable

• fs: handle EINTR in fs::write for io-uring (#7786)
• fs: support io-uring with tokio::fs::read (#7696)
• runtime: disable io-uring on EPERM (#7724)
• time: add alternative timer for better multicore scalability (#7467)

Documented

• docs: fix a typos in bounded.rs and park.rs (#7817)
• io: add SyncIoBridge cross-references to copy and copy_buf (#7798)
• io: doc that AsyncWrite does not inherit from std::io::Write (#7705)
• metrics: clarify that num_alive_tasks is not strongly consistent (#7614)
• net: clarify the cancellation safety of the TcpStream::peek (#7305)
• net: clarify the drop behavior of unix::OwnedWriteHalf (#7742)
• net: clarify the platform-dependent backlog in TcpSocket docs (#7738)
• runtime: mention LocalRuntime in new_current_thread docs (#7820)
• sync: add missing period to mpsc::Sender::try_send docs (#7721)
• sync: clarify the cancellation safety of oneshot::Receiver (#7780)
• sync: improve the docs for the errors of mpsc (#7722)
• task: add example for spawn_local usage on local runtime (#7689)

#7125: tokio-rs/tokio#7125 #7195: tokio-rs/tokio#7195 #7305: tokio-rs/tokio#7305 #7467: tokio-rs/tokio#7467 #7614: tokio-rs/tokio#7614 #7686: tokio-rs/tokio#7686 #7689: tokio-rs/tokio#7689

... (truncated)

Commits

• e3b89bb chore: prepare Tokio v1.49.0 (#7824)
• 4f577b8 Merge 'tokio-1.47.3' into 'master'
• f320197 chore: prepare Tokio v1.47.3 (#7823)
• ea6b144 ci: freeze rustc on nightly-2025-01-25 in netlify.toml (#7652)
• 264e703 Merge tokio-1.43.4 into tokio-1.47.x (#7822)
• dfb0f00 chore: prepare Tokio v1.43.4 (#7821)
• 4a91f19 ci: fix wasm32-wasip1 tests (#7788)
• 601c383 ci: upgrade FreeBSD from 14.2 to 14.3 (#7758)
• 484cb52 sync: return TryRecvError::Disconnected from Receiver::try_recv after `Re...
• 16f20c3 rt: mention LocalRuntime in new_current_thread docs (#7820)
• Additional commits viewable in compare view

Updates axum from 0.8.7 to 0.8.8

Release notes

Sourced from axum's releases.

axum v0.8.8

• Clarify documentation for Router::route_layer (#3567)

#3567: tokio-rs/axum#3567

Commits

• d07863f Release axum v0.8.8 and axum-extra v0.12.3
• 287c674 axum-extra: Make typed-routing feature enable routing feature (#3514)
• f5804aa SecondElementIs: Correct a small inconsistency (#3559)
• f51f3ba axum-extra: Add trailing newline to pretty JSON response (#3526)
• 816407a Fix integer underflow in try_range_response for empty files (#3566)
• 78656eb docs: Clarify route_layer does not apply middleware to the fallback handler...
• See full diff in compare view

Updates uuid from 1.19.0 to 1.20.0

Release notes

Sourced from uuid's releases.

v1.20.0

What's Changed

• Derive Ord and PartialOrd for NonNilUuid by @​mivort in uuid-rs/uuid#854
• Implement Deserialize on adapter types by @​KodrAus in uuid-rs/uuid#855
• Deprecate macro-diagnostics by @​KodrAus in uuid-rs/uuid#856
• Prepare for 1.20.0 release by @​KodrAus in uuid-rs/uuid#857

New Contributors

• @​mivort made their first contribution in uuid-rs/uuid#854

Full Changelog: uuid-rs/uuid@v1.19.0...v1.20.0

Commits

• c3346dd Merge pull request #857 from uuid-rs/cargo/v1.20.0
• 66eebc3 prepare for 1.20.0 release
• 3b66758 Merge pull request #856 from uuid-rs/docs/bytes-le-ordering
• e2bdd44 don't run UI tests in wasm
• b6dc7ec note that ordering applies to fields in to/from_bytes_le
• a0281cd Merge pull request #855 from uuid-rs/feat/serde-fmt
• db27b67 Merge pull request #854 from mivort/non-nil-uuid-ord
• efb06f2 implement Deserialize on adapter types
• 50d44ad Derive Ord and PartialOrd for NonNilUuid
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
payments-rs	Ready	Preview, Comment	Jan 26, 2026 6:09am

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml