build(deps): bump the external group across 1 directory with 3 updates

[dependabot]

Bumps the external group with 3 updates in the / directory: http, hyper and serde_json.

Updates http from 1.4.0 to 1.4.1

Release notes

Sourced from http's releases.

v1.4.1

tl;dr

• Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
• Fix Extend for HeaderMap to clamp max size hint and not overflow.
• Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
• Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

What's Changed

• chore(header): fix clippy::assign_op_pattern by @​rxc-amzn in hyperium/http#806
• ci: pin itoa in msrv job by @​seanmonstar in hyperium/http#813
• Remove unnecessary explicit lifetimes by @​jplatte in hyperium/http#815
• chore(ci): update to actions/checkout@v6 by @​tottoto in hyperium/http#819
• tests: update to rand 0.10 by @​tottoto in hyperium/http#818
• refactor: Remove usage of float instruction by @​AurelienFT in hyperium/http#823
• refactor(uri): consolidate PathAndQuery::from_shared and from_static by @​seanmonstar in hyperium/http#825
• fix(uri): reject Path::from_shared/from_static if doesn't start with slash by @​seanmonstar in hyperium/http#826
• Rephrase comment by @​daalfox in hyperium/http#827
• Fix typo in request builder docs by @​vleksis in hyperium/http#831
• fix: clamp Extend size hint so HeaderMap reserve cannot overflow by @​SAY-5 in hyperium/http#833
• fix(headers): fix stacked borrows for IterMut/ValuesIterMut by @​seanmonstar in hyperium/http#837
• fix(header): use a set_len guard in IntoIter drop by @​seanmonstar in hyperium/http#838

New Contributors

• @​rxc-amzn made their first contribution in hyperium/http#806
• @​AurelienFT made their first contribution in hyperium/http#823
• @​daalfox made their first contribution in hyperium/http#827
• @​vleksis made their first contribution in hyperium/http#831
• @​SAY-5 made their first contribution in hyperium/http#833

Full Changelog: hyperium/http@v1.4.0...v1.4.1

Changelog

Sourced from http's changelog.

1.4.1 (May 25, 2026)

• Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
• Fix Extend for HeaderMap to clamp max size hint and not overflow.
• Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
• Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

Commits

• a24c968 v1.4.1
• bc3b044 fix(header): use a set_len guard in IntoIter drop (#838)
• 1b968dc fix(header): fix stacked borrows for IterMut/ValuesIterMut (#837)
• 6e2dd42 fix: clamp Extend size hint so HeaderMap reserve cannot overflow (#833)
• 68e0abb docs: fix typo in request builder docs (#831)
• 29dd307 docs(extensions): rephrase internal comment (#827)
• ae48fb5 fix(uri): reject Path::from_shared/from_static if doesn't start with slash (#...
• 1ad200e refactor(uri): consolidate PathAndQuery::from_shared and from_static (#825)
• d59d939 refactor: Remove usage of float instruction (#823)
• ed680c4 tests: update to rand 0.10 (#818)
• Additional commits viewable in compare view

Updates hyper from 1.9.0 to 1.10.1

Release notes

Sourced from hyper's releases.

v1.10.1

What's Changed

• fix(http1): fix busy loop when peer half-closes and open body by @​seanmonstar in hyperium/hyper#4086

Full Changelog: hyperium/hyper@v1.10.0...v1.10.1

v1.10.0

Features

• http2:
  • add reset_stream_duration() client option (#4068) (156a6f6a, closes #2599)
  • Add 'header_table_size()' method to server builder (#4062) (6c9182c4)

Bug Fixes

• http1:
  • send error when dispatcher is dropped mid-body (#4069) (b7a679ba, closes #3995, #4016)
  • fix reading large bodies on 32-bit systems (#4056) (b12f6525, closes #4055)
  • fix rare missed write wakeup on connections v2 (743a3ba0)
• http2:
  • do not reserve capacity before body data is available (#4061) (99f24345, closes #4003)
  • reading trailers shouldn't propagate NO_ERROR from early response (#3998) (e5ad96b1)

Refactors, chores, et al

• fix(http1): fix rare missed write wakeup on connections v2 by @​lthiery in hyperium/hyper#3988
• fix(client): reading trailers shouldn't propagate NO_ERROR from early response by @​ulyssa in hyperium/hyper#3998
• fix(http1): fix reading large bodies on 32-bit systems by @​seanmonstar in hyperium/hyper#4056
• fix(http2): do not reserve capacity before body data is available by @​seanmonstar in hyperium/hyper#4061
• Fix two clippy lints by @​jplatte in hyperium/hyper#4063
• docs(client): document Drop behavior for Connection types by @​lihan3238 in hyperium/hyper#4064
• Add header_table_size method to server builder by @​ArniDagur in hyperium/hyper#4062
• feat(http2/client): expose reset_stream_duration option by @​kimjune01 in hyperium/hyper#4068
• fix(http1): send error when dispatcher is dropped mid-body by @​seanmonstar in hyperium/hyper#4069
• docs: document cancel safety for client send_request futures by @​lihan3238 in hyperium/hyper#4070
• docs(error): add detailed doc comments to Error query methods by @​kimjune01 in hyperium/hyper#4065
• refactor(lib): use a panic_if_poisoned() helper for mutexes by @​seanmonstar in hyperium/hyper#4072
• refactor(lib): replace unwraps with expects by @​seanmonstar in hyperium/hyper#4073
• docs(lib): fixup markdown and grammar in doc comments by @​seanmonstar in hyperium/hyper#4074
• chore(ci): fix security-audit job by @​seanmonstar in hyperium/hyper#4076
• chore(lib): start a strict clippy config by @​seanmonstar in hyperium/hyper#4075
• tests(client): fix misuse of path_and_query in CONNECT test by @​seanmonstar in hyperium/hyper#4078
• Removing wildcard_imports lint allowance by @​Lori-Shu in hyperium/hyper#4080
• Fix manual_assert lint by @​xd009642 in hyperium/hyper#4079

New Contributors

• @​ulyssa made their first contribution in hyperium/hyper#3998
• @​lihan3238 made their first contribution in hyperium/hyper#4064
• @​ArniDagur made their first contribution in hyperium/hyper#4062
• @​kimjune01 made their first contribution in hyperium/hyper#4068

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.10.1 (2026-05-29)

Bug Fixes

• http1: fix busy loop when peer half-closes and open body (#4086) (c6cb906f, closes #4085)

v1.10.0 (2026-05-27)

Bug Fixes

• http1:
  • send error when dispatcher is dropped mid-body (#4069) (b7a679ba, closes #3995, #4016)
  • fix reading large bodies on 32-bit systems (#4056) (b12f6525, closes #4055)
  • fix rare missed write wakeup on connections v2 (743a3ba0)
• http2:
  • do not reserve capacity before body data is available (#4061) (99f24345, closes #4003)
  • reading trailers shouldn't propagate NO_ERROR from early response (#3998) (e5ad96b1)

Features

• http2:
  • add reset_stream_duration() client option (#4068) (156a6f6a, closes #2599)
  • Add 'header_table_size()' method to server builder (#4062) (6c9182c4)

Commits

• e3bcd37 v1.10.1
• c6cb906 fix(http1): fix busy loop when peer half-closes and open body (#4086)
• 54e8511 v1.10.0
• 79dbab6 style(ext): fix manual_assert lint (#4079)
• cca6bf1 style(client): removing wildcard_imports lint allowance (#4080)
• 3cc1158 test(client): fix misuse of path_and_query in CONNECT test (#4078)
• cad38b7 chore(lib): start a strict clippy config (#4075)
• 7bb1d03 chore(ci): fix security-audit job (#4076)
• 5dbcae7 docs(lib): fixup markdown and grammar in doc comments (#4074)
• 08ef365 refactor(lib): replace unwraps with expects (#4073)
• Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}