chore(deps): bump the dependencies group with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates:

Package	From	To
rayon	1.11.0	1.12.0
serde_json	1.0.149	1.0.150
git2	0.20.4	0.21.0
regex	1.12.3	1.12.4
clap	4.6.0	4.6.1
clap_complete	4.6.0	4.6.5
reqwest	0.13.2	0.13.4
rand	0.10.0	0.10.1
ctor	0.6.3	1.0.7

Updates rayon from 1.11.0 to 1.12.0

Changelog

Sourced from rayon's changelog.

Release rayon 1.12.0 (2026-04-13)

• Fixed a bug in parallel Range<char> when the end is 0xE000, just past the surrogate boundary, which was unsafely producing invalid char values.
• The new method ParallelSlice::par_array_windows works like par_windows but with a constant length, producing &[T; N] items.

Commits

• 7449d7d Merge #1093
• b3d9e3f Release rayon 1.8.0 and rayon-core 1.12.0
• 3fe51e5 Fix clippy::let_and_return
• 082f215 Merge #1087
• ea0c06d core: registry: Factor out "wait till out of work" part of the main loop.
• 75524e2 Merge #1063
• 01d2800 Ignore the multi-threaded test on emscripten/wasm
• 40b59c0 core: Make use_current_thread error rather than panic when already in the pool.
• f4db4d7 core: tests: Add some basic tests for ThreadPoolBuilder::use_current_thread.
• 87274ad core: registry: Add some more documentation for ThreadPoolBuilder::use_curren...
• Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates git2 from 0.20.4 to 0.21.0

Changelog

Sourced from git2's changelog.

0.21.0 - 2026-05-18

0.20.4...main

Added

• Added experimental SHA256 repository support behind the new unstable-sha256 Cargo feature, along with *_ext API variants that accept an ObjectFormat. #1206
• Added opts::set_cache_max_size() and opts::get_cached_memory(). #1188
• Added Repository::object_format() and a new ObjectFormat enum. #1204
• Added Repository::set_config(). #1208
• Added merge_file() along with MergeFileInput. #1210
• Added Repository::refdb_compress() for packing loose refs. #1221
• Added public Refdb type, along with Repository::refdb() and Repository::set_refdb(). Repository::refdb_compress() now delegates to Refdb::compress(). #1228
• Added Revspec::into_objects(). #1230
• Added BlameHunk::final_committer(), BlameHunk::orig_committer(), BlameHunk::summary(), and BlameHunk::summary_bytes(). #1231
• Implemented Clone for Reference. #1233
• Added Repository::author_from_env() and Repository::committer_from_env(). #1237
• Added impl From<Utf8Error> for Error. #1239

Changed

• ❗ The ssh, https, and cred Cargo features are no longer enabled by default. Previously default = ["ssh", "https"]; now default = []. Enable them explicitly if you rely on credential helpers or transport support. #1168
• ❗ CredentialHelper and the url dependency are now gated behind the new cred Cargo feature. Enabling ssh or https transitively enables cred. #1168
• ❗ Updated to the 2021 edition. #1173
• ❗ Many string accessors that previously returned Option<&str> now return Result<&str, Error> or Result<Option<&str>, Error>, so callers can distinguish a missing value from a non-UTF-8 one. #1241
• ❗ BlameHunk::final_signature, BlameHunk::final_committer, BlameHunk::orig_signature, and BlameHunk::orig_committer now return Option to avoid segfaults when signature information is missing. #1254
• Bumped requirement to libgit2-sys 0.18.4, which updates libgit2 to 1.9.3.

... (truncated)

Commits

• dffaf27 Merge pull request #1256 from weihanglo/changelog
• 84b9c76 docs: changelog for git2@0.21
• 8c6dc4a Merge pull request #1206 from weihanglo/sha256-git2
• 7bd145e fix: import ObjectFormat in one place
• fc8af6a test(oid): split _ext to test each format separately
• b9bde87 test: oid length sanity check
• 57a68e0 feat(oid): impl Display for ObjectFormat
• 7acee09 chore(ci): test git2 sha256 support
• bdf5b7b fix: init example with --object-format option
• 9fb4e6a refactor(util): drop unsafe from zeroed_raw_oid
• Additional commits viewable in compare view

Updates regex from 1.12.3 to 1.12.4

Changelog

Sourced from regex's changelog.

1.12.4 (2025-06-09)

This release includes a performance optimization for compilation of regexes with very large character classes.

Improvements:

• #1308: Avoid re-canonicalizing the entire interval set when pushing new class ranges.

Commits

• 7b96fdc 1.12.4
• 7b89cf0 deps: update to regex-syntax 0.8.11
• 1401679 regex-syntax-0.8.11
• d709000 changelog: 1.12.4
• 9825c74 syntax: avoid re-canonicalizing the entire IntervalSet on push (#1308)
• a7f2ff6 docs: clarify regex-lite word boundaries
• 2c7b172 docs: clarify unsupported Anchored::Pattern searches
• 839d16b regex-syntax-0.8.10
• c4865a0 syntax: fix negation handling in HIR translation
• d8761c0 cargo: also include benches
• Additional commits viewable in compare view

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates clap_complete from 4.6.0 to 4.6.5

Release notes

Sourced from clap_complete's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap_complete's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

5.0.0 - TBD

available through unstable-v5 feature flag

Breaking Changes

• Made ArgPredicate non_exhaustive
• (help) Change default Command::term_width to "source format"
• (help) Change default Command::max_term_width to 100
• (derive) Vec<Vec<T>> types are now assuming to capture occurrences
• (derive) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

Features

• (derive) Group values by their occurrence with Vec<Vec<T>>

[Unreleased] - ReleaseDate

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• c8c9355 chore: Release
• af74def docs: Update changelog
• c96f222 Merge pull request #6368 from truffle-dev/fix/fish-env-escaping
• 49a05cd fix(complete): Two-pass quote fish env-completer
• e791004 test(complete): Snapshot fish env quoting cases
• 87ec1ad chore: Release
• 78f2529 docs: Update changelog
• b61f270 Merge pull request #6369 from Metbcy/fix/zsh-completion-ordering
• 74c6666 fix(complete): Keep zsh candidate order
• d142d8f Merge pull request #6360 from epage/string
• Additional commits viewable in compare view

Updates reqwest from 0.13.2 to 0.13.4

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

What's Changed

• fix(tls): improve rustls-no-provider panic message and add module docs by @​smythg4 in seanmonstar/reqwest#3021
• fix: do not lose the url in error when decoding json by @​Dushistov in seanmonstar/reqwest#3026
• Add tls_sslkeylogfile builder method by @​passcod in seanmonstar/reqwest#2923
• fix(redirect): strip sensitive headers on scheme change across redirects by @​SAY-5 in seanmonstar/reqwest#3034
• chore: upgrade MSRV to 1.85 by @​seanmonstar in seanmonstar/reqwest#3038
• chore: clean up minimal-versions CI job by @​seanmonstar in seanmonstar/reqwest#3039
• fix(http3): use happy eyeballs for h3 connect by @​lyuzichong in seanmonstar/reqwest#3030
• fix: update hickory-resolver to 0.26 and adjust code accordingly by @​seanmonstar in seanmonstar/reqwest#3040
• fix: remove unwrap in hickory initialization by @​mat813 in seanmonstar/reqwest#3041
• feat(https): support TLS 1.3 as min version under native-tls 🎉 by @​AverageHelper in seanmonstar/reqwest#2975
• Expose keep alive configurations in blocking client by @​aeb-dev in seanmonstar/reqwest#3043
• Prepare v0.13.4 by @​seanmonstar in seanmonstar/reqwest#3046

New Contributors

• @​smythg4 made their first contribution in seanmonstar/reqwest#3021
• @​Dushistov made their first contribution in seanmonstar/reqwest#3026
• @​SAY-5 made their first contribution in seanmonstar/reqwest#3034
• @​mat813 made their first contribution in seanmonstar/reqwest#3041
• @​AverageHelper made their first contribution in seanmonstar/reqwest#2975
• @​aeb-dev made their first contribution in seanmonstar/reqwest#3043

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

v0.13.3

tl;dr

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

• Update docs.rs Features by @​JamesWiresmith in seanmonstar/reqwest#2961
• fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @​monosans in seanmonstar/reqwest#2797
• fix: remove timeout con by @​cuiweixie in seanmonstar/reqwest#2967
• http3: handle stop_sending without error by @​anuraaga in seanmonstar/reqwest#2978

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.4

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

v0.13.3

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

Commits

• 11489b3 v0.13.4
• d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
• 79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
• fb7bf6a fix: remove unwrap in hickory initialization (#3041)
• 3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
• c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
• 9cbb65b chore: clean up minimal-versions CI job (#3039)
• 17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
• 03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
• 4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
• Additional commits viewable in compare view

Updates rand from 0.10.0 to 0.10.1

Changelog

Sourced from rand's changelog.

[0.10.1] — 2026-02-11

This release includes a fix for a soundness bug; see #1763.

Changes

• Document panic behavior of make_rng and add #[track_caller] (#1761)
• Deprecate feature log (#1763)

#1761: rust-random/rand#1761 #1763: rust-random/rand#1763

Commits

• 27ff4cb Prepare v0.10.1: deprecate feature log (#1763)
• 98d0638 make_rng: document panic and add #[track_caller] (#1761)
• 54e5eaa Fix doc error (#1758)
• 1ce4c08 Bump itoa from 1.0.17 to 1.0.18 in the all-deps group (#1756)
• ccb734b docs: fix typo in doc comment (#1754)
• 357eb7d Bump libc from 0.2.182 to 0.2.183 in the all-deps group (#1753)
• 5e77fe5 Fix trait references in documentation (#1752)
• da89185 Bump the all-deps group with 3 updates (#1751)
• 50516ff Bump the all-deps group with 2 updates (#1749)
• fd71de9 Bump the all-deps group with 2 updates (#1747)
• Additional commits viewable in compare view

Updates ctor from 0.6.3 to 1.0.7

Release notes

Sourced from ctor's releases.

ctor-1.0.7

What's Changed

• Bump downstream link-section crate version and API updates.
• Better error messages on bad attributes.

Full Changelog: mmastrac/linktime@ctor-1.0.6...ctor-1.0.7

ctor-1.0.6

What's Changed

Changed

• Bump link-section dependency to 0.17.0.
• MSRV bumped to 1.85.0 (if priority feature is enabled), otherwise remains at 1.60.0.
  • To restore MSRV to 1.60.0, use ctor = { version = "1.0.6", default-features = false, features = ["proc_macro", "std"] } in your Cargo.toml.

Fixed

• #[ctor] requires significantly less macro recursion.

Full Changelog: mmastrac/linktime@ctor-1.0.5...ctor-1.0.6

ctor-1.0.5

What's Changed

• Ensure WASM meets MSRV of 1.85 by @​mmastrac in mmastrac/linktime#455

Full Changelog: mmastrac/linktime@ctor-1.0.4...ctor-1.0.5

ctor-1.0.4

What's Changed

• Use target_os=windows rather than target_vendor=pc by @​mmastrac in mmastrac/linktime#443
• Add uefi support (.init_array) by @​mmastrac in mmastrac/linktime#444
• Fall back to .init_array on unsupported platforms by @​mmastrac in mmastrac/linktime#445

Full Changelog: mmastrac/linktime@ctor-1.0.3...ctor-1.0.4

ctor-1.0.3

What's Changed

• Fix unsafe C library access with default priority value by @​mmastrac in mmastrac/linktime#442

Other changes

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions