Bump the cargo-deps group across 1 directory with 14 updates

[dependabot]

Bumps the cargo-deps group with 13 updates in the / directory:

Package	From	To
indexmap	2.11.4	2.12.1
wasm-bindgen-test	0.3.54	0.3.55
trybuild	1.0.112	1.0.114
proc-macro2	1.0.101	1.0.103
quote	1.0.41	1.0.42
syn	2.0.106	2.0.110
indicatif	0.18.0	0.18.3
clap	4.5.49	4.5.53
lipsum	e1ab664	e36bc3f
bytes	1.10.1	1.11.0
warp	0.3.7	0.4.2
hyper-util	0.1.17	0.1.18
axum	0.8.6	0.8.7

Updates indexmap from 2.11.4 to 2.12.1

Changelog

Sourced from indexmap's changelog.

2.12.1 (2025-11-20)

• Simplified a lot of internals using hashbrown's new bucket API.

2.12.0 (2025-10-17)

• MSRV: Rust 1.82.0 or later is now required.
• Updated the hashbrown dependency to 0.16 alone.
• Error types now implement core::error::Error.
• Added pop_if methods to IndexMap and IndexSet, similar to the method for Vec added in Rust 1.86.

Commits

• cfad758 Merge pull request #424 from cuviper/buckets
• a96b9c7 Release 2.12.1
• 6245ee5 Use the bucket API from hashbrown v0.16.1
• 0e68f8a Merge pull request #422 from cuviper/msrv-1.82
• 61c9c94 ci: only run full miri in the merge queue
• db43f19 Release 2.12.0
• b46a32a Move more to the lints table
• 4849b16 Make use of RFC2145 type privacy for sealed traits
• cfff4b7 Use bounds in associated type position
• c7178d7 Use core::error::Error
• Additional commits viewable in compare view

Updates wasm-bindgen-test from 0.3.54 to 0.3.55

Commits

• See full diff in compare view

Updates trybuild from 1.0.112 to 1.0.114

Release notes

Sourced from trybuild's releases.

1.0.114

• Normalize indentation of rustc suggestion lines (#319)

1.0.113

• Update target-triple dependency to v1

Commits

• 51f9418 Release 1.0.114
• b4f6299 Merge pull request #319 from dtolnay/suggestion
• 781a773 Normalize indentation of rustc suggestion lines
• c610b40 Add test that reproduces misalignment of help under note
• f224ff8 Release 1.0.113
• f19d0bd Update target-triple dependency to v1
• See full diff in compare view

Updates proc-macro2 from 1.0.101 to 1.0.103

Release notes

Sourced from proc-macro2's releases.

1.0.103

• Add semver-exempt Literal methods str_value, cstr_value, byte_str_value (#525)

1.0.102

• Fix interaction of Display impls for TokenStream and Ident with formatting specifiers for padding, alignment, width (#523, #524)

Commits

• d1bf13a Release 1.0.103
• 29e08c0 Merge pull request #525 from dtolnay/literalvalue
• f9eec24 Restore support for rustc older than 1.74
• cc983fc Restore support for rustc older than 1.79
• 465f781 Restore support for rustc older than 1.89
• ab5231c Add string literal value tests
• 4c039a8 Add Literal methods from proc_macro_value feature
• 885fde9 Vendor rustc_literal_escaper v0.0.5
• 39b016a Release 1.0.102
• c3870f1 Add raw identifier Debug test
• Additional commits viewable in compare view

Updates quote from 1.0.41 to 1.0.42

Release notes

Sourced from quote's releases.

1.0.42

• Tweaks to improve build speed (#305, #306, #307, #308, thanks @​dishmaker)

Commits

• bb9e7a4 Release 1.0.42
• 683c1d6 Merge pull request #311 from dtolnay/append
• ed93e8e Revert PR 305
• 1f2a959 Merge pull request #310 from dtolnay/up
• 37448aa Raise required compiler to Rust 1.68
• 39ac89e Resolve manual_let_else pedantic clippy lint
• f3eac36 Raise required compiler to Rust 1.65
• 7b490c5 Merge pull request #309 from dtolnay/append
• 71dfa84 Apply pattern from PR 306 to append_separated & append_terminated
• df32af7 Touch up PR 306
• Additional commits viewable in compare view

Updates syn from 2.0.106 to 2.0.110

Release notes

Sourced from syn's releases.

2.0.110

• Tweaks to improve build speed (#1939, thanks @​dishmaker)
• Make syn::ext::IdentExt::unraw available without "parsing" feature (#1940)
• Support parsing syn::Meta followed by => (#1944)

2.0.109

• Tweaks to improve build speed (#1927, #1928, #1930, #1932, #1934, thanks @​dishmaker)

2.0.108

• Parse unrecognized or invalid literals as Lit::Verbatim (#1925)

2.0.107

• Improve panic message when constructing a LitInt, LitFloat, or Lit from invalid syntax (#1917)
• Improve panic message on Punctuated index out of bounds (#1922)

Commits

• 1c8cabe Release 2.0.110
• 8ef195b Merge pull request #1944 from dtolnay/metaarrow
• 9ab4aef Support parsing Meta followed by fat arrow
• 7711764 Add test of parsing fat arrow after meta
• 193f52e Update test suite to nightly-2025-11-10
• 5ece7e1 Merge pull request #1941 from dtolnay/ext
• 6a44478 Add extension trait for Punct construction with span
• 798e109 Drop 2 from name of TokenStreamExt2
• b344f2d Never import name of quote::TokenStreamExt
• b0ec4c7 Touch up PR 1939
• Additional commits viewable in compare view

Updates indicatif from 0.18.0 to 0.18.3

Release notes

Sourced from indicatif's releases.

0.18.3

What's Changed

• Add ProgressBar::set_elapsed by @​sunshowers in console-rs/indicatif#742

0.18.2

What's Changed

• Fix wide_msg truncation with a colored message by @​glehmann in console-rs/indicatif#740
• style: tweak write_ansi_range() style by @​djc in console-rs/indicatif#741

0.18.1

What's Changed

• Do not render "current" char if no "current" char is configured by @​Finomnis in console-rs/indicatif#719
• Update vt100 requirement from 0.15.1 to 0.16.1 by @​dependabot[bot] in console-rs/indicatif#723
• Bump MSRV to 1.71 with versioned lockfile by @​djc in console-rs/indicatif#735
• Fix wide_bar width computation with a multiline message by @​glehmann in console-rs/indicatif#738

Commits

• 23100f5 Bump version to 0.18.3
• 45e5af9 Apply suggestions from clippy 1.91
• b31a0be Add ProgressBar::set_elapsed
• 368de49 Bump version to 0.18.2
• 6d4e7d3 style: tweak write_ansi_range() style
• 01957a7 Fix wide_msg truncation with a colored message
• e836112 Bump version to 0.18.1
• e69d621 Fix wide_bar width computation with multiline a message
• 985f053 Bump MSRV to 1.71 (for console 0.16.1)
• 5436ffc Start versioning Cargo.lock
• Additional commits viewable in compare view

Updates clap from 4.5.49 to 4.5.53

Release notes

Sourced from clap's releases.

v4.5.53

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

v4.5.52

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

v4.5.51

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

v4.5.50

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

Changelog

Sourced from clap's changelog.

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

Commits

• 3716f9f chore: Release
• 613b69a docs: Update changelog
• d117f7a Merge pull request #6028 from epage/arg
• cb8255d feat(builder): Allow quoted id's for arg macro
• 1036060 Merge pull request #6025 from AldaronLau/typos-in-faq
• 2fcafc0 docs: Fix minor grammar issues in FAQ
• a380b65 Merge pull request #6023 from epage/template
• 4d7ab14 chore: Update from _rust/main template
• b8a7ea4 chore(deps): Update Rust Stable to v1.87 (#18)
• f9842b3 chore: Avoid MSRV problems out of the box
• Additional commits viewable in compare view

Updates lipsum from e1ab664 to e36bc3f

Commits

• e36bc3f Merge pull request #124 from mgeisler/words-slice
• 1d99c6e Turn MarkovChain::words into a slice
• b8ab8c1 Merge pull request #123 from mgeisler/let-else
• 46ac382 Merge pull request #119 from mgeisler/ca8adependabot/github_actions/actions/c...
• b869c1e Use let-else for early return
• ca7d810 Merge pull request #122 from mgeisler/join-words-tests
• b6920a0 Add a few unit tests for join_words
• bf01550 Bump actions/checkout from 4 to 5
• See full diff in compare view

Updates bytes from 1.10.1 to 1.11.0

Release notes

Sourced from bytes's releases.

Bytes v1.11.0

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Changelog

Sourced from bytes's changelog.

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Commits

• a7952fb chore: prepare bytes v1.11.0 (#804)
• 60cbb77 fix: BytesMut only reuse if src has remaining (#803)
• 7ce330f Move drop_fn of from_owner into vtable (#801)
• 4b53a29 Tweak BytesMut::remaining_mut (#795)
• 016fdbd Reserve capacity in BytesMut::put (#794)
• ef7f257 Specialize BytesMut::put::<Bytes> (#793)
• 8b4f54d Ignore BytesMut::freeze doctest on wasm (#790)
• 16132ad Fix latest clippy warnings (#787)
• 3e44f88 Bump MSRV to 1.57 (#788)
• f29e939 Add some tests for Limit, BytesMut and Reader (#785)
• Additional commits viewable in compare view

Updates warp from 0.3.7 to 0.4.2

Release notes

Sourced from warp's releases.

v0.4.1

Fixes:

• Fix Server::graceful() bounds incorrect requiring the filter to be a future.
• Enable tokio/net when the server feature is enabled.
• Render cfgs in the docs.

Full Changelog: seanmonstar/warp@v0.4.0...v0.4.1

v0.4.0

Changes:

• Upgrade to hyper, http, and http-body to v1.
• Remove multipart and websocket features from being enabled by default.
• Put warp::serve() behind a server feature, not enabled by default.
• Put warp::test behind a test feature, not enabled by default.
• Remove tls feature and types.
• Remove warp::addr filters.

Full Changelog: seanmonstar/warp@v0.3.7...v0.4.0

Changelog

Sourced from warp's changelog.

v0.4.2 (August 19, 2025)

• Features:
  • Add support for passing UnixListener to incoming(listener).
• Fixes:
  • Reduce some dependencies when server is not enabled.

v0.4.1 (August 6, 2025)

• Fixes:
  • Fix Server::graceful() bounds incorrect requiring the filter to be a future.
  • Enable tokio/net when the server feature is enabled.
  • Render cfgs in the docs.

v0.4.0 (August 5, 2025)

• Changes:
  • Upgrade to hyper, http, and http-body to v1.
  • Remove multipart and websocket features from being enabled by default.
  • Put warp::serve() behind a server feature, not enabled by default.
  • Put warp::test behind a test feature, not enabled by default.
  • Remove tls feature and types.
  • Remove warp::addr filters.

Commits

• c29f293 v0.4.2
• 3867d41 feat: implement Accept for tokio::net::UnixListener (#1135)
• d120a0e deps: make futures-channel optional dependency (#1134)
• 3641ea7 deps: make hyper optional dependency (#1133)
• f4d8e08 ci: update to actions/checkout v4 (#1131)
• 4f3f653 Bump http-body-util min version to 0.1.2 (#1129)
• e5001e2 Move to minimum working hyper util (#1128)
• eea3a28 v0.4.1
• 53bc811 docs: ensure Server methods have docs (#1125)
• 8673081 fix: server.graceful() had wrong trait bounds
• Additional commits viewable in compare view

Updates hyper-util from 0.1.17 to 0.1.18

Release notes

Sourced from hyper-util's releases.

v0.1.18

Highlights

• Fix rt::TokioTimer to support Tokio's paused time.
• Fix client::proxy::match::Matcher to parse auth without passwords.

What's Changed

• chore(ci): add a github actions workflow to preview rustdocs of a PR by @​seanmonstar in hyperium/hyper-util#229
• chore(ci): fix rustdoc preview job by @​seanmonstar in hyperium/hyper-util#231
• chore(ci): fix rustdoc preview workflow typo by @​seanmonstar in hyperium/hyper-util#232
• docs: replace auto_doc_cfg by @​seanmonstar in hyperium/hyper-util#237
• perf(client): avoid redundant memory copies of Host header by @​0x676e67 in hyperium/hyper-util#235
• chore: bump windows-registry to 0.6 by @​Vaiz in hyperium/hyper-util#236
• fix: fix msrv on windows and macos target by @​tottoto in hyperium/hyper-util#239
• chore(ci): update to actions/checkout@v5 by @​tottoto in hyperium/hyper-util#240
• fix: allow proxy env URIs without password by @​karanabe in hyperium/hyper-util#241
• fix: support fake time by @​arielb1 in hyperium/hyper-util#238

New Contributors

• @​Vaiz made their first contribution in hyperium/hyper-util#236
• @​karanabe made their first contribution in hyperium/hyper-util#241
• @​arielb1 made their first contribution in hyperium/hyper-util#238

Thanks

• @​tottoto
• @​seanmonstar

Full Changelog: hyperium/hyper-util@v0.1.17...v0.1.18

Changelog

Sourced from hyper-util's changelog.

0.1.18 (2025-11-13)

• Fix rt::TokioTimer to support Tokio's paused time.
• Fix client::proxy::match::Matcher to parse auth without passwords.

Commits

• 203c956 v0.1.18
• d91ea8e fix(rt): support fake time in legacy client and TokioTimer (#238)
• dde14d3 fix(client): Proxy Matcher to handle proxy auth without password (#241)
• b9dc3d2 chore(ci): update to actions/checkout@v5 (#240)
• d4f5706 ci: fix msrv on windows and macos target (#239)
• 3c8dbe4 chore: bump windows-registry to 0.6 (#236)
• 72bbd22 perf(client): avoid redundant memory copies of Host header (#235)
• 1c8f7c6 docs: replace auto_doc_cfg (#237)
• 66afc93 chore(ci): use auto pr ref in rustdoc-preview workflow
• faf5ca2 chore(ci): fix rustdoc preview workflow typo (#232)
• Additional commits viewable in compare view

Updates axum from 0.8.6 to 0.8.7

Release notes

Sourced from axum's releases.

axum v0.8.7

• Relax implicit Send / Sync bounds on RouterAsService, RouterIntoService (#3555)
• Make it easier to visually scan for default features (#3550)
• Fix some documentation typos

#3550: tokio-rs/axum#3550 #3555: tokio-rs/axum#3555

Commits

• 4404f27 Release axum v0.8.7 and axum-extra v0.12.2
• 8f1545a Fix typo in extractors guide (#3554)
• 4fc3faa Relax implicit Send / Sync bounds (#3555)
• a05920c Make it easier to visually scan for default features (#3550)
• 6d5e6d5 Use extensions directly in from_request_parts (#3542)
• fe607e6 Fixes wording typo (#3540)
• f9ce3e5 Release axum-extra 0.12.1
• 12e1cf9 Add back package.metadata.docs.rs for axum-extra
• 914a35a Release axum-extra 0.12.0
• e20e90d Upgrade axum-extra to prost v0.14 (#3517)
• Additional commits viewable in compare view

Updates hyper from 1.7.0 to 1.8.1

Release notes

Sourced from hyper's releases.

v1.8.1

Bug Fixes

• http1: fix consuming extra CPU from previous change (#3977) (4492f31e)

Full Changelog: hyperium/hyper@v1.8.0...v1.8.1

v1.8.0

Highlights

Features

• rt: add Timer::now() method to allow overriding the instant returned (#3965) (5509ebe6)

Bug Fixes

• http1: fix rare missed write wakeup on connections (#3952) (2377b893)
• http2: fix internals of HTTP/2 CONNECT upgrades (#3967) (58e0e7dc, closes #3966)

Breaking Changes

While technically breaking, it's assumed you will not need to do anything or be affected.

• The HTTP/2 client connection no longer allows an executor that can not spawn itself.

  This was an oversight originally. The client connection will now include spawning a future that keeps a copy of the executor to spawn other futures. Thus, if it is !Send, it needs to spawn !Send futures. The likelihood of executors that match the previously allowed behavior should be very remote.

  There is also technically a semver break in here, which is that the Http2ClientConnExec trait no longer dyn-compatible, because it now expects to be Clone. This should not break usage of the conn builder, because it already separately had E: Clone bounds. If someone were using dyn Http2ClientConnExec, that will break. However, there is no purpose for doing so, and it is not usable otherwise, since the trait only exists to propagate bounds into hyper. Thus, the breakage should not affect anyone. (58e0e7dc)

What's Changed

• chore(ci): update to actions/checkout@v5 by @​tottoto in hyperium/hyper#3935
• refactor(ffi): specify "C" ABI explicitly in ffi_fn! macro by @​1911860538 in hyperium/hyper#3937
• Update documented default values for http1::Builder by @​Will-Low in hyperium/hyper#3938
• fix(client): port tests to in-memory socket by @​cratelyn in hyperium/hyper#3947
• feat: allow overriding the instant returned from Timer by @​arielb1 in hyperium/hyper#3965
• fix(http1): poll_loop writes when ready by @​lthiery in hyperium/hyper#3952
• test(ready_stream): replace tracing with printlns by @​seanmonstar in hyperium/hyper#3973

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.8.1 (2025-11-13)

Bug Fixes

• http1: fix consuming extra CPU from previous change (#3977) (4492f31e)

v1.8.0 (2025-11-11)

Bug Fixes

• http1: fix rare missed write wakeup on connections (#3952) (2377b893)
• http2: fix internals of HTTP/2 CONNECT upgrades (#3967) (58e0e7dc, closes #3966)

Features

• rt: add Timer::now() method to allow overriding the instant returned (#3965) (5509ebe6)

Breaking Changes

• The HTTP/2 client connection no longer allows an executor that can not spawn itself.

  This was an oversight originally. The client connection will now include spawning a future that keeps a copy of the executor to spawn other futures. Thus, if it is !Send, it needs to spawn !Send futures. The likelihood of executors that match the previously allowed behavior should be very remote.

  There is also technically a semver break in here, which is that the Http2ClientConnExec trait no longer dyn-compatible, because it now expects to be Clone. This should not break usage of the conn builder, because it already separately had E: Clone bounds. If someone were using dyn Http2ClientConnExec, that will break. However, there is no purpose for doing so, and it is not usable otherwise, since the trait only exists to propagate bounds into hyper. Thus, the breakage should not affect anyone. (58e0e7dc)

Commits

• 166c6ca v1.8.1
• 4492f31 fix(http1): fix consuming extra CPU from previous change (#3977)
• dbe6f25 v1.8.0
• 58e0e7d fix(http2): fix internals of HTTP/2 CONNECT upgrades (#3967)
• 0a37a8c test(ready_stream): replace tracing with printlns (#3973)
• 2377b89 fix(http1): fix rare missed write wakeup on connections (#3952)
• 5509ebe feat(rt): add Timer::now() method to allow overriding the instant returned ...
• f9f8f44 tests(client): port tests to in-memory socket (#3947)
• 5803a9c docs(server): update default values for http1::Builder (#3938)
• e1e1f2b refactor(ffi): specify "C" ABI explicitly in ffi_fn! macro (#3937)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Visit the preview URL for this PR (updated for commit bb151c4):

https://yew-rs-api--pr3946-dependabot-cargo-car-6dyo4aor.web.app

_{(expires Fri, 28 Nov 2025 03:08:13 GMT)}

_{🔥 via Firebase Hosting GitHub Action 🌎}

[github-actions]

Benchmark - core

Yew Master

vnode           fastest       │ slowest       │ median        │ mean          │ samples │ iters
╰─ vnode_clone  2.712 ns      │ 4.498 ns      │ 2.718 ns      │ 2.741 ns      │ 100     │ 1000000000

Pull Request

vnode           fastest       │ slowest       │ median        │ mean          │ samples │ iters
╰─ vnode_clone  2.402 ns      │ 2.497 ns      │ 2.406 ns      │ 2.41 ns       │ 100     │ 1000000000

[github-actions]

Benchmark - SSR

Yew Master

Details

Benchmark	Round	Min (ms)	Max (ms)	Mean (ms)	Standard Deviation
Baseline	10	291.050	291.733	291.265	0.206
Hello World	10	505.459	513.872	508.112	3.065
Function Router	10	1664.259	1715.622	1676.896	15.324
Concurrent Task	10	1005.990	1007.598	1006.745	0.446
Many Providers	10	1103.788	1151.986	1118.115	18.646

Pull Request

Details

Benchmark	Round	Min (ms)	Max (ms)	Mean (ms)	Standard Deviation
Baseline	10	290.952	291.692	291.190	0.213
Hello World	10	499.544	521.673	505.607	7.078
Function Router	10	1714.867	1740.214	1722.760	7.296
Concurrent Task	10	1006.073	1007.140	1006.585	0.404
Many Providers	10	1109.071	1139.122	1122.652	9.544

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.