chore(deps): bump the rust-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the rust-dependencies group with 6 updates in the / directory:

Package	From	To
serde_json	1.0.149	1.0.150
convex	0.10.3	0.10.4
uuid	1.22.0	1.23.1
octocrab	0.49.5	0.51.0
tracing-subscriber	0.3.22	0.3.23
reqwest	0.13.2	0.13.4

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates convex from 0.10.3 to 0.10.4

Changelog

Sourced from convex's changelog.

0.10.4

• Optimizations to check_valid_field_name in sync_types
• Fix for memory leak in query subscriptions (get-convex/convex-rs#15)
• Bump rust-version minimum from 1.80.1 to 1.85

Commits

• 852046b Release convex-rs 0.10.4 (#49739)
• e2aa67e Commit npm lock files for projects not managed by Rush (#49217)
• f021ad5 Rust client: clear cached query result when the last subscriber drops (#49678)
• 272f649 Refactor (#48412)
• fcc0475 Update webpki-roots, allow CDLA-Permissive-2.0 license (#49369)
• 7529561 Update aws crates (#49202)
• 3809f1d docs: remove JavaScript code blocks (#48145)
• bbd814a Upgrade lz4_flex to 0.13 (#48898)
• 4f09a9d Update rust-openssl dependencies (#48741)
• e4eb7e2 Use unix domain sockets / named pipes for local node executor (#48467)
• Additional commits viewable in compare view

Updates uuid from 1.22.0 to 1.23.1

Release notes

Sourced from uuid's releases.

v1.23.1

What's Changed

• Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
• fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
• Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

• @​guybedford made their first contribution in uuid-rs/uuid#877
• @​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

v1.23.0

What's Changed

• feat: add support for 'hyphenated' format in the serde module by @​FrenchDilettante in uuid-rs/uuid#865
• Fix a number of bugs in time-related code by @​KodrAus in uuid-rs/uuid#872
• Reword invalid char error message by @​KodrAus in uuid-rs/uuid#873
• Impl cleanups by @​KodrAus in uuid-rs/uuid#874
• Use LazyLock to synchronize v1/v6 context initialization by @​KodrAus in uuid-rs/uuid#875
• Prepare for 1.23.0 release by @​KodrAus in uuid-rs/uuid#876

New Contributors

• @​FrenchDilettante made their first contribution in uuid-rs/uuid#865

Special thanks

@​meng-xu-cs raised a series of bugs against the timestamp logic in uuid using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better uuid library for everyone. Thanks!

Deprecations

This release includes the following deprecations:

• Context: Renamed to ContextV1
• Timestamp::from_gregorian: Renamed to Timestamp::from_gregorian_time

Change to Version::Max

Version::Max's u8 representation has changed from 0xff to 0x0f to match the value returned by Uuid::get_version_num.

Change to Uuid::get_version for the max UUID

Uuid::get_version will only return Some(Version::Max) if the UUID is actually the max UUID (all bytes are 0xff). Previously it would return Some if only the version field was 0x0f. This change matches the behaviour of the nil UUID, which only returns Some(Version::Nil) if the UUID is the nil UUID (all bytes are 0x00).

Full Changelog: uuid-rs/uuid@v1.22.0...v1.23.0

Commits

• ca0c85f Merge pull request #879 from uuid-rs/cargo/v1.23.1
• b4db015 prepare for 1.23.1 release
• 771069d Merge pull request #878 from aznashwan/fix-from-gregorian-deprecation-note
• 80994a2 fix: Timestamp::from_gregorian deprecation note
• 90c5be8 Merge pull request #877 from guybedford/remove-wasm-bindgen-msrv
• 8b8c4f4 Remove deprecated feature from wasm-bindgen dependency
• 00ab922 Merge pull request #876 from uuid-rs/cargo/v1.23.0
• 726ba45 prepare for 1.23.0 release
• 996dade Merge pull request #875 from uuid-rs/fix/context-ordering
• e140479 simplify a use stmt
• Additional commits viewable in compare view

Updates octocrab from 0.49.5 to 0.51.0

Release notes

Sourced from octocrab's releases.

v0.51.0

Fixed

• [breaking] actualized github response model for 'List Pull Requests' (#886)

v0.50.0

Added

• add create_comment to PullRequestHandler (#880)
• Add support for exchanging oauth code for access token (#780)
• add get_app (#757)
• Add ability to update an existing label (#786)
• Added converted_from_draft to Event (#859)

Fixed

• Use PUT not PATCH for pull request reviews (#879)
• cargo fmt, cargo test, Set MSRV to 1.85.0 (#878)
• deser generate repo as respository (#812)
• use new search model on search function
• revert commit back to correct structure

Other

• [breaking] remove the either dependency (#883)
• added issue_field_added to Event enum (#882)
• update MSRV to 1.95.0
• don't include unconditional backtrace in Display impl (#824)
• add a simple test for compare commits
• remove duplicated GitUser
• create search models submodule
• move repository model from commits module
• move maybe_empty to models module
• remove Option<> for some fields of PullRequest (#873)

v0.49.9

Other

• Add 'tokio' dependency to retry configuration (#875)

v0.49.8

Added

• add structured GraphQL response and error (#874)

Fixed

• Expose OctoBody (#870)

v0.49.7

... (truncated)

Changelog

Sourced from octocrab's changelog.

0.51.0 - 2026-05-09

Fixed

• [breaking] actualized github response model for 'List Pull Requests' (#886)

0.50.0 - 2026-05-05

Added

• add create_comment to PullRequestHandler (#880)
• Add support for exchanging oauth code for access token (#780)
• add get_app (#757)
• Add ability to update an existing label (#786)
• Added converted_from_draft to Event (#859)

Fixed

• Use PUT not PATCH for pull request reviews (#879)
• cargo fmt, cargo test, Set MSRV to 1.85.0 (#878)
• deser generate repo as respository (#812)
• use new search model on search function
• revert commit back to correct structure

Other

• [breaking] remove the either dependency (#883)
• added issue_field_added to Event enum (#882)
• update MSRV to 1.95.0
• don't include unconditional backtrace in Display impl (#824)
• add a simple test for compare commits
• remove duplicated GitUser
• create search models submodule
• move repository model from commits module
• move maybe_empty to models module
• remove Option<> for some fields of PullRequest (#873)

0.49.9 - 2026-04-26

Other

• Add 'tokio' dependency to retry configuration (#875)

0.49.8 - 2026-04-24

Added

• add structured GraphQL response and error (#874)

Fixed

... (truncated)

Commits

• feddc50 chore: release v0.51.0 (#887)
• e3230ad fix!: actualized github response model for 'List Pull Requests' (#886)
• af4a52e chore: release v0.50.0 (#877)
• 40b967b chore!: remove the either dependency (#883)
• ce8cc89 added issue_field_added to Event enum (#882)
• 21b13ed feat: add create_comment to PullRequestHandler (#880)
• 6e66bda fix: Use PUT not PATCH for pull request reviews (#879)
• 174950f fix: cargo fmt, cargo test, Set MSRV to 1.85.0 (#878)
• 43f2ef0 chore: update MSRV to 1.95.0
• e10d801 feat: Add support for exchanging oauth code for access token (#780)
• Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.22 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

• Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

Commits

• 54ede4d chore: prepare tracing-subscriber 0.3.23 (#3490)
• 37558d5 subscriber: allow ansi sanitization to be disabled (#3484)
• efc690f core: add missing const (#3449)
• 0c32367 core: Use const initializers instead of once_cell
• 9feb241 docs: add arcswap reload crate to related (#3442)
• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• See full diff in compare view

Updates reqwest from 0.13.2 to 0.13.4

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

What's Changed

• fix(tls): improve rustls-no-provider panic message and add module docs by @​smythg4 in seanmonstar/reqwest#3021
• fix: do not lose the url in error when decoding json by @​Dushistov in seanmonstar/reqwest#3026
• Add tls_sslkeylogfile builder method by @​passcod in seanmonstar/reqwest#2923
• fix(redirect): strip sensitive headers on scheme change across redirects by @​SAY-5 in seanmonstar/reqwest#3034
• chore: upgrade MSRV to 1.85 by @​seanmonstar in seanmonstar/reqwest#3038
• chore: clean up minimal-versions CI job by @​seanmonstar in seanmonstar/reqwest#3039
• fix(http3): use happy eyeballs for h3 connect by @​lyuzichong in seanmonstar/reqwest#3030
• fix: update hickory-resolver to 0.26 and adjust code accordingly by @​seanmonstar in seanmonstar/reqwest#3040
• fix: remove unwrap in hickory initialization by @​mat813 in seanmonstar/reqwest#3041
• feat(https): support TLS 1.3 as min version under native-tls 🎉 by @​AverageHelper in seanmonstar/reqwest#2975
• Expose keep alive configurations in blocking client by @​aeb-dev in seanmonstar/reqwest#3043
• Prepare v0.13.4 by @​seanmonstar in seanmonstar/reqwest#3046

New Contributors

• @​smythg4 made their first contribution in seanmonstar/reqwest#3021
• @​Dushistov made their first contribution in seanmonstar/reqwest#3026
• @​SAY-5 made their first contribution in seanmonstar/reqwest#3034
• @​mat813 made their first contribution in seanmonstar/reqwest#3041
• @​AverageHelper made their first contribution in seanmonstar/reqwest#2975
• @​aeb-dev made their first contribution in seanmonstar/reqwest#3043

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

v0.13.3

tl;dr

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

• Update docs.rs Features by @​JamesWiresmith in seanmonstar/reqwest#2961
• fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @​monosans in seanmonstar/reqwest#2797
• fix: remove timeout con by @​cuiweixie in seanmonstar/reqwest#2967
• http3: handle stop_sending without error by @​anuraaga in seanmonstar/reqwest#2978

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.4

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

v0.13.3

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

Commits

• 11489b3 v0.13.4
• d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
• 79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
• fb7bf6a fix: remove unwrap in hickory initialization (#3041)
• 3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
• c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
• 9cbb65b chore: clean up minimal-versions CI job (#3039)
• 17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
• 03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
• 4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.