deps(deps): bump the rust-runtime group across 1 directory with 9 updates

[dependabot]

Bumps the rust-runtime group with 9 updates in the /rustytime directory:

Package	From	To
diesel	2.3.7	2.3.9
diesel_migrations	2.3.1	2.3.2
tokio	1.52.1	1.52.3
tower-http	0.6.8	0.6.10
reqwest	0.13.2	0.13.3
pyroscope	2.0.0	2.0.3
apalis-postgres	1.0.0-rc.7	1.0.0-rc.8
apalis-cron	1.0.0-rc.7	1.0.0-rc.8
serde_qs	1.1.1	1.1.2

Updates diesel from 2.3.7 to 2.3.9

Changelog

Sourced from diesel's changelog.

[2.3.9] 2026-04-30

• Removed a dbg! statement from the Mysql backend that caused unwanted output
• Fix a regression in #[derive(AsChangeset)] introduced in 2.3.8 where structs with a type or const generic parameter referenced in a field type failed to compile with error[E0425]: cannot find type 'T' in this scope. The diagnostic helper functions added to improve AsChangeset error messages now forward all generic parameters of the input struct, not only lifetimes.

[2.3.8] 2026-04-24

• Added support for libsqlite3-sys 0.37.0
• Raise a compile-time error when mixing aggregate and non-aggregate expressions in an ORDER BY clause without a GROUP BY clause
• Calling .count() or .select(aggregate_expr) on a query that already has a non-aggregate .order_by() clause now raises a compile-time error instead of generating invalid SQL that would be rejected by the database at runtime (fixes #3815)
• Added documentation for migration transaction behaviour at the crate root
• Improved compile time error messages for #[derive(AsChangeset)]
• Allow to use generic types in infix_operator!()
• Fixes for several instances of unsound, unspecified or otherwise dangerous behaviour:
  • Unsound string construction in SqliteValue::read_text/FromSql<Text, Sqlite> for String
  • Invalid alignment for over aligned data in SqliteConnection::register_function for aggregate functions
  • Potential memory leaks in SqliteConnection::register_function
  • Access to padding bytes while serializing Date/time types in the Mysql backend
  • SQL Option Injection in PostgreSQL COPY FROM/TO
  • Unspecified pointer cast in Debug/Display implementation of batch INSERT statements for SQLite
  • Invalid call order of SQLite API functions in SqliteValue::read_text/FromSql<Text, Sqlite> for String/SqliteValue::read_blob()/FromSql<Binary, Sqlite> for Vec<u8>
  • Potential unsound pointer access for FromSql<Binary, _> for Vec<u8> and FromSql<Text, _> for String for third party backends (requires changes to the third party backend as well)

Commits

• 2e7eb35 Also bump derives version
• b3a16a3 Merge pull request #5046 from apastrana6/ap/fix-derive-as-changeset
• 9f0a6c1 Prepare a 2.3.9 release
• adcc896 Enable some clippy lints to prevent having dbg in a release again
• 66760df Remove MySQL time serializer debug output
• 58820dc Merge pull request #5036 from weiznich/prepare_2.3.8
• 895b5ba Prepare a 2.3.8 release
• ea008d3 Fix several UB instances
• 64003c6 Merge pull request #5034 from ayarotsky/fix-reject-aggregate-select-with-non-...
• 49b936e Merge pull request #5012 from ayarotsky/fix-aggregate-expressions-and-order-by
• Additional commits viewable in compare view

Updates diesel_migrations from 2.3.1 to 2.3.2

Release notes

Sourced from diesel_migrations's releases.

Diesel 2.3.2

Fixed

• Fixed an incompatibility with libmariadb versions shipped by debian
• Fixed docs.rs builds
• Fixed applying patch file schema.rs file with formatting
• Allow to compare DatabaseErrorKind values

(Diesel 2.3.1 did not contain any changes beside the version bump to retrigger the docs.rs build)

Full Changelog: diesel-rs/diesel@v2.3.0...v2.3.2

You can support the development of Diesel by:

• Contributing Code, Documentation or Guides. Checkout the planing for Diesel 2.4 for open tasks.
• Providing knowledge and help to maintain the MySQL/MariaDB backend. This is currently the only in-tree backend that is not used by any maintainers, so having someone around that actually uses this backend would be very helpful for the Diesel project.
• Answering questions in our discussion forum
• Reporting bugs in our issue tracker
• Helping triaging issues in our issue tracker
• Sponsoring the maintainers.

Changelog

Sourced from diesel_migrations's changelog.

[2.3.2] 2025-09-19

Fixed

• Fixed an incompatibility with libmariadb versions shipped by debian
• Fixed docs.rs builds
• Fixed applying patch file schema.rs file with formatting
• Allow to compare DatabaseErrorKind values

Commits

• See full diff in compare view

Updates tokio from 1.52.1 to 1.52.3

Release notes

Sourced from tokio's releases.

Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

• sync: fix underflow in mpsc channel len() (#8062)
• sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• sync: require that an RwLock has max_readers != 0 (#8076)
• sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

#8062: tokio-rs/tokio#8062 #8074: tokio-rs/tokio#8074 #8075: tokio-rs/tokio#8075 #8076: tokio-rs/tokio#8076

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Commits

• d875691 chore: prepare Tokio v1.52.3 (#8130)
• e1aebb0 Merge 'tokio-1.51.3' into 'tokio-1.52.x' (#8129)
• fd63094 chore: prepare Tokio v1.51.3 (#8127)
• 8c600d0 Merge 'tokio-1.47.5' into 'tokio-1.51.x' (#8123)
• 11bfc13 chore: prepare Tokio v1.47.5 (#8122)
• f085b62 sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• 30d25cc sync: require that an RwLock has max_readers != 0 (#8076)
• 9fccf53 sync: return Empty from try_recv() when mpsc is closed with outstanding p...
• ebf61b4 sync: fix underflow in mpsc channel len() (#8062)
• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• Additional commits viewable in compare view

Updates tower-http from 0.6.8 to 0.6.10

Release notes

Sourced from tower-http's releases.

tower-http-0.6.10

Added

• follow-redirect: expose Attempt::method() and Attempt::previous_method() so redirect policies can react to method changes across redirects (e.g. POST to GET on 301/303) (#559)

Fixed

• Restore tokio and async-compression as no-op features. These will be removed next breaking release (#667)

#559: tower-rs/tower-http#559 #667: tower-rs/tower-http#667

What's Changed

• fix: restore tokio and async-compression as no-op features by @​jlizen in tower-rs/tower-http#667
• fix gate-ing of atomic64 in tests by @​alexanderkjall in tower-rs/tower-http#607
• follow_redirect: expose previous and next request methods by @​lucab in tower-rs/tower-http#559
• chore: release tower-http 0.6.10 by @​jlizen in tower-rs/tower-http#669

New Contributors

• @​lucab made their first contribution in tower-rs/tower-http#559

Full Changelog: tower-rs/tower-http@tower-http-0.6.9...tower-http-0.6.10

tower-http-0.6.9

Added:

• on-early-drop: middleware that detects when a response future or response body is dropped before completion (#636)

  Two events get hooks: the response future being dropped before the inner service produces a response, and the response body being dropped before reaching end-of-stream.

  Install custom callbacks with OnEarlyDropLayer::builder():

  use http::Request;
  use tower_http::on_early_drop::{OnBodyDropFn, OnEarlyDropLayer};
  let layer = OnEarlyDropLayer::builder()
  .on_future_drop(|req: &Request<()>| {
  let uri = req.uri().clone();
  move || eprintln!("future dropped for {}", uri)
  })
  .on_body_drop(OnBodyDropFn::new(|req: &Request<()>| {

... (truncated)

Commits

• 4532fc2 v0.6.10
• 8508cb2 follow_redirect: expose previous and next request methods (#559)
• 890f66a fix gate-ing of atomic64 in tests (#607)
• 578c2b2 fix: restore tokio and async-compression as no-op features (#667)
• eab7cbf v0.6.9
• 9c64770 feat(on-early-drop): Add middleware for client early drop detection (#636)
• 67786ff ci: Remove unnecessary protoc setup (#665)
• e442e2b examples: Use axum::body::to_bytes (#650)
• 218fe6b Make AsyncReadBody::with_capacity public (#415)
• ffd4d7c trace: adds back call to classify_eos on trailers (#483)
• Additional commits viewable in compare view

Updates reqwest from 0.13.2 to 0.13.3

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

• Update docs.rs Features by @​JamesWiresmith in seanmonstar/reqwest#2961
• fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @​monosans in seanmonstar/reqwest#2797
• fix: remove timeout con by @​cuiweixie in seanmonstar/reqwest#2967
• http3: handle stop_sending without error by @​anuraaga in seanmonstar/reqwest#2978
• resolve: debug log to change only host by @​lms0806 in seanmonstar/reqwest#2992
• Edit reference link by @​lms0806 in seanmonstar/reqwest#2996
• docs: more accurate about default HTTP2 window sizes by @​seanmonstar in seanmonstar/reqwest#3007
• [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 by @​lyuzichong in seanmonstar/reqwest#3006
• Upgrade rustls-platform-verifier by @​jplatte in seanmonstar/reqwest#3010
• use wasm-bindgen ecosystem only for wasm32-unknown-* target by @​Ludea in seanmonstar/reqwest#3000
• fix rustls crl pem parsing by @​Threated in seanmonstar/reqwest#3013
• docs(retry): include ReqRep in docsrs by @​seanmonstar in seanmonstar/reqwest#3020

New Contributors

• @​JamesWiresmith made their first contribution in seanmonstar/reqwest#2961
• @​monosans made their first contribution in seanmonstar/reqwest#2797
• @​cuiweixie made their first contribution in seanmonstar/reqwest#2967
• @​anuraaga made their first contribution in seanmonstar/reqwest#2978
• @​lms0806 made their first contribution in seanmonstar/reqwest#2992
• @​lyuzichong made their first contribution in seanmonstar/reqwest#3006
• @​Ludea made their first contribution in seanmonstar/reqwest#3000

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

Commits

• a9a88c4 v0.13.3
• f3f6d9d docs(retry): include ReqRep in docsrs (#3020)
• 5f9c231 fix rustls CRL PEM parsing (#3013)
• 11d835d use wasm-bindgen ecosystem only for wasm32-unknown-* target (#3000)
• 1f72916 Upgrade rustls-platform-verifier (#3010)
• 5d5bf35 [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 (#3006)
• 93dc1b2 docs: more accurate about default HTTP2 window sizes (#3007)
• c5e50f0 docs: update outdated link in comments
• b25611f resolve: debug log to change only host (#2992)
• ca1f479 http3: handle stop_sending without error (#2978)
• Additional commits viewable in compare view

Updates pyroscope from 2.0.0 to 2.0.3

Release notes

Sourced from pyroscope's releases.

pyroscope-lib-2.0.3

What's Changed

• chore(deps): update googleapis/release-please-action action to v5 by @​renovate-sh-app[bot] in grafana/pyroscope-rs#530
• fix(epoll): use libc::c_long for itimerspec fields by @​OGKevin in grafana/pyroscope-rs#532
• chore(main): release lib 2.0.3 by @​github-actions[bot] in grafana/pyroscope-rs#531

New Contributors

• @​OGKevin made their first contribution in grafana/pyroscope-rs#532

Full Changelog: grafana/pyroscope-rs@lib-2.0.2...lib-2.0.3

pyroscope-lib-2.0.2

What's Changed

• chore(deps): lock file maintenance by @​renovate-sh-app[bot] in grafana/pyroscope-rs#522
• chore(deps): update rust:trixie docker digest to e4f09e8 by @​renovate-sh-app[bot] in grafana/pyroscope-rs#515
• chore(deps): update dependency ruby to v4.0.3 by @​renovate-sh-app[bot] in grafana/pyroscope-rs#523
• chore(deps): bump rustls-webpki from 0.103.12 to 0.103.13 by @​dependabot[bot] in grafana/pyroscope-rs#524
• chore(main): release lib 2.0.2 by @​github-actions[bot] in grafana/pyroscope-rs#525

Full Changelog: grafana/pyroscope-rs@lib-2.0.1...lib-2.0.2

pyroscope-lib-2.0.1

2.0.1 (2026-04-19)

Bug Fixes

• revert 0976d999e4a50c14459b8a0b39e72434be6d4bfc (#483) (ad3d032)

Miscellaneous Chores

• deps: lock file maintenance (#467) (09411da)
• deps: lock file maintenance (#478) (447d8ee)
• deps: lock file maintenance (#498) (4072a04)
• deps: lock file maintenance (#502) (bef3bc3)
• deps: pin dependencies (#427) (a46830a)
• deps: pin rust docker tag to e8e2bb5 (#501) (c177d5b)
• deps: update dtolnay/rust-toolchain digest to 3c5f7ea (#480) (c4f2e7d)
• deps: update dtolnay/rust-toolchain digest to 3c5f7ea (#500) (fc21bda)
• deps: update googleapis/release-please-action digest to 5c625bf (#509) (c347e17)
• deps: update rust crate env_logger to v0.11.10 (#490) (24fb12d)
• deps: update rust crate libc to v0.2.183 (#489) (b44bac8)
• deps: update rust crate libc to v0.2.185 (#514) (e72f5c6)
• deps: update rust crate libflate to v2.3.0 (#516) (da2835f)
• deps: update rust crate rbspy to 0.43 (#471) (1e524d3)
• deps: update rust crate rbspy to 0.44 (#477) (c7cfe39)
• deps: update rust crate uuid to v1.23.0 (#481) (9c4b53a)
• deps: update rust crate uuid to v1.23.1 (#517) (6a89238)

... (truncated)

Changelog

Sourced from pyroscope's changelog.

2.0.3 (2026-04-26)

Bug Fixes

• epoll: use libc::c_long for itimerspec fields (#532) (093406e)

Miscellaneous Chores

• deps: update googleapis/release-please-action action to v5 (#530) (6c97b9d)

2.0.2 (2026-04-24)

Miscellaneous Chores

• deps: bump rustls-webpki from 0.103.12 to 0.103.13 (#524) (935384d)
• deps: lock file maintenance (#522) (4bd95bb)
• deps: update dependency ruby to v4.0.3 (#523) (e126aa2)
• deps: update rust:trixie docker digest to e4f09e8 (#515) (f450327)

2.0.1 (2026-04-19)

Bug Fixes

• revert 0976d999e4a50c14459b8a0b39e72434be6d4bfc (#483) (ad3d032)

Miscellaneous Chores

• deps: lock file maintenance (#467) (09411da)
• deps: lock file maintenance (#478) (447d8ee)
• deps: lock file maintenance (#498) (4072a04)
• deps: lock file maintenance (#502) (bef3bc3)
• deps: pin dependencies (#427) (a46830a)
• deps: pin rust docker tag to e8e2bb5 (#501) (c177d5b)
• deps: update dtolnay/rust-toolchain digest to 3c5f7ea (#480) (c4f2e7d)
• deps: update dtolnay/rust-toolchain digest to 3c5f7ea (#500) (fc21bda)
• deps: update googleapis/release-please-action digest to 5c625bf (#509) (c347e17)
• deps: update rust crate env_logger to v0.11.10 (#490) (24fb12d)
• deps: update rust crate libc to v0.2.183 (#489) (b44bac8)
• deps: update rust crate libc to v0.2.185 (#514) (e72f5c6)
• deps: update rust crate libflate to v2.3.0 (#516) (da2835f)
• deps: update rust crate rbspy to 0.43 (#471) (1e524d3)
• deps: update rust crate rbspy to 0.44 (#477) (c7cfe39)
• deps: update rust crate uuid to v1.23.0 (#481) (9c4b53a)
• deps: update rust crate uuid to v1.23.1 (#517) (6a89238)
• deps: update rust-lang/crates-io-auth-action action to v1.0.4 (#479) (f4e08f3)

... (truncated)

Commits

• c520d9e chore(main): release lib 2.0.3 (#531)
• 093406e fix(epoll): use libc::c_long for itimerspec fields (#532)
• 6c97b9d chore(deps): update googleapis/release-please-action action to v5 (#530)
• b48bf47 chore(main): release lib 2.0.2 (#525)
• 935384d chore(deps): bump rustls-webpki from 0.103.12 to 0.103.13 (#524)
• e126aa2 chore(deps): update dependency ruby to v4.0.3 (#523)
• f450327 chore(deps): update rust:trixie docker digest to e4f09e8 (#515)
• 4bd95bb chore(deps): lock file maintenance (#522)
• f51dcbf chore(main): release lib 2.0.1 (#496)
• 6a89238 chore(deps): update rust crate uuid to v1.23.1 (#517)
• Additional commits viewable in compare view

Updates apalis-postgres from 1.0.0-rc.7 to 1.0.0-rc.8

Release notes

Sourced from apalis-postgres's releases.

v1.0.0-rc.8

What's Changed

• ci(deps): bump cargo-bins/cargo-binstall from 1.17.7 to 1.17.9 by @​dependabot[bot] in apalis-dev/apalis-postgres#69
• ci(deps): bump codecov/codecov-action from 5 to 6 by @​dependabot[bot] in apalis-dev/apalis-postgres#70
• chore: Make JsonCodec publicly accessible by @​paomian in apalis-dev/apalis-postgres#79
• feat: idempotency for tasks by @​geofmureithi in apalis-dev/apalis-postgres#81
• ci(deps): bump pozil/auto-assign-issue from 2 to 3 by @​dependabot[bot] in apalis-dev/apalis-postgres#77
• ci(deps): bump cargo-bins/cargo-binstall from 1.17.9 to 1.19.1 by @​dependabot[bot] in apalis-dev/apalis-postgres#80
• bump: to v1.0.0-rc.8 by @​geofmureithi in apalis-dev/apalis-postgres#82

New Contributors

• @​paomian made their first contribution in apalis-dev/apalis-postgres#79

Full Changelog: apalis-dev/apalis-postgres@v1.0.0-rc.7...v1.0.0-rc.8

Changelog

Sourced from apalis-postgres's changelog.

[1.0.0-rc.8] - 2026-05-08

• feat: idempotency for tasks (#81)
• chore: make JsonCodec publicly accessible (#79)

Commits

• 5a93021 bump: to v1.0.0-rc.8 (#82)
• a4b03cb ci(deps): bump cargo-bins/cargo-binstall from 1.17.9 to 1.19.1 (#80)
• 810b71c ci(deps): bump pozil/auto-assign-issue from 2 to 3 (#77)
• 605adfb feat: idempotency for tasks (#81)
• 4a8d035 chore: Make JsonCodec publicly accessible (#79)
• 33f8f3b ci(deps): bump codecov/codecov-action from 5 to 6 (#70)
• 7f8f113 ci(deps): bump cargo-bins/cargo-binstall from 1.17.7 to 1.17.9 (#69)
• See full diff in compare view

Updates apalis-cron from 1.0.0-rc.7 to 1.0.0-rc.8

Release notes

Sourced from apalis-cron's releases.

v1.0.0-rc.8

What's Changed

• ci(deps): bump pozil/auto-assign-issue from 2 to 3 by @​dependabot[bot] in apalis-dev/apalis-cron#49
• bump: to v1.0.0-rc.8 by @​geofmureithi in apalis-dev/apalis-cron#51

Full Changelog: apalis-dev/apalis-cron@v1.0.0-rc.7...v1.0.0-rc.8

Changelog

Sourced from apalis-cron's changelog.

[1.0.0-rc.8] - 2026-05-08

• bump: to v1.0.0-rc.8 (#51)

Commits

• 47566e9 bump: to v1.0.0-rc.8 (#51)
• 648caec ci(deps): bump pozil/auto-assign-issue from 2 to 3 (#49)
• See full diff in compare view

Updates serde_qs from 1.1.1 to 1.1.2

Release notes

Sourced from serde_qs's releases.

v1.1.2

Fixed

• do not strict-validate ignored compound fields (#168)

Changelog

Sourced from serde_qs's changelog.

1.1.2 - 2026-05-15

Fixed

• do not strict-validate ignored compound fields (#168)

Commits

• ba6b6f7 chore: release v1.1.2 (#169)
• f220b13 fix: do not strict-validate ignored compound fields (#168)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions