deps(rust): bump the rust-minor-patch group across 1 directory with 7 updates by dependabot[bot] · Pull Request #193 · all-source-os/all-source

dependabot · 2026-05-26T00:43:03Z

Bumps the rust-minor-patch group with 7 updates in the / directory:

Package	From	To
bumpalo	`3.20.2`	`3.20.3`
dashmap	`6.1.0`	`6.2.1`
http	`1.4.0`	`1.4.1`
serde_json	`1.0.149`	`1.0.150`
tower-http	`0.6.10`	`0.6.11`
mimalloc	`0.1.50`	`0.1.52`
reqwest	`0.13.3`	`0.13.4`

Updates bumpalo from 3.20.2 to 3.20.3

Changelog

Sourced from bumpalo's changelog.

3.20.3

Released 2026-05-22.

Fixed

Fixed the try_alloc_slice_fill_with, alloc_slice_try_fill_with, alloc_slice_fill_with methods to properly rewind the bump pointer on allocation, initialization, and panic failure and avoid wasting bump capacity.

Fixed a drop bug in bumpalo::collections::vec::DrainFilter (used by retain and retain_mut) when the predicate panics.

Commits

84654ac Rewind on slice allocation failure (#324)
5325624 Fix a couple bugs (#323)
fcf8370 Fix UB in Allocator::grow_zeroed (#321)
657caf8 test: fix test for OOM instead of overflow (#320)
1db9be9 fix: fix typo in comment (#318)
a47f6d6 fix: bump pointer/bump chunk debug assertion (#313)
0b12966 Update Cargo.toml with keywords (#303)
See full diff in compare view

Updates dashmap from 6.1.0 to 6.2.1

Release notes

Sourced from dashmap's releases.

v6.2.1

This is an interim maintenance release for the existing v6 branch before v7 can be released. This bumps the MSRV to 1.85 and updates dependencies to their latest versions.

Commits

749ed1f v6.2.1
d02b945 v6.2.0
b983625 update dependencies
94a294a bump msrv to 1.85
See full diff in compare view

Updates http from 1.4.0 to 1.4.1

Release notes

Sourced from http's releases.

v1.4.1

tl;dr

Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.

Fix Extend for HeaderMap to clamp max size hint and not overflow.

Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.

Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

What's Changed

chore(header): fix clippy::assign_op_pattern by @rxc-amzn in hyperium/http#806

ci: pin itoa in msrv job by @seanmonstar in hyperium/http#813

Remove unnecessary explicit lifetimes by @jplatte in hyperium/http#815

chore(ci): update to actions/checkout@v6 by @tottoto in hyperium/http#819

tests: update to rand 0.10 by @tottoto in hyperium/http#818

refactor: Remove usage of float instruction by @AurelienFT in hyperium/http#823

refactor(uri): consolidate PathAndQuery::from_shared and from_static by @seanmonstar in hyperium/http#825

fix(uri): reject Path::from_shared/from_static if doesn't start with slash by @seanmonstar in hyperium/http#826

Rephrase comment by @daalfox in hyperium/http#827

Fix typo in request builder docs by @vleksis in hyperium/http#831

fix: clamp Extend size hint so HeaderMap reserve cannot overflow by @SAY-5 in hyperium/http#833

fix(headers): fix stacked borrows for IterMut/ValuesIterMut by @seanmonstar in hyperium/http#837

fix(header): use a set_len guard in IntoIter drop by @seanmonstar in hyperium/http#838

New Contributors

@rxc-amzn made their first contribution in hyperium/http#806

@AurelienFT made their first contribution in hyperium/http#823

@daalfox made their first contribution in hyperium/http#827

@vleksis made their first contribution in hyperium/http#831

@SAY-5 made their first contribution in hyperium/http#833

Full Changelog: hyperium/http@v1.4.0...v1.4.1

Changelog

Sourced from http's changelog.

1.4.1 (May 25, 2026)

Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.

Fix Extend for HeaderMap to clamp max size hint and not overflow.

Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.

Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

Commits

a24c968 v1.4.1
bc3b044 fix(header): use a set_len guard in IntoIter drop (#838)
1b968dc fix(header): fix stacked borrows for IterMut/ValuesIterMut (#837)
6e2dd42 fix: clamp Extend size hint so HeaderMap reserve cannot overflow (#833)
68e0abb docs: fix typo in request builder docs (#831)
29dd307 docs(extensions): rephrase internal comment (#827)
ae48fb5 fix(uri): reject Path::from_shared/from_static if doesn't start with slash (#...
1ad200e refactor(uri): consolidate PathAndQuery::from_shared and from_static (#825)
d59d939 refactor: Remove usage of float instruction (#823)
ed680c4 tests: update to rand 0.10 (#818)
Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

Reject non-string enum object keys (#1324, thanks @puneetdixit200)

Commits

a1ae73a Release 1.0.150
1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
2037b63 Reject non-string enum object keys
5d30df6 Resolve manual_assert_eq pedantic clippy lint
dc8003a Raise required compiler for preserve_order feature to 1.85
a42fa98 Unpin CI miri toolchain
684a60e Pin CI miri to nightly-2026-02-11
7c7da33 Raise required compiler to Rust 1.71
acf4850 Simplify Number::is_f64
6b8ceab Resolve unnecessary_map_or clippy lint
Additional commits viewable in compare view

Updates tower-http from 0.6.10 to 0.6.11

Release notes

Sourced from tower-http's releases.

tower-http-0.6.11

Added
set-header: add SetMultipleResponseHeadersLayer and SetMultipleResponseHeader for setting multiple response headers at once. Supports overriding, appending, and if_not_present modes. Header values can be fixed or computed dynamically via closures (#672)
use http::{Response, header::{self, HeaderValue}};
use http_body::Body as _;
use tower_http::set_header::response::SetMultipleResponseHeadersLayer;
let layer = SetMultipleResponseHeadersLayer::overriding(vec![
(header::X_FRAME_OPTIONS, HeaderValue::from_static("DENY")).into(),
(header::CONTENT_LENGTH, |res: &Response<MyBody>| {
res.body().size_hint().exact()
.map(|size| HeaderValue::from_str(&size.to_string()).unwrap())
}).into(),
]);
set-header: add SetMultipleRequestHeadersLayer and SetMultipleRequestHeaders for setting multiple request headers at once, mirroring the response-side API (#677)

classify: add From<i32> and From<NonZeroI32> impls for GrpcCode. Unrecognized status codes map to GrpcCode::Unknown (#506)
Changed

compression: compress application/grpc-web responses. Previously all application/grpc* content types were excluded from compression; now only application/grpc (non-web) is excluded (#408)

Fixed

fs: fix ServeDir returning 500 instead of 405 for non-GET/HEAD requests when call_fallback_on_method_not_allowed is enabled but no fallback service is configured (#587)

fs: remove duplicate cfg attribute on is_reserved_dos_name (#675)

#408: tower-rs/tower-http#408 #506: tower-rs/tower-http#506 #587: tower-rs/tower-http#587 #672: tower-rs/tower-http#672 #675: tower-rs/tower-http#675 #677: tower-rs/tower-http#677

All PRs

ci: fix flaky encoding test, add nightly stress test job by @jlizen in tower-rs/tower-http#670

... (truncated)

Commits

1d082ef v0.6.11
9c3117d feat: set multiple request header (#677)
667e7c7 Remove duplicate cfg attribute for is_reserved_dos_name (#675)
7551a9b feat(set_header): refactor and improve multiple header middleware (#672)
991e9ee add From<i32> impl for GrpcCode (#506)
3962dba Do compress grpc-web responses (#408)
f0b3bb6 Fix serve_dir method not allowed handling when no fallback is configured (#587)
d1a571b ci: use static timeout in stress-test workflow (#671)
309555a ci: fix flaky encoding test, add nightly stress test job (#670)
See full diff in compare view

Updates mimalloc from 0.1.50 to 0.1.52

Release notes

Sourced from mimalloc's releases.

Version 0.1.52

Changes

Expose mi_stats_get_json().

Fix ARM compilation.

Version 0.1.51

Changes

Mimalloc bumped to v3.3.2 and v2.3.2.

Compile with msvc on windows.

Commits

abcd2be v0.1.52
9db5330 Remove explicit arm instruction set
d06bd31 Merge pull request #161 from svix-jbrown/feat/stats-json
eb4a16d simplify API
e1fd9eb fix up some tests
6805298 v0.1.51
ba2c9b1 Fix extended v3
84969eb Merge pull request #160 from Havunen/feat/adjust_build_to_match_mimalloc
843b9b2 Updated mimalloc to 3.3.2 and 2.3.2
da7a09c feat: expose mi_stats_get_json and a safe wrapper around it
Additional commits viewable in compare view

Updates reqwest from 0.13.3 to 0.13.4

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.

Add ClientBuilder::http2_keep_alive_* options for the blocking client.

Add TLS 1.3 support when using native-tls backend.

Fix redirect handling to strip sensitive headers when the scheme changes.

Fix HTTP/3 happy-eyeball connection creation.

Upgrade hickory-resolver to 0.26.

What's Changed

fix(tls): improve rustls-no-provider panic message and add module docs by @smythg4 in seanmonstar/reqwest#3021

fix: do not lose the url in error when decoding json by @Dushistov in seanmonstar/reqwest#3026

Add tls_sslkeylogfile builder method by @passcod in seanmonstar/reqwest#2923

fix(redirect): strip sensitive headers on scheme change across redirects by @SAY-5 in seanmonstar/reqwest#3034

chore: upgrade MSRV to 1.85 by @seanmonstar in seanmonstar/reqwest#3038

chore: clean up minimal-versions CI job by @seanmonstar in seanmonstar/reqwest#3039

fix(http3): use happy eyeballs for h3 connect by @lyuzichong in seanmonstar/reqwest#3030

fix: update hickory-resolver to 0.26 and adjust code accordingly by @seanmonstar in seanmonstar/reqwest#3040

fix: remove unwrap in hickory initialization by @mat813 in seanmonstar/reqwest#3041

feat(https): support TLS 1.3 as min version under native-tls 🎉 by @AverageHelper in seanmonstar/reqwest#2975

Expose keep alive configurations in blocking client by @aeb-dev in seanmonstar/reqwest#3043

Prepare v0.13.4 by @seanmonstar in seanmonstar/reqwest#3046

New Contributors

@smythg4 made their first contribution in seanmonstar/reqwest#3021

@Dushistov made their first contribution in seanmonstar/reqwest#3026

@SAY-5 made their first contribution in seanmonstar/reqwest#3034

@mat813 made their first contribution in seanmonstar/reqwest#3041

@AverageHelper made their first contribution in seanmonstar/reqwest#2975

@aeb-dev made their first contribution in seanmonstar/reqwest#3043

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

Changelog

Sourced from reqwest's changelog.

v0.13.4

Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.

Add ClientBuilder::http2_keep_alive_* options for the blocking client.

Add TLS 1.3 support when using native-tls backend.

Fix redirect handling to strip sensitive headers when the scheme changes.

Fix HTTP/3 happy-eyeball connection creation.

Upgrade hickory-resolver to 0.26.

Commits

11489b3 v0.13.4
d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
fb7bf6a fix: remove unwrap in hickory initialization (#3041)
3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
9cbb65b chore: clean up minimal-versions CI job (#3039)
17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
Additional commits viewable in compare view

dependabot · 2026-05-26T00:43:03Z

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

vercel · 2026-05-26T00:43:06Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
all-source-admin	Ready	Preview, Comment	May 26, 2026 8:32am
all-source-web	Ready	Preview, Comment	May 26, 2026 8:32am

github-actions · 2026-05-26T00:43:40Z

iai-callgrind — `chronis/iai`

github-actions · 2026-05-26T00:49:52Z

iai-callgrind — `allsource-prime/iai`

github-actions · 2026-05-26T00:51:27Z

iai-callgrind — `allsource-core/iai`

… updates Bumps the rust-minor-patch group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [bumpalo](https://github.com/fitzgen/bumpalo) | `3.20.2` | `3.20.3` | | [dashmap](https://github.com/xacrimon/dashmap) | `6.1.0` | `6.2.1` | | [http](https://github.com/hyperium/http) | `1.4.0` | `1.4.1` | | [serde_json](https://github.com/serde-rs/json) | `1.0.149` | `1.0.150` | | [tower-http](https://github.com/tower-rs/tower-http) | `0.6.10` | `0.6.11` | | [mimalloc](https://github.com/purpleprotocol/mimalloc_rust) | `0.1.50` | `0.1.52` | | [reqwest](https://github.com/seanmonstar/reqwest) | `0.13.3` | `0.13.4` | Updates `bumpalo` from 3.20.2 to 3.20.3 - [Changelog](https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md) - [Commits](fitzgen/bumpalo@v3.20.2...v3.20.3) Updates `dashmap` from 6.1.0 to 6.2.1 - [Release notes](https://github.com/xacrimon/dashmap/releases) - [Commits](xacrimon/dashmap@v6.1.0...v6.2.1) Updates `http` from 1.4.0 to 1.4.1 - [Release notes](https://github.com/hyperium/http/releases) - [Changelog](https://github.com/hyperium/http/blob/master/CHANGELOG.md) - [Commits](hyperium/http@v1.4.0...v1.4.1) Updates `serde_json` from 1.0.149 to 1.0.150 - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@v1.0.149...v1.0.150) Updates `tower-http` from 0.6.10 to 0.6.11 - [Release notes](https://github.com/tower-rs/tower-http/releases) - [Commits](tower-rs/tower-http@tower-http-0.6.10...tower-http-0.6.11) Updates `mimalloc` from 0.1.50 to 0.1.52 - [Release notes](https://github.com/purpleprotocol/mimalloc_rust/releases) - [Commits](purpleprotocol/mimalloc_rust@v0.1.50...v0.1.52) Updates `reqwest` from 0.13.3 to 0.13.4 - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](seanmonstar/reqwest@v0.13.3...v0.13.4) --- updated-dependencies: - dependency-name: bumpalo dependency-version: 3.20.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rust-minor-patch - dependency-name: dashmap dependency-version: 6.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: rust-minor-patch - dependency-name: http dependency-version: 1.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rust-minor-patch - dependency-name: mimalloc dependency-version: 0.1.52 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rust-minor-patch - dependency-name: reqwest dependency-version: 0.13.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rust-minor-patch - dependency-name: serde_json dependency-version: 1.0.150 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rust-minor-patch - dependency-name: tower-http dependency-version: 0.6.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rust-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>

vercel Bot deployed to Preview – all-source-admin May 26, 2026 00:43 View deployment

vercel Bot deployed to Preview – all-source-web May 26, 2026 00:43 View deployment

dependabot Bot force-pushed the dependabot/cargo/rust-minor-patch-92ae780313 branch from 906709b to 2a20d70 Compare May 26, 2026 08:32

vercel Bot deployed to Preview – all-source-admin May 26, 2026 08:32 View deployment

vercel Bot deployed to Preview – all-source-web May 26, 2026 08:32 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(rust): bump the rust-minor-patch group across 1 directory with 7 updates#193

deps(rust): bump the rust-minor-patch group across 1 directory with 7 updates#193
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/rust-minor-patch-92ae780313

dependabot Bot commented on behalf of github May 26, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 26, 2026

Uh oh!

vercel Bot commented May 26, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 26, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 26, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 26, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

3.20.3

Fixed

v6.2.1

v1.4.1

tl;dr

What's Changed

New Contributors

1.4.1 (May 25, 2026)

v1.0.150

tower-http-0.6.11

Added

Changed

Fixed

All PRs

Version 0.1.52

Changes

Version 0.1.51

Changes

v0.13.4

tl;dr

What's Changed

New Contributors

v0.13.4

Uh oh!

dependabot Bot commented on behalf of github May 26, 2026

Labels

Uh oh!

vercel Bot commented May 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions Bot commented May 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

iai-callgrind — chronis/iai

Uh oh!

github-actions Bot commented May 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

iai-callgrind — allsource-prime/iai

Uh oh!

github-actions Bot commented May 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

iai-callgrind — allsource-core/iai

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 26, 2026 •

edited

Loading

vercel Bot commented May 26, 2026 •

edited

Loading

github-actions Bot commented May 26, 2026 •

edited

Loading

iai-callgrind — `chronis/iai`

github-actions Bot commented May 26, 2026 •

edited

Loading

iai-callgrind — `allsource-prime/iai`

github-actions Bot commented May 26, 2026 •

edited

Loading

iai-callgrind — `allsource-core/iai`