build(deps): bump the version-updates group across 1 directory with 28 updates

[dependabot]

Bumps the version-updates group with 26 updates in the / directory:

Package	From	To
actix-web	4.9.0	4.12.0
alloy-primitives	1.2.0	1.5.2
anyhow	1.0.95	1.0.100
blst	0.3.15	0.3.16
bytes	1.9.0	1.11.0
chrono	0.4.39	0.4.42
csv	1.3.1	1.4.0
curl	0.4.47	0.4.49
hex-literal	1.0.0	1.1.0
http	1.2.0	1.4.0
hyper	1.5.2	1.8.1
indexmap	2.7.1	2.13.0
json-patch	4.0.0	4.1.0
log	0.4.25	0.4.29
regex	1.11.1	1.12.2
ringbuf	0.4.7	0.4.8
serde_json	1.0.137	1.0.149
tempfile	3.20.0	3.24.0
thiserror	2.0.11	2.0.17
time	0.3.37	0.3.44
tokio	1.44.2	1.49.0
tokio-stream	0.1.17	0.1.18
tracing	0.1.41	0.1.44
tracing-subscriber	0.3.19	0.3.22
uuid	1.12.1	1.16.0
vergen	9.0.4	9.0.6

Updates actix-web from 4.9.0 to 4.12.0

Release notes

Sourced from actix-web's releases.

actix-web: v4.12.0

Short announcement

We've started GitHub Sponsors: https://github.com/sponsors/actix Support our development!

v4.12.0

• actix_web::response::builder::HttpResponseBuilder::streaming() now sets Content-Type to application/octet-stream if Content-Type does not exist.
• actix_web::response::builder::HttpResponseBuilder::streaming() now calls actix_web::response::builder::HttpResponseBuilder::no_chunking() and returns SizedStream if Content-Length is set by user.
• Add ws crate feature (on-by-default) which forwards to actix-http and guards some of its ResponseError impls.
  • ⚠️ if you use default-feature = false and the web scoket feature, please make sure you enable the ws feature.
• Add public export for EitherExtractError in error module.

actix-web: v4.11.0

• Add Logger::log_level() method.
• Improve handling of non-UTF-8 header values in Logger middleware.
• Add HttpServer::shutdown_signal() method.
• Mark HttpServer as #[must_use].
• Allow SVG images to be compressed by the Compress middleware.
• Ignore Host header in Host guard when connection protocol is HTTP/2.
• Re-export mime dependency.
• Update brotli dependency to 8.

actix-web: v4.10.2

• No significant changes since 4.10.1.

actix-web: v4.10.1

• No significant changes since 4.10.0.

actix-web: v4.10.0

Added

• Implement Responder for Result<(), E: Into<Error>>. Returning Ok(()) responds with HTTP 204 No Content.

Changed

• On Windows, an error is now returned from HttpServer::bind() (or TLS variants) when binding to a socket that's already in use.
• Update brotli dependency to 7.
• Minimum supported Rust version (MSRV) is now 1.75.

Commits

• d119500 release: actix-web v4.12.0 (#3830)
• a3f95ee feat: improve HttpResponseBuilder::streaming with SizedStream (#3829)
• e1da110 chore: Add public export for EitherExtractError (#3826)
• 219b988 build(deps): bump taiki-e/install-action from 2.62.46 to 2.62.49 (#3823)
• 9cf3521 build(deps): bump quote from 1.0.41 to 1.0.42 (#3825)
• 8b10319 build(deps): bump taiki-e/install-action from 2.62.45 to 2.62.46 (#3820)
• d5fae3e chore: rename branch to main (#3821)
• e6958cc build(deps): bump taiki-e/install-action from 2.62.38 to 2.62.45 (#3819)
• 3dd42ee build(deps): bump tokio-util from 0.7.16 to 0.7.17 (#3817)
• 627af8c chore(gha): setup cargo-deny (#3816)
• Additional commits viewable in compare view

Updates alloy-primitives from 1.2.0 to 1.5.2

Release notes

Sourced from alloy-primitives's releases.

alloy-core v1.5.1

What's Changed

• feat(primitives): add U256Map by @​DaniPopes in alloy-rs/core#1052
• feat: extract cache to a separate crate by @​DaniPopes in alloy-rs/core#1053

Full Changelog: alloy-rs/core@v1.5.0...v1.5.1

alloy-core v1.5.0

What's Changed

• chore: clippy by @​DaniPopes in alloy-rs/core#1037
• feat: add Bloom::accrue_logs method by @​mattsse in alloy-rs/core#1039
• docs: document allow(unexpected_cfgs) for wrap_fixed_bytes by @​DaniPopes in alloy-rs/core#1043
• feat(primitives): add Signature::as_rsy method by @​mablr in alloy-rs/core#1041
• chore(doc): Complete alloy-dyn-abi readme by @​Pana in alloy-rs/core#1044
• feat(primitives): add keccak256_cached by @​DaniPopes in alloy-rs/core#1046
• chore: rm all deprecations by @​DaniPopes in alloy-rs/core#1048
• feat(primitives): Add UintTryTo trait for Signed type by @​AurelienFT in alloy-rs/core#1029
• fix(primitives): cache keccaks up to 88 bytes by @​DaniPopes in alloy-rs/core#1049
• feat: add keccak256_uncached by @​DaniPopes in alloy-rs/core#1050
• feat: add rapidhash to available hashers by @​DaniPopes in alloy-rs/core#1051

New Contributors

• @​Pana made their first contribution in alloy-rs/core#1044

Full Changelog: alloy-rs/core@v1.4.1...v1.5.0

alloy-core v1.4.1

Security

Patched: DoS vulnerability on alloy_dyn_abi::TypedData hashing

An uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash().

Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible.

The vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version v1.4.1 and backported to v0.8.26.

See: GHSA-pgp9-98jm-wwq2

What's Changed

• chore: remove feature(doc_auto_cfg) by @​DaniPopes in alloy-rs/core#1019
• feat(primitives): Add Borsh support for TxKind by @​mablr in alloy-rs/core#1022
• feat: Add Sqlx Traits for Bytes Type by @​Arvmor in alloy-rs/core#1020
• chore: fix docs, typos by @​DaniPopes in alloy-rs/core#1023
• feat(sol-macro): add transient storage keyword support by @​AurelienFT in alloy-rs/core#1026
• feat: gate 60 tuple impls behind 'more-tuple-impls' feature flag by @​DaniPopes in alloy-rs/core#1027
• chore: remove some inlines by @​DaniPopes in alloy-rs/core#1028
• refactor(dyn-abi): clean up Resolver by @​DaniPopes in alloy-rs/core#1030

... (truncated)

Changelog

Sourced from alloy-primitives's changelog.

1.5.2 - 2025-12-22

Performance

• [primitives] Always use FxHash for Fb* (#1054)

1.5.1 - 2025-12-18

Features

• Extract cache to a separate crate (#1053)
• [primitives] Add U256Map (#1052)

Miscellaneous Tasks

• Release 1.5.1

1.5.0 - 2025-12-16

Bug Fixes

• [primitives] Cache keccaks up to 88 bytes (#1049)

Documentation

• Document allow(unexpected_cfgs) for wrap_fixed_bytes (#1043)

Features

• Add rapidhash to available hashers (#1051)
• Add keccak256_uncached (#1050)
• [primitives] Add UintTryTo trait for Signed type (#1029)
• [primitives] Add keccak256_cached (#1046)
• [primitives] Add Signature::as_rsy method (#1041)
• Add Bloom::accrue_logs method (#1039)

Miscellaneous Tasks

• Release 1.5.0
• Rm all deprecations (#1048)
• [doc] Complete alloy-dyn-abi readme (#1044)
• Clippy (#1037)

Testing

• [primitives] Use correct keccak fn

1.4.1 - 2025-10-14

Features

... (truncated)

Commits

• 3625aa0 chore: release 1.5.2
• 91b063e perf(primitives): always use FxHash for Fb* (#1054)
• 8b96902 chore: release 1.5.1
• c699040 feat: extract cache to a separate crate (#1053)
• 83c19ab feat(primitives): add U256Map (#1052)
• 09e7503 chore: release 1.5.0
• 5f305da feat: add rapidhash to available hashers (#1051)
• 547695f feat: add keccak256_uncached (#1050)
• d37ceb1 fix(primitives): cache keccaks up to 88 bytes (#1049)
• 6c62543 feat(primitives): Add UintTryTo trait for Signed type (#1029)
• Additional commits viewable in compare view

Updates anyhow from 1.0.95 to 1.0.100

Release notes

Sourced from anyhow's releases.

1.0.100

• Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)

1.0.99

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#420)

1.0.98

• Add self.into_boxed_dyn_error() and self.reallocate_into_boxed_dyn_error_without_backtrace() methods for anyhow::Error (#415)

1.0.97

• Documentation improvements

1.0.96

• Documentation improvements

Commits

• 18c2598 Release 1.0.100
• f271988 Merge pull request #426 from dtolnay/clippyfmt
• 52f2115 Mark macros with clippy::format_args
• da5fd9d Raise minimum tested compiler to rust 1.76
• 211e409 Opt in to generate-macro-expansion when building on docs.rs
• b48fc02 Enforce trybuild >= 1.0.108
• d5f59fb Update ui test suite to nightly-2025-09-07
• 238415d Update ui test suite to nightly-2025-08-24
• 3bab070 Update actions/checkout@v4 -> v5
• 4249254 Order cap-lints flag in the same order as thiserror build script
• Additional commits viewable in compare view

Updates blst from 0.3.15 to 0.3.16

Release notes

Sourced from blst's releases.

Release v0.3.16

Essential changes:

• lift the limitation for 384-bit modular inversion, which doesn't benefit BLS12-381 applications, but future-proofs blst_t.hpp, a generic interface to assembly modules
• harden ptype##s_mult_wbits
• tolerate infinity points even in ptype##s_precompute_wbits
• smooth some edges in bindings/blst.hpp
• add sub_aggregate method to Rust bindings

Commits

• e7f90de bindings/rust/Cargo.toml: bump the version number.
• 3aa4b71 bindings/go/README.md: document core types and methods.
• 1519e46 blst_t.hpp: fix typos in right shift operators of the blst_256_t.
• b83544b bindings/rust/src/lib.rs: add sub_aggregate.
• 07b109d bindings/rust: switch to sync_channel to optimize memory allocations.
• e61acc2 bindings/blst.hpp: smooth some edges.
• f48500c multi_scalar.c: tolerate infinity points in ptype##s_precompute_wbits.
• 7c535f1 ec_mult.h: tolerate low-order points in ptype##_mult_w##SZ.
• bd64e91 asm/ct*inverse_mod*.pl: harmonize commentary with implementation.
• 01d167c multi_scalar.c: preclude out-of-bounds load.
• Additional commits viewable in compare view

Updates bytes from 1.9.0 to 1.11.0

Release notes

Sourced from bytes's releases.

Bytes v1.11.0

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Bytes v1.10.1

1.10.1 (March 5th, 2025)

Fixed

• Fix memory leak when using to_vec with Bytes::from_owner (#773)

#773: tokio-rs/bytes#773

Bytes v1.10.0

1.10.0 (February 3rd, 2025)

Added

• Add feature to support platforms without atomic CAS (#467)
• try_get_* methods for Buf trait (#753)
• Implement Buf::chunks_vectored for Take (#617)
• Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

• Remove incorrect guarantee for chunks_vectored (#754)
• Ensure that tests pass under panic=abort (#749)

Changelog

Sourced from bytes's changelog.

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

1.10.1 (March 5th, 2025)

Fixed

• Fix memory leak when using to_vec with Bytes::from_owner (#773)

1.10.0 (February 3rd, 2025)

Added

• Add feature to support platforms without atomic CAS (#467)
• try_get_* methods for Buf trait (#753)
• Implement Buf::chunks_vectored for Take (#617)
• Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

• Remove incorrect guarantee for chunks_vectored (#754)
• Ensure that tests pass under panic=abort (#749)

Commits

• a7952fb chore: prepare bytes v1.11.0 (#804)
• 60cbb77 fix: BytesMut only reuse if src has remaining (#803)
• 7ce330f Move drop_fn of from_owner into vtable (#801)
• 4b53a29 Tweak BytesMut::remaining_mut (#795)
• 016fdbd Reserve capacity in BytesMut::put (#794)
• ef7f257 Specialize BytesMut::put::<Bytes> (#793)
• 8b4f54d Ignore BytesMut::freeze doctest on wasm (#790)
• 16132ad Fix latest clippy warnings (#787)
• 3e44f88 Bump MSRV to 1.57 (#788)
• f29e939 Add some tests for Limit, BytesMut and Reader (#785)
• Additional commits viewable in compare view

Updates chrono from 0.4.39 to 0.4.42

Release notes

Sourced from chrono's releases.

0.4.42

What's Changed

• Add fuzzer for DateTime::parse_from_str by @​tyler92 in chronotope/chrono#1700
• Fix wrong amount of micro/milliseconds by @​nmlt in chronotope/chrono#1703
• Add warning about MappedLocalTime and wasm by @​lutzky in chronotope/chrono#1702
• Fix incorrect parsing of fixed-length second fractions by @​chris-leach in chronotope/chrono#1705
• Fix cfgs for wasm32-linux support by @​arjunr2 in chronotope/chrono#1707
• Fix OpenHarmony's tzdata parsing by @​ldm0 in chronotope/chrono#1679
• Convert NaiveDate to/from days since unix epoch by @​findepi in chronotope/chrono#1715
• Add ?Sized bound to related methods of DelayedFormat::write_to by @​Huliiiiii in chronotope/chrono#1721
• Add from_timestamp_secs method to DateTime by @​jasonaowen in chronotope/chrono#1719
• Migrate to core::error::Error by @​benbrittain in chronotope/chrono#1704
• Upgrade to windows-bindgen 0.63 by @​djc in chronotope/chrono#1730
• strftime: simplify error handling by @​djc in chronotope/chrono#1731

v0.4.41

What's Changed

• Add subsec_micros and subsec_millis methods to TimeDelta by @​ggoetz in chronotope/chrono#1668
• Deprecate NaiveDateTime::UNIX_EPOCH by @​robertbastian in chronotope/chrono#1670
• Implement as_seconds_f32 and as_seconds_f64 for TimeDelta by @​ggoetz in chronotope/chrono#1671
• chore: fix some comments by @​jimmycathy in chronotope/chrono#1677
• Add num_days_in_month method to Datelike trait by @​aslilac in chronotope/chrono#1673
• add WeekdaySet, a collection of Weekday that is Copy by @​Kinrany in chronotope/chrono#1676
• WeekdaySet tweaks by @​djc in chronotope/chrono#1680
• Upgrade to windows-bindgen 0.61 by @​djc in chronotope/chrono#1682
• Implemented a consistent Eq trait for NaiveWeek by @​Splashling1789 in chronotope/chrono#1687
• TimeZone::from_posix_tz: Treat empty TZ variable as UTC by @​drinkcat in chronotope/chrono#1691
• Add support for lossy format strings by @​Qelxiros in chronotope/chrono#1693

0.4.40

What's Changed

• Add Month::num_days() by @​djc in chronotope/chrono#1645
• Update Windows dependencies by @​kennykerr in chronotope/chrono#1646
• Feature/round_up method on DurationRound trait by @​MagnumTrader in chronotope/chrono#1651
• Expose write_to for DelayedFormat by @​tugtugtug in chronotope/chrono#1654
• Update LICENSE.txt by @​maximevtush in chronotope/chrono#1656
• docs: fix minor typo by @​samfolo in chronotope/chrono#1659
• Use NaiveDateTime for internal tz_info methods. by @​AVee in chronotope/chrono#1658
• Upgrade to windows-bindgen 0.60 by @​djc in chronotope/chrono#1665
• Add quarter (%q) date string specifier by @​drinkcat in chronotope/chrono#1666

Commits

• f3fd15f Bump version to 0.4.42
• 5cf5603 strftime: add regression test case
• a623170 strftime: simplify error handling
• 36fbfb1 strftime: move specifier handling out of match to reduce rightward drift
• 7f413c3 strftime: yield None early
• 9d5dfe1 strftime: outline constants
• e5f6be7 strftime: move error() method below caller
• d516c27 strftime: merge impl blocks
• 0ee2172 strftime: re-order items to keep impls together
• 757a8b0 Upgrade to windows-bindgen 0.63
• Additional commits viewable in compare view

Updates csv from 1.3.1 to 1.4.0

Commits

• 4a3997e 1.4.0
• a0a3c9e csv-core-0.1.13
• f8e6b07 deps: switch serde dependency to serde_core
• 7c7c135 style: address many Clippy lints
• 5b2da18 doc: simplify tutorial section on accessing headers
• 633552a perf: serialize 128-bit integers via itoa
• e9f06f4 lint: fix needless_lifetimes and mismatched_lifetime_syntaxes
• 9dab947 test: fix broken test after panic message change
• da00088 style: address many Clippy lints
• f973cd4 enum: use #[non_exhaustive] instead of #[doc(hidden)] variant
• Additional commits viewable in compare view

Updates curl from 0.4.47 to 0.4.49

Commits

• b57ef18 Bump crate versions (#412)
• ecc8a2b Exposed the CURLOPT_UPLOAD_BUFFERSIZE curl option. (#411)
• b0b6c68 Add vendored field to Version information. (#409)
• ccc6e5a Bump curl submodule (#408)
• e244263 Trigger rebuild if a curl source file has changed. (#407)
• See full diff in compare view

Updates hex-literal from 1.0.0 to 1.1.0

Commits

• 5c88fe4 hex-literal: add support for colon-delimited literals (#1244)
• c210dd6 Release blobby v0.4.0 (#1238)
• 9118661 block-padding: fix pad_detached for NoPadding and ZeroPadding (#1227)
• a3045ea Use the standard order of [package] fields (#1237)
• a66ed6d Release inout v0.2.0 (#1235)
• e0020c5 Release block-padding v0.4.0 (#1233)
• c9f7bfe block-buffer: fix typo (#1234)
• 64c135a Update Cargo.lock
• 1609b3f build(deps): bump digest from 0.11.0-rc.2 to 0.11.0-rc.3 (#1231)
• 113694e zeroize: add v1.8.2 changelog entry (#1230)
• Additional commits viewable in compare view

Updates http from 1.2.0 to 1.4.0

Release notes

Sourced from http's releases.

v1.4.0

Highlights

• Add StatusCode::EARLY_HINTS constant for 103 Early Hints.
• Make StatusCode::from_u16 now a const fn.
• Make Authority::from_static now a const fn.
• Make PathAndQuery::from_static now a const fn.
• MSRV increased to 1.57 (allows legible const fn panic messages).

What's Changed

• Updated Rand dependency to v0.9.1 by @​FarzadMohtasham in hyperium/http#763
• Fix compilation on latest nightly by @​akonradi-signal in hyperium/http#769
• Avoid unnecessary .expect()s for empty HeaderMap by @​akonradi-signal in hyperium/http#768
• feat: show types in Extensions debug output by @​crepererum in hyperium/http#773
• Docs: Clarify the HeaderMap documentaion by @​Sol-Ell in hyperium/http#774
• style: update format for tests by @​seanmonstar in hyperium/http#782
• Make StatusCode::from_u16 const by @​coolreader18 in hyperium/http#761
• docs: Fix typo 'an' to 'and' in http::status module documentation by @​zxzxovo in hyperium/http#784
• fix: Prevent panic in try_reserve/try_with_capacity on capacity overflow by @​AriajSarkar in hyperium/http#787
• fix: Add reserve() to Extend impl for (Option, T)) by @​AriajSarkar in hyperium/http#788
• chore: minor improvement for docs by @​claudecodering in hyperium/http#790
• chore: bump MSRV to 1.57 by @​seanmonstar in hyperium/http#793
• Add EARLY_HINTS status code by @​mdevino in hyperium/http#758
• refactor(header): use better panic message in const HeaderName and HeaderValue by @​seanmonstar in hyperium/http#797
• docs: remove unnecessary extern crate sentence by @​tottoto in hyperium/http#799
• chore(ci): update to actions/checkout@v5 by @​tottoto in hyperium/http#800
• feat(uri): make Authority/PathAndQuery::from_static const by @​WaterWhisperer in hyperium/http#786
• refactor(header): inline FNV hasher to reduce dependencies by @​seanmonstar in hyperium/http#796
• v1.4.0 by @​seanmonstar in hyperium/http#803

New Contributors

• @​FarzadMohtasham made their first contribution in hyperium/http#763
• @​akonradi-signal made their first contribution in hyperium/http#769
• @​crepererum made their first contribution in hyperium/http#773
• @​Sol-Ell made their first contribution in hyperium/http#774
• @​coolreader18 made their first contribution in hyperium/http#761
• @​zxzxovo made their first contribution in hyperium/http#784
• @​AriajSarkar made their first contribution in hyperium/http#787
• @​claudecodering made their first contribution in hyperium/http#790
• @​mdevino made their first contribution in hyperium/http#758
• @​WaterWhisperer made their first contribution in hyperium/http#786

Full Changelog: hyperium/http@v1.3.1...v1.4.0

v1.3.1

What's Changed

• fix: validate path bytes are at least utf8 by @​seanmonstar in hyperium/http#756

... (truncated)

Changelog

Sourced from http's changelog.

1.4.0 (November 24, 2025)

• Add StatusCode::EARLY_HINTS constant for 103 Early Hints.
• Make StatusCode::from_u16 now a const fn.
• Make Authority::from_static now a const fn.
• Make PathAndQuery::from_static now a const fn.
• MSRV increased to 1.57 (allows legible const fn panic messages).

1.3.1 (March 11, 2025)

• Fix validation that all characters are UTF-8 in URI path and query.

1.3.0 (March 11, 2025)

• Allow most UTF-8 characters in URI path and query.
• Fix HeaderMap::reserve() to allocate sufficient capacity.

Commits

• b9625d8 v1.4.0
• 50b009c refactor(header): inline FNV hasher to reduce dependencies (#796)
• b370d36 feat(uri): make Authority/PathAndQuery::from_static const (#786)
• 0d74251 chore(ci): update to actions/checkout@v5 (#800)
• a760767 docs: remove unnecessary extern crate sentence (#799)
• fb1d457 refactor(header): use better panic message in const HeaderName and HeaderValu...
• 20dbd6e feat(status): Add 103 EARLY_HINTS status code (#758)
• e7a7337 chore: bump MSRV to 1.57
• 1888e28 tests: downgrade rand back to 0.8 for now
• 918bbc3 chore: minor improvement for docs (#790)
• Additional commits viewable in compare view

Updates hyper from 1.5.2 to 1.8.1

Release notes

Sourced from hyper's releases.

v1.8.1

Bug Fixes

• http1: fix consuming extra CPU from previous change (#3977) (4492f31e)

Full Changelog: hyperium/hyper@v1.8.0...v1.8.1

v1.8.0

Highlights

Features

• rt: add Timer::now() method to allow overriding the instant returned (#3965) (5509ebe6)

Bug Fixes

• http1: fix rare missed write wakeup on connections (#3952) (2377b893)
• http2: fix internals of HTTP/2 CONNECT upgrades (#3967) (58e0e7dc, closes #3966)

Breaking Changes

While technically breaking, it's assumed you will not need to do anything or be affected.

• The HTTP/2 client connection no longer allows an executor that can not spawn itself.

  This was an oversight originally. The client connection will now include spawning a future that keeps a copy of the executor to spawn other futures. Thus, if it is !Send, it needs to spawn !Send futures. The likelihood of executors that match the previously allowed behavior should be very remote.

  There is also technically a semver break in here, which is that the Http2ClientConnExec trait no longer dyn-compatible, because it now expects to be Clone. This should not break usage of the conn builder, because it already separately had E: Clone bounds. If someone were using dyn Http2ClientConnExec, that will break. However, there is no purpose for doing so, and it is not usable otherwise, since the trait only exists to propagate bounds into hyper. Thus, the breakage should not affect anyone. (58e0e7dc)

What's Changed

• chore(ci): update to actions/checkout@v5 by @​tottoto in hyperium/hyper#3935
• refactor(ffi): specify "C" ABI explicitly in ffi_fn! macro by @​1911860538 in hyperium/hyper#3937
• Update documented default values for http1::Builder by @​Will-Low in hyperium/hyper#3938
• fix(client): port tests to in-memory socket by @​cratelyn in hyperium/hyper#3947
• feat: allow overriding the instant returned from Timer by @​arielb1 in hyperium/hyper#3965
• fix(http1): poll_loop writes when ready by @​lthiery in hyperium/hyper#3952
• test(ready_stream): replace tracing with printlns by @​seanmonstar in hyperium/hyper#3973

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.8.1 (2025-11-13)

Bug Fixes

• http1: fix consuming extra CPU from previous change (#3977) (4492f31e)

v1.8.0 (2025-11-11)

Bug Fixes

• http1: fix rare missed write wakeup on connections (#3952) (2377b893)
• http2: fix internals of HTTP/2 CONNECT upgrades (#3967) (58e0e7dc, closes #3966)

Features

• rt: add Timer::now() method to allow overriding the instant returned (#3965) (5509ebe6)Description has been truncated

[github-actions]

🚀 Deployment Links of Blocksense Network websites:

Website	Latest Update	Commit
🌱 Documentation	12.01.2026 00:38:57	87026a3
📖 Docs UI Components	12.01.2026 00:38:57	87026a3
📝 UI Components	12.01.2026 00:38:57	87026a3