chore(deps): Bump the rust-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the rust-dependencies group with 8 updates in the / directory:

Package	From	To
chrono	0.4.44	0.4.45
log	0.4.29	0.4.32
reqwest	0.13.3	0.13.4
rpassword	7.5.2	7.5.4
serde_json	1.0.149	1.0.150
serde_with	3.20.0	3.21.0
sqlx	0.8.6	0.9.0
uuid	1.23.1	1.23.2

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

• fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow by @​SAY-5 in chronotope/chrono#1787
• tz_data: fix tzdata locations on Android by @​caruschalalamove in chronotope/chrono#1789

Commits

• 1703382 Prepare 0.4.45 release
• 881f9ab tz_data: fix tzdata locations on Android
• f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
• c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
• 120686c Bump codecov/codecov-action from 5 to 6
• See full diff in compare view

Updates log from 0.4.29 to 0.4.32

Release notes

Sourced from log's releases.

0.4.32

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729
• Prepare for 0.4.32 release by @​KodrAus in rust-lang/log#730

Full Changelog: rust-lang/log@0.4.31...0.4.32

0.4.31

What's Changed

• fix typos in kv compile errors and log documentation by @​Isvane in rust-lang/log#726
• Leverage static str key when possible by @​tisonkun in rust-lang/log#727
• Prepare for 0.4.31 release by @​KodrAus in rust-lang/log#728

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

0.4.30

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Changelog

Sourced from log's changelog.

[0.4.32] - 2026-06-04

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729

Full Changelog: rust-lang/log@0.4.31...0.4.32

[0.4.31] - 2026-06-02

What's Changed

• Leverage static str key when possible by @​tisonkun in rust-lang/log#727

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

[0.4.30] - 2026-05-21

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Commits

• a5b5b21 Merge pull request #730 from rust-lang/cargo/0.4.32
• c8d3b12 prepare for 0.4.32 release
• ce6cd9f Merge pull request #729 from tisonkun/kv-std-support
• 20b3b05 drop cfg-feature=kv as it is already met
• 7bc1200 kv::std_support may not need value-bag
• 5808392 Merge pull request #728 from rust-lang/cargo/0.4.31
• 86d739f prepare for 0.4.31 release
• c906cfb Merge pull request #727 from tisonkun/leverage-static-str-key-when-possible
• 756c279 leverage str literal as well
• 3dd250d rename Key::from_static_str to from_str_static
• Additional commits viewable in compare view

Updates reqwest from 0.13.3 to 0.13.4

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

What's Changed

• fix(tls): improve rustls-no-provider panic message and add module docs by @​smythg4 in seanmonstar/reqwest#3021
• fix: do not lose the url in error when decoding json by @​Dushistov in seanmonstar/reqwest#3026
• Add tls_sslkeylogfile builder method by @​passcod in seanmonstar/reqwest#2923
• fix(redirect): strip sensitive headers on scheme change across redirects by @​SAY-5 in seanmonstar/reqwest#3034
• chore: upgrade MSRV to 1.85 by @​seanmonstar in seanmonstar/reqwest#3038
• chore: clean up minimal-versions CI job by @​seanmonstar in seanmonstar/reqwest#3039
• fix(http3): use happy eyeballs for h3 connect by @​lyuzichong in seanmonstar/reqwest#3030
• fix: update hickory-resolver to 0.26 and adjust code accordingly by @​seanmonstar in seanmonstar/reqwest#3040
• fix: remove unwrap in hickory initialization by @​mat813 in seanmonstar/reqwest#3041
• feat(https): support TLS 1.3 as min version under native-tls 🎉 by @​AverageHelper in seanmonstar/reqwest#2975
• Expose keep alive configurations in blocking client by @​aeb-dev in seanmonstar/reqwest#3043
• Prepare v0.13.4 by @​seanmonstar in seanmonstar/reqwest#3046

New Contributors

• @​smythg4 made their first contribution in seanmonstar/reqwest#3021
• @​Dushistov made their first contribution in seanmonstar/reqwest#3026
• @​SAY-5 made their first contribution in seanmonstar/reqwest#3034
• @​mat813 made their first contribution in seanmonstar/reqwest#3041
• @​AverageHelper made their first contribution in seanmonstar/reqwest#2975
• @​aeb-dev made their first contribution in seanmonstar/reqwest#3043

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

Changelog

Sourced from reqwest's changelog.

v0.13.4

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

Commits

• 11489b3 v0.13.4
• d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
• 79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
• fb7bf6a fix: remove unwrap in hickory initialization (#3041)
• 3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
• c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
• 9cbb65b chore: clean up minimal-versions CI job (#3039)
• 17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
• 03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
• 4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
• Additional commits viewable in compare view

Updates rpassword from 7.5.2 to 7.5.4

Release notes

Sourced from rpassword's releases.

v7.5.4

No functional changes.

I've added license checks with Cargo Deny to ensure that the Apache 2.0 license is compatible with dependencies.

This release also updates the description to make it clear this library is cross-platform on crates.io.

v7.5.3

Fixes compile errors with Rust 1.85. Thanks @​nwalfield for reporting in conradkleinespel/rpassword#130.

Backwards compatible. No breaking change.

Commits

• 1151510 add license checks
• 3ca2ece bump to 7.5.3
• ed863bf remove cargo-tarpaulin build incompatible with rust 1.85 from ci
• 479012d fixes compile errors with rust 1.85
• 6ee4708 update nix config to use rust 1.85
• 6d3518d run ci with rust 1.85
• See full diff in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates serde_with from 3.20.0 to 3.21.0

Release notes

Sourced from serde_with's releases.

serde_with v3.21.0

Security

• GHSA-7gcf-g7xr-8hxj: KeyValueMap serialization panics on empty sequence or map entries Bad or attacker controlled values could cause a panic while allocating too large values. Fixed in #966 by setting a maximum allocation size during the creation of collections like Vec or sets.

  Thanks to @​7thParkk for reporting the issue.

Added

• Add NoneAsZero adapter that maps Option<NonZero*> to a plain integer, encoding None as 0 by @​SAY-5 (#486)

Changed

• Re-enable link-to-definition on docs.rs (#964)

Fixed

• Fix some doc links to point to the correct types (#963)
• Re-enable unused_qualifications and fix the resulting findings by @​lms0806 (#962)

Commits

• 0f4ca67 Update changelog for 3.21.0 (#967)
• 7654841 Update changelog for 3.21.0
• c8a1d82 Protect all collection creations against capacity overflow by using `size_hin...
• 6ad5fa5 Properly feature gate the vec_with_capacity_cautious function
• ef7d141 Protect all collection creations against capacity overflow by using `size_hin...
• a348da3 Add serde_as deserialize_as explain (#958)
• 2e5bc20 Bump the github-actions group with 3 updates (#965)
• 927a3d6 Bump the github-actions group with 3 updates
• 62d14ec Enable link-to-definition on docs.rs again, after the upstream issue was reso...
• 4584d94 Enable link-to-definition on docs.rs again, after the upstream issue was reso...
• Additional commits viewable in compare view

Updates sqlx from 0.8.6 to 0.9.0

Changelog

Sourced from sqlx's changelog.

0.9.0 - 2026-05-06

Important Announcements

New Github Organization

Shortly after this release is published, the SQLx repository will be transferred to a new GitHub organization: https://github.com/transact-rs/

This is because SQLx has not been owned or maintained by LaunchBadge, LLC. for a few years now, and has since been informally transferred to the collective ownership of its principal authors. Moving the repository to a new organization makes this change more clear, and also allows for potentially inviting outside collaborators.

Cargo.lock Removed from Tracking

The Cargo.lock has been removed from tracking in Git. CI should now always test with the latest versions of all dependencies by default, alongside our pass that checks with cargo generate-lockfile -Z minimal-versions.

This should eliminate the need for any PRs that update dependencies to also update Cargo.lock or contend with an endless stream of merge conflicts against it.

N.B. cargo install --locked sqlx-cli will no longer work. However, cargo install sqlx-cli has always used the latest dependencies by default, ignoring the lockfile, so most users should not be affected. For users requiring reproducible builds, consider maintaining your own lockfile instead; historically, we only ran cargo update sporadically, so relying on SQLx's lockfile offered few guarantees anyway.

See [the manual page for cargo install][man-cargo-install] for details.

Breaking

As per our MSRV policy, the supported Rust version for this release cycle is 1.94.0.

• [#3383]: feat: create sqlx.toml format [[@​abonander]]
  • SQLx and sqlx-cli now support per-crate configuration files (sqlx.toml)
  • New functionality includes, but is not limited to:
    • Rename DATABASE_URL for a crate (for multi-database workspaces)
    • Set global type overrides for the macros (supporting custom types)
    • Rename or relocate the _sqlx_migrations table (for multiple crates using the same database)
    • Set characters to ignore when hashing migrations (e.g. ignore whitespace)
  • More to be implemented in future releases.
  • Enable feature sqlx-toml to use.
    • sqlx-cli has it enabled by default, but sqlx does not.
    • Default features of library crates can be hard to completely turn off because of [feature unification], so it's better to keep the default feature set as limited as possible. [This is something we learned the hard way.][preferred-crates]
  • Guide: see sqlx::_config module in documentation.
  • Reference: [Link]
  • Examples (written for Postgres but can be adapted to other databases; PRs welcome!):
    • Multiple databases using DATABASE_URL renaming and global type overrides: [Link]
    • Multi-tenant database using _sqlx_migrations renaming and multiple schemas: [Link]
    • Force use of chrono when time is enabled (e.g. when using tower-sessions-sqlx-store): [[Link][preferred-crates]]
      • Forcing bigdecimal when rust_decimal is enabled is also shown, but problems with chrono/time are more common.

... (truncated)

Commits

• 75bc048 Release 0.9.0 (#4256)
• 6956cef Prefer to give real data to .bind() in README.md (#4257)
• 45ba990 Add the possibility to skip migrations (#3846)
• 66533fa Ensure Deterministic Migration Order (#4136)
• db47fe3 ci: check direct minimal versions (#4173)
• 9ecb76d Unescape PostgreSQL passfile password (#3993)
• c0a3218 breaking(any+mysql): correctly convert text and blob types to AnyTypeInfo (...
• d82b781 test(sqlite): add regression test for ORDER BY + LIMIT nullability (#4223)
• b77ba16 chore: update to axum 0.8 (#4253)
• c0ec9c0 fix(tls): potential deadlock in StdSocket::poll_ready() (#4251)
• Additional commits viewable in compare view

Updates uuid from 1.23.1 to 1.23.2

Release notes

Sourced from uuid's releases.

v1.23.2

What's Changed

• Improve error messages for ambiguous formats by @​KodrAus in uuid-rs/uuid#882
• Prepare for 1.23.2 release by @​KodrAus in uuid-rs/uuid#883

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

Commits

• d119657 Merge pull request #883 from uuid-rs/cargo/v1.23.2
• 0651cfc prepare for 1.23.2 release
• e8dea0c Merge pull request #882 from uuid-rs/fix/error-msgs
• bdc429a fix up serde messages
• d4342e4 make indexes 0 based and fix up more error messages
• 4ad479f work on more accurate parser errors
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions