build(deps): bump the cargo group across 1 directory with 8 updates

[dependabot]

Bumps the cargo group with 8 updates in the / directory:

Package	From	To
clap	4.5.53	4.5.54
reqwest	0.12.24	0.13.1
serde_json	1.0.145	1.0.148
tokio	1.48.0	1.49.0
tokio-stream	0.1.17	0.1.18
tempfile	3.23.0	3.24.0
napi	3.6.1	3.8.1
napi-derive	3.4.0	3.5.0

Updates clap from 4.5.53 to 4.5.54

Release notes

Sourced from clap's releases.

v4.5.54

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

Changelog

Sourced from clap's changelog.

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

Commits

• 194c676 chore: Release
• 44838f6 docs: Update changelog
• 0f59d55 Merge pull request #6027 from Alpha1337k/master
• e2aa2f0 Feat: Add catch-all on external subcommands for zsh
• b9c0aee Feat: Add external subcommands test to suite
• See full diff in compare view

Updates reqwest from 0.12.24 to 0.13.1

Release notes

Sourced from reqwest's releases.

v0.13.1

What's Changed

• http3: depend on quinn/rustls-aws-lc-rs to avoid ring dependency by @​djc in seanmonstar/reqwest#2917
• fix rustls on android by @​seanmonstar in seanmonstar/reqwest#2918

Full Changelog: seanmonstar/reqwest@v0.13.0...v0.13.1

v0.13.0

Breaking changes

• rustls is now the default TLS backend, instead of native-tls.
• rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
• rustls-tls has been renamed to rustls.
• rustls roots features removed, rustls-platform-verifier is used by default.
  • To use different roots, call tls_certs_only(your_roots).
• native-tls now includes ALPN. To disable, use native-tls-no-alpn.
• query and form are now crate features, disabled by default.
• Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
• Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
  • For example, prefer tls_backend_rustls() over use_rustls_tls().

Pull Requests in General

• start 0.13 dev by @​seanmonstar in seanmonstar/reqwest#2894
• Make serde optional by introducing query, form features, and re-working WASM header parsing by @​CathalMullan in seanmonstar/reqwest#2858
• replace ClientBuilder::dns_resolver with dns_resolver2 by @​seanmonstar in seanmonstar/reqwest#2898
• feat: make Rustls the default TLS provider by @​calavera in seanmonstar/reqwest#2897
• feat: consolidate TLS options with rustls-platform-verifier by @​seanmonstar in seanmonstar/reqwest#2891
• remove long-deprecated methods: trust-dns and non-wasm-cors by @​seanmonstar in seanmonstar/reqwest#2899
• rename rustls-tls feature to just rustls by @​seanmonstar in seanmonstar/reqwest#2900
• remove deprecated features trust-dns and macos-system-configuration by @​seanmonstar in seanmonstar/reqwest#2901
• chore: separate rustls and rustls-no-provider features by @​seanmonstar in seanmonstar/reqwest#2903
• rustls: allow windows to use extra roots by @​seanmonstar in seanmonstar/reqwest#2904
• v0.13.0-rc.1 by @​seanmonstar in seanmonstar/reqwest#2905
• Enable ALPN by default in native-tls by @​ducaale in seanmonstar/reqwest#2907
• v0.13.0 by @​seanmonstar in seanmonstar/reqwest#2915

New Contributors

• @​CathalMullan made their first contribution in seanmonstar/reqwest#2858

Full Changelog: seanmonstar/reqwest@v0.12.28...v0.13.0

v0.13.0-rc.1

👀 Discussion here if you give it try, thanks!

Main breaking changes

• rustls is now default instead of native-tls
• rustls provider defaults to aws-lc instead of ring (rustls-no-provider exists if you want to enable a different one)
• rustls-tls renamed to rustls
• rustls roots features removed, platform-verifier is used instead

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.1

• Fixes compiling with rustls on Android targets.

v0.13.0

• Breaking changes:
  • rustls is now the default TLS backend, instead of native-tls.
  • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
  • rustls-tls has been renamed to rustls.
  • rustls roots features removed, rustls-platform-verifier is used by default.
    • To use different roots, call tls_certs_only(your_roots).
  • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
  • query and form are now crate features, disabled by default.
  • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
• Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
  • For example, prefer tls_backend_rustls() over use_rustls_tls().

v0.12.28

• Fix compiling on Windows if TLS and SOCKS features are not enabled.

v0.12.27

• Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Piper.

v0.12.26

• Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

v0.12.25

• Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
• Fix sending Proxy-Authorization if only username is configured.
• Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
• Refactor internal decompression handling to use tower-http.

Commits

• 10fb98c v0.13.1
• 438098a chore: refer to h2 as dep:h2 (#2919)
• 43aac91 chore(ci): bump actions/checkout from 5 to 6 (#2864)
• 175f5b2 fix rustls on android (#2918)
• 1afe88e Depend on quinn/rustls-aws-lc-rs to avoid ring dependency (#2917)
• 62a80af v0.13.0
• e8d89f4 enable ALPN by default in native-tls (#2907)
• 9a9daa7 v0.13.0-rc.1
• d518e45 rustls: allow windows to use extra roots (#2904)
• 934bc84 chore: separate rustls and rustls-no-provider features (#2903)
• Additional commits viewable in compare view

Updates serde_json from 1.0.145 to 1.0.148

Release notes

Sourced from serde_json's releases.

v1.0.148

• Update zmij dependency to 1.0

v1.0.147

• Switch float-to-string algorithm from Ryū to Żmij for better f32 and f64 serialization performance (#1304)

v1.0.146

• Set fast_arithmetic=64 for riscv64 (#1305, thanks @​Xeonacid)

Commits

• 8b291c4 Release 1.0.148
• 1aefe15 Update to zmij 1.0
• 62d6e8d Release 1.0.147
• fd829a6 Merge pull request #1304 from dtolnay/zmij
• e757a3d Switch from ryu -> zmij for float formatting
• 75ad7e6 Release 1.0.146
• bc6c827 Merge pull request #1305 from Xeonacid/patch-1
• a09210a Set fast_arithmetic=64 for riscv64
• 01182e5 Update actions/upload-artifact@v5 -> v6
• 383b13a Update actions/upload-artifact@v4 -> v5
• Additional commits viewable in compare view

Updates tokio from 1.48.0 to 1.49.0

Release notes

Sourced from tokio's releases.

Tokio v1.49.0

1.49.0 (January 3rd, 2026)

Added

• net: add support for TCLASS option on IPv6 (#7781)
• runtime: stabilize runtime::id::Id (#7125)
• task: implement Extend for JoinSet (#7195)
• task: stabilize the LocalSet::id() (#7776)

Changed

• net: deprecate {TcpStream,TcpSocket}::set_linger (#7752)

Fixed

• macros: fix the hygiene issue of join! and try_join! (#7766)
• runtime: revert "replace manual vtable definitions with Wake" (#7699)
• sync: return TryRecvError::Disconnected from Receiver::try_recv after Receiver::close (#7686)
• task: remove unnecessary trait bounds on the Debug implementation (#7720)

Unstable

• fs: handle EINTR in fs::write for io-uring (#7786)
• fs: support io-uring with tokio::fs::read (#7696)
• runtime: disable io-uring on EPERM (#7724)
• time: add alternative timer for better multicore scalability (#7467)

Documented

• docs: fix a typos in bounded.rs and park.rs (#7817)
• io: add SyncIoBridge cross-references to copy and copy_buf (#7798)
• io: doc that AsyncWrite does not inherit from std::io::Write (#7705)
• metrics: clarify that num_alive_tasks is not strongly consistent (#7614)
• net: clarify the cancellation safety of the TcpStream::peek (#7305)
• net: clarify the drop behavior of unix::OwnedWriteHalf (#7742)
• net: clarify the platform-dependent backlog in TcpSocket docs (#7738)
• runtime: mention LocalRuntime in new_current_thread docs (#7820)
• sync: add missing period to mpsc::Sender::try_send docs (#7721)
• sync: clarify the cancellation safety of oneshot::Receiver (#7780)
• sync: improve the docs for the errors of mpsc (#7722)
• task: add example for spawn_local usage on local runtime (#7689)

#7125: tokio-rs/tokio#7125 #7195: tokio-rs/tokio#7195 #7305: tokio-rs/tokio#7305 #7467: tokio-rs/tokio#7467 #7614: tokio-rs/tokio#7614 #7686: tokio-rs/tokio#7686 #7689: tokio-rs/tokio#7689

... (truncated)

Commits

• e3b89bb chore: prepare Tokio v1.49.0 (#7824)
• 4f577b8 Merge 'tokio-1.47.3' into 'master'
• f320197 chore: prepare Tokio v1.47.3 (#7823)
• ea6b144 ci: freeze rustc on nightly-2025-01-25 in netlify.toml (#7652)
• 264e703 Merge tokio-1.43.4 into tokio-1.47.x (#7822)
• dfb0f00 chore: prepare Tokio v1.43.4 (#7821)
• 4a91f19 ci: fix wasm32-wasip1 tests (#7788)
• 601c383 ci: upgrade FreeBSD from 14.2 to 14.3 (#7758)
• 484cb52 sync: return TryRecvError::Disconnected from Receiver::try_recv after `Re...
• 16f20c3 rt: mention LocalRuntime in new_current_thread docs (#7820)
• Additional commits viewable in compare view

Updates tokio-stream from 0.1.17 to 0.1.18

Commits

• 60b083b chore: prepare tokio-stream 0.1.18 (#7830)
• 9cc02cc chore: prepare tokio-util 0.7.18 (#7829)
• d2799d7 task: improve the docs of Builder::spawn_local (#7828)
• 4d4870f task: doc that task drops before JoinHandle completion (#7825)
• fdb1509 fs: check for io-uring opcode support (#7815)
• 426a562 rt: remove allow(dead_code) after JoinSet stabilization (#7826)
• e3b89bb chore: prepare Tokio v1.49.0 (#7824)
• 4f577b8 Merge 'tokio-1.47.3' into 'master'
• f320197 chore: prepare Tokio v1.47.3 (#7823)
• ea6b144 ci: freeze rustc on nightly-2025-01-25 in netlify.toml (#7652)
• Additional commits viewable in compare view

Updates tempfile from 3.23.0 to 3.24.0

Changelog

Sourced from tempfile's changelog.

3.24.0

• Actually support WASIp2 without the nightly feature. This library is now feature complete on WASIp2 without any additional feature flags.
• Exclude CI scripts from the published crate.

Commits

• 1712764 chore: release v3.24.0
• a8dc864 feat: completely support WASIP2 on stable rust (#382)
• 5a03572 Exclude CI scripts from published package (#384)
• da894f1 build(deps): bump actions/checkout from 5 to 6 (#383)
• See full diff in compare view

Updates napi from 3.6.1 to 3.8.1

Release notes

Sourced from napi's releases.

napi-v3.8.1

Fixed

• (napi) wasi debug compile error (#3081)

napi-v3.8.0

Added

• (napi) support any object types in Stream(#2854)
• (napi-derive) add #[napi(async_iterator)] macro attribute (#3072)

Fixed

• (napi) validate status before copying data in env arraybuffer fallback (#3077)
• (napi) validate status before copying in remaining TypedArray fallback paths (#3076)
• (napi) validate status before copying in TypedArray owned ToNapiValue fallback (#3080)
• (napi) validate status before copying in ArrayBuffer ToNapiValue fallback (#3079)
• (napi) skip debug buffer tracking on wasm targets (#3078)

napi-v3.7.1

Other

• clippy fix for Rust 1.92.0 (#3058)

napi-v3.7.0

Added

• (napi) provide unsafe as_mut on ArrayBuffer (#3055)
• (napi) support Promise.resolve/reject (#3053)

Commits

• e51ce82 chore(napi): release v3.8.1 (#3082)
• 42cb47a fix(napi): wasi debug compile error (#3081)
• 893e913 chore: release (#3073)
• 705b26d chore(release): publish
• 60452d0 fix(cli): properly load WASM package in JS binding template (#3038)
• d78f83d fix(napi): validate status before copying data in env arraybuffer fallback (#...
• 51e65eb fix(napi): validate status before copying in remaining TypedArray fallback pa...
• 6ac1d6b fix(napi): validate status before copying in TypedArray owned ToNapiValue fal...
• c541fee fix(napi): validate status before copying in ArrayBuffer ToNapiValue fallback...
• e55bc34 fix(napi): skip debug buffer tracking on wasm targets (#3078)
• Additional commits viewable in compare view

Updates napi-derive from 3.4.0 to 3.5.0

Release notes

Sourced from napi-derive's releases.

napi-derive-v3.5.0

Added

• (napi-derive) add #[napi(async_iterator)] macro attribute (#3072)

napi-derive-v3.4.1

Other

• clippy fix for Rust 1.92.0 (#3058)

Commits

• 893e913 chore: release (#3073)
• 705b26d chore(release): publish
• 60452d0 fix(cli): properly load WASM package in JS binding template (#3038)
• d78f83d fix(napi): validate status before copying data in env arraybuffer fallback (#...
• 51e65eb fix(napi): validate status before copying in remaining TypedArray fallback pa...
• 6ac1d6b fix(napi): validate status before copying in TypedArray owned ToNapiValue fal...
• c541fee fix(napi): validate status before copying in ArrayBuffer ToNapiValue fallback...
• e55bc34 fix(napi): skip debug buffer tracking on wasm targets (#3078)
• 91f19f4 chore: set napi.rs as homepage in package.json (#3069)
• 8385bef feat(napi): support any object types in Stream(#2854)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.00%. Comparing base (a282841) to head (cd85e60).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #240   +/-   ##
=======================================
  Coverage   97.00%   97.00%           
=======================================
  Files          14       14           
  Lines        3100     3100           
=======================================
  Hits         3007     3007           
  Misses         93       93           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.