chore(deps): bump the minor-and-patch group across 1 directory with 12 updates

[dependabot]

Bumps the minor-and-patch group with 12 updates in the / directory:

Package	From	To
http	1.4.0	1.4.2
regex	1.12.3	1.12.4
rustls	0.23.40	0.23.41
serde_json	1.0.149	1.0.150
log	0.4.29	0.4.33
sysinfo	0.39.1	0.39.5
tar	0.4.45	0.4.46
rustls-native-certs	0.8.3	0.8.4
getrandom	0.4.2	0.4.3
chrono	0.4.44	0.4.45
serde_with	3.20.0	3.21.0
uuid	1.23.1	1.23.3

Updates http from 1.4.0 to 1.4.2

Release notes

Sourced from http's releases.

v1.4.1

tl;dr

• Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
• Fix Extend for HeaderMap to clamp max size hint and not overflow.
• Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
• Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

What's Changed

• chore(header): fix clippy::assign_op_pattern by @​rxc-amzn in hyperium/http#806
• ci: pin itoa in msrv job by @​seanmonstar in hyperium/http#813
• Remove unnecessary explicit lifetimes by @​jplatte in hyperium/http#815
• chore(ci): update to actions/checkout@v6 by @​tottoto in hyperium/http#819
• tests: update to rand 0.10 by @​tottoto in hyperium/http#818
• refactor: Remove usage of float instruction by @​AurelienFT in hyperium/http#823
• refactor(uri): consolidate PathAndQuery::from_shared and from_static by @​seanmonstar in hyperium/http#825
• fix(uri): reject Path::from_shared/from_static if doesn't start with slash by @​seanmonstar in hyperium/http#826
• Rephrase comment by @​daalfox in hyperium/http#827
• Fix typo in request builder docs by @​vleksis in hyperium/http#831
• fix: clamp Extend size hint so HeaderMap reserve cannot overflow by @​SAY-5 in hyperium/http#833
• fix(headers): fix stacked borrows for IterMut/ValuesIterMut by @​seanmonstar in hyperium/http#837
• fix(header): use a set_len guard in IntoIter drop by @​seanmonstar in hyperium/http#838

New Contributors

• @​rxc-amzn made their first contribution in hyperium/http#806
• @​AurelienFT made their first contribution in hyperium/http#823
• @​daalfox made their first contribution in hyperium/http#827
• @​vleksis made their first contribution in hyperium/http#831
• @​SAY-5 made their first contribution in hyperium/http#833

Full Changelog: hyperium/http@v1.4.0...v1.4.1

Changelog

Sourced from http's changelog.

1.4.2 (June 8, 2026)

• Fix uri::Builder to allow "*" as the path when scheme and authority are also set, used in HTTP/2 requests.
• Fix Uri to properly reject DEL characters.

1.4.1 (May 25, 2026)

• Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
• Fix Extend for HeaderMap to clamp max size hint and not overflow.
• Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
• Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

Commits

• 82db5b8 v1.4.2
• a9cdbf8 fix(uri): reject DEL character (#842)
• df75ca3 fix(uri): allow STAR paths with scheme/auth (#843)
• ec3f8ce feat(method): impl PartialOrd + Ord (#840)
• a24c968 v1.4.1
• bc3b044 fix(header): use a set_len guard in IntoIter drop (#838)
• 1b968dc fix(header): fix stacked borrows for IterMut/ValuesIterMut (#837)
• 6e2dd42 fix: clamp Extend size hint so HeaderMap reserve cannot overflow (#833)
• 68e0abb docs: fix typo in request builder docs (#831)
• 29dd307 docs(extensions): rephrase internal comment (#827)
• Additional commits viewable in compare view

Updates regex from 1.12.3 to 1.12.4

Changelog

Sourced from regex's changelog.

1.12.4 (2025-06-09)

This release includes a performance optimization for compilation of regexes with very large character classes.

Improvements:

• #1308: Avoid re-canonicalizing the entire interval set when pushing new class ranges.

Commits

• 7b96fdc 1.12.4
• 7b89cf0 deps: update to regex-syntax 0.8.11
• 1401679 regex-syntax-0.8.11
• d709000 changelog: 1.12.4
• 9825c74 syntax: avoid re-canonicalizing the entire IntervalSet on push (#1308)
• a7f2ff6 docs: clarify regex-lite word boundaries
• 2c7b172 docs: clarify unsupported Anchored::Pattern searches
• 839d16b regex-syntax-0.8.10
• c4865a0 syntax: fix negation handling in HIR translation
• d8761c0 cargo: also include benches
• Additional commits viewable in compare view

Updates rustls from 0.23.40 to 0.23.41

Commits

• 642a103 ci: drop Taplo job
• 752c144 Drop nightly clippy tests
• 8d8611a Fix new clippy::useless-borrows-in-formatting
• ebf3297 Fix new clippy::manual_clear
• 46808e7 ci: sync cargo-check-external-types nightly
• 041a8d2 Cargo deny: allow RUSTSEC-2026-0173
• 62e220e Take semver-compatible dependency updates
• 3c14696 Upgrade to hickory-resolver 0.26
• 848a2cc connect-tests: delete ech.rs
• 5ce9cac Bump version to 0.23.41
• Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates log from 0.4.29 to 0.4.33

Release notes

Sourced from log's releases.

0.4.32

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729
• Prepare for 0.4.32 release by @​KodrAus in rust-lang/log#730

Full Changelog: rust-lang/log@0.4.31...0.4.32

0.4.31

What's Changed

• fix typos in kv compile errors and log documentation by @​Isvane in rust-lang/log#726
• Leverage static str key when possible by @​tisonkun in rust-lang/log#727
• Prepare for 0.4.31 release by @​KodrAus in rust-lang/log#728

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

0.4.30

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Changelog

Sourced from log's changelog.

[0.4.33] - 2026-06-20

What's Changed

• Fixed key comparison by @​matteo-zeggiotti-ok in rust-lang/log#732

New Contributors

• @​matteo-zeggiotti-ok made their first contribution in rust-lang/log#732

Full Changelog: rust-lang/log@0.4.32...0.4.33

[0.4.32] - 2026-06-04

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729

Full Changelog: rust-lang/log@0.4.31...0.4.32

[0.4.31] - 2026-06-02

What's Changed

• Leverage static str key when possible by @​tisonkun in rust-lang/log#727

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

[0.4.30] - 2026-05-21

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Commits

• f405739 Merge pull request #734 from rust-lang/cargo/0.4.33
• 6a24abf prepare for 0.4.33 release
• 87e0621 Merge pull request #732 from matteo-zeggiotti-ok/fix-key-comparison
• a9b5711 Review: fallback to the &str hash
• cc89cc6 Review: fixed other comparisons
• 920e7dc Review: fixed comparison on MaybeStaticStr
• 0d71d3c Fixed key comparison
• a5b5b21 Merge pull request #730 from rust-lang/cargo/0.4.32
• c8d3b12 prepare for 0.4.32 release
• ce6cd9f Merge pull request #729 from tisonkun/kv-std-support
• Additional commits viewable in compare view

Updates sysinfo from 0.39.1 to 0.39.5

Changelog

Sourced from sysinfo's changelog.

0.39.5

• macOS: Fix build for apple app store

0.39.4

• Unix: Fix soundness issue when retrieving user's groups.
• macOS: Add new macOS version name.
• macOS: Fix inaccurate open_files returned value.

0.39.3

• Unix: Fix retrieval of Network::mac_addr.
• Linux: Improve retrieval of process information if process terminates while doing so.

0.39.2

• Windows: Greatly improve performance of System::refresh_cpu_specifics when CPU usage is not requested.
• iOS: Fix compilation error when user feature is enabled.
• Linux: Correctly set thread information for processes.

Commits

• 029025e Update crate version to 0.39.5
• 78205e7 Update CHANGELOG for 0.39.5
• 2a39746 Fix build for apple app store
• c07bb44 Update CHANGELOG for 0.39.4
• 559b07d Update crate version to 0.39.4
• 07e3177 Linux: Fix soundness issue when retrieving user groups
• 79943ec Add new macOS version name
• 86af156 Added failure handling for open_files()
• 634e1cf fix: inaccurate open_files() implementation (#1681) (#1682)
• 3d1c52a Update crate version to 0.39.3
• Additional commits viewable in compare view

Updates tar from 0.4.45 to 0.4.46

Release notes

Sourced from tar's releases.

0.4.46

Security

• archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm) by @​cgwalters in composefs/tar-rs#454

See also GHSA-3cv2-h65g-fgmm

Other changes

• ci: Fix and re-enable reverse dependency testing by @​cgwalters in composefs/tar-rs#444
• Update astral-tokio-tar requirement from 0.5 to 0.6 by @​dependabot[bot] in composefs/tar-rs#446
• Update some links by @​atouchet in composefs/tar-rs#445
• Add support of absolute paths by @​zxvfc in composefs/tar-rs#426
• docs: Expand notes on concurrent mutations and following symlinks by @​cgwalters in composefs/tar-rs#453
• Update repo links by @​cgwalters in composefs/tar-rs#451
• ci: Add crates.io trusted publishing workflow by @​cgwalters in composefs/tar-rs#456
• Release 0.4.46 by @​cgwalters in composefs/tar-rs#455

New Contributors

• @​dependabot[bot] made their first contribution in composefs/tar-rs#446
• @​atouchet made their first contribution in composefs/tar-rs#445
• @​zxvfc made their first contribution in composefs/tar-rs#426

Full Changelog: composefs/tar-rs@0.4.45...0.4.46

Commits

• fc459c1 Release 0.4.46
• 43e05a8 ci: Add crates.io trusted publishing workflow
• bba5666 Update repo links
• cd94c46 docs: Document TOCTOU / concurrent-mutation threat model
• 1b4997c builder: Expand docs for follow_symlinks and append_dir_all
• bab14dd archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm)
• 2349b49 Add support of absolute paths
• 39d0311 Update some links
• 59d803e Update astral-tokio-tar requirement from 0.5 to 0.6
• 8296b9a ci: Fix and re-enable reverse dependency testing (#444)
• See full diff in compare view

Updates rustls-native-certs from 0.8.3 to 0.8.4

Release notes

Sourced from rustls-native-certs's releases.

0.8.4

What's Changed

• Exclude development script by @​weiznich in rustls/rustls-native-certs#216
• Update README.md with CertificateResult by @​jleffell in rustls/rustls-native-certs#225
• chore(docsrs): make docs.rs build work by @​joshuachp in rustls/rustls-native-certs#222
• Ignore empty entries in SSL_CERT_DIR by @​sliekens in rustls/rustls-native-certs#242

Commits

• 9d1f11e Bump version to 0.8.4
• a008aa1 Take semver-compatible dependency versions
• 26d43e3 Ignore empty entries in SSL_CERT_DIR
• 4d4f4de build(deps): bump serial_test from 3.4.0 to 3.5.0 in the crates-io group
• 8707835 Take semver-compatible dependency updates
• f89af49 Apply suggestions from nightly clippy
• 4ea7b7b build(deps): bump rustls from 0.23.38 to 0.23.39 in the crates-io group
• fa48b0a Take semver-compatible dependency updates
• 559fd3d build(deps): bump the crates-io group with 2 updates
• 0346ae5 Take semver-compatible dependency updates
• Additional commits viewable in compare view

Updates getrandom from 0.4.2 to 0.4.3

Changelog

Sourced from getrandom's changelog.

0.4.3 - 2026-06-17

Added

• wasm64-unknown-unknown target support for wasm_js backend #848

Changed

• Drop wasip2 and wasip3 dependencies in favor of manual bindings #830

#830: rust-random/getrandom#830 #848: rust-random/getrandom#848

Commits

• 5e7cd57 Release v0.4.3 (#853)
• 1ea268a Use manual bindings for WASIp2/3 (#830)
• f7290b0 Update Cargo.lock (#852)
• 16ce801 Update Cargo.lock (#850)
• e5adfca Add wasm64-unknown-unknown support for wasm_js backend (#848)
• 626df8d Update Cargo.lock (#846)
• 4a01cb2 Update Cargo.lock (#841)
• f87bf39 Update Cargo.lock (#836)
• eadb879 ci: re-enable build job for x86_64-pc-cygwin (#832)
• d715d73 CI: Reduce the number of packages that are updated for wasip2 MSRV test (#825)
• Additional commits viewable in compare view

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

• fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow by @​SAY-5 in chronotope/chrono#1787
• tz_data: fix tzdata locations on Android by @​caruschalalamove in chronotope/chrono#1789

Commits

• 1703382 Prepare 0.4.45 release
• 881f9ab tz_data: fix tzdata locations on Android
• f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
• c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
• 120686c Bump codecov/codecov-action from 5 to 6
• See full diff in compare view

Updates serde_with from 3.20.0 to 3.21.0

Release notes

Sourced from serde_with's releases.

serde_with v3.21.0

Security

• GHSA-7gcf-g7xr-8hxj: KeyValueMap serialization panics on empty sequence or map entries Bad or attacker controlled values could cause a panic while allocating too large values. Fixed in #966 by setting a maximum allocation size during the creation of collections like Vec or sets.

  Thanks to @​7thParkk for reporting the issue.

Added

• Add NoneAsZero adapter that maps Option<NonZero*> to a plain integer, encoding None as 0 by @​SAY-5 (#486)

Changed

• Re-enable link-to-definition on docs.rs (#964)

Fixed

• Fix some doc links to point to the correct types (#963)
• Re-enable unused_qualifications and fix the resulting findings by @​lms0806 (#962)

Commits

• 0f4ca67 Update changelog for 3.21.0 (#967)
• 7654841 Update changelog for 3.21.0
• c8a1d82 Protect all collection creations against capacity overflow by using `size_hin...
• 6ad5fa5 Properly feature gate the vec_with_capacity_cautious function
• ef7d141 Protect all collection creations against capacity overflow by using `size_hin...
• a348da3 Add serde_as deserialize_as explain (#958)
• 2e5bc20 Bump the github-actions group with 3 updates (#965)
• 927a3d6 Bump the github-actions group with 3 updates
• 62d14ec Enable link-to-definition on docs.rs again, after the upstream issue was reso...
• 4584d94 Enable link-to-definition on docs.rs again, after the upstream issue was reso...
• Additional commits viewable in compare view

Updates uuid from 1.23.1 to 1.23.3

Release notes

Sourced from uuid's releases.

v1.23.3

What's Changed

• Fix up parser panic on empty input by @​KodrAus in uuid-rs/uuid#886
• Prepare for 1.23.3 release by @​KodrAus in uuid-rs/uuid#887

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3

v1.23.2

What's Changed

• Improve error messages for ambiguous formats by @​KodrAus in uuid-rs/uuid#882
• Prepare for 1.23.2 release by @​KodrAus in uuid-rs/uuid#883

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

Commits

• 20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
• 62232ca prepare for 1.23.3 release
• 2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
• 2d034d4 fix some invalid indexers on error reporting
• a8b9f14 update fuzz infra and run in CI
• d119657 Merge pull request #883 from uuid-rs/cargo/v1.23.2
• 0651cfc prepare for 1.23.2 release
• e8dea0c Merge pull request #882 from uuid-rs/fix/error-msgs
• bdc429a fix up serde messages
• d4342e4 make indexes 0 based and fix up more error messages
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions