chore(deps): bump the cargo-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the cargo-dependencies group with 6 updates in the / directory:

Package	From	To
axum	0.8.4	0.8.6
axum-extra	0.10.1	0.10.3
clap	4.5.48	4.5.49
reqwest	0.12.23	0.12.24
serde_with	3.14.1	3.15.0
thiserror	2.0.16	2.0.17

Updates axum from 0.8.4 to 0.8.6

Release notes

Sourced from axum's releases.

axum v0.8.5

• fixed: Reject JSON request bodies with trailing characters after the JSON document (#3453)
• added: Implement OptionalFromRequest for Multipart (#3220)
• added: Getter methods Location::{status_code, location}
• added: Support for writing arbitrary binary data into server-sent events (#3425)]
• added: middleware::ResponseAxumBodyLayer for mapping response body to axum::body::Body (#3469)
• added: impl FusedStream for WebSocket (#3443)
• changed: The sse module and Sse type no longer depend on the tokio feature (#3154)
• changed: If the location given to one of Redirects constructors is not a valid header value, instead of panicking on construction, the IntoResponse impl now returns an HTTP 500, just like Json does when serialization fails (#3377)
• changed: Update minimum rust version to 1.78 (#3412)

#3154: tokio-rs/axum#3154 #3220: tokio-rs/axum#3220 #3377: tokio-rs/axum#3377 #3412: tokio-rs/axum#3412 #3425: tokio-rs/axum#3425 #3443: tokio-rs/axum#3443 #3453: tokio-rs/axum#3453 #3469: tokio-rs/axum#3469

Commits

• c1bb9c3 Release axum 0.8.6 and related crates
• 4a50581 Update changelogs
• 5c76cfd Remove usage of the doc_auto_cfg feature (#3505)
• c720f56 Release axum-core v0.5.4
• 0c96ead Remove unused rustversion dependency of axum-core (#3502)
• a1d22f6 Release axum 0.8.5 and related crates
• ad2fd5b Update changelogs
• a0692f9 Reject JSON bodies with trailing chars (#3453)
• ae80850 Update to cargo-deny api version 2 (#3475)
• 651cc1e Remove unused link def
• Additional commits viewable in compare view

Updates axum-extra from 0.10.1 to 0.10.3

Release notes

Sourced from axum-extra's releases.

axum-extra v0.10.2

• added: Implement OptionalFromRequest for Host (#3177)

#3177: tokio-rs/axum#3177

Commits

• c1bb9c3 Release axum 0.8.6 and related crates
• 4a50581 Update changelogs
• 5c76cfd Remove usage of the doc_auto_cfg feature (#3505)
• c720f56 Release axum-core v0.5.4
• 0c96ead Remove unused rustversion dependency of axum-core (#3502)
• a1d22f6 Release axum 0.8.5 and related crates
• ad2fd5b Update changelogs
• a0692f9 Reject JSON bodies with trailing chars (#3453)
• ae80850 Update to cargo-deny api version 2 (#3475)
• 651cc1e Remove unused link def
• Additional commits viewable in compare view

Updates clap from 4.5.48 to 4.5.49

Changelog

Sourced from clap's changelog.

[4.5.49] - 2025-10-13

Fixes

• (help) Correctly wrap when ANSI escape codes are present

Commits

• 6abe2f8 chore: Release
• d5c7454 docs: Update changelog
• 5b2e960 Merge pull request #5985 from mernen/bash-cur
• e426f4e fix(complete): Improve handling of current word in Bash
• d522921 test(complete): Demonstrate current behavior
• 74072ba chore(deps): Update compatible (dev) (#5983)
• See full diff in compare view

Updates reqwest from 0.12.23 to 0.12.24

Release notes

Sourced from reqwest's releases.

v0.12.24

Highlights

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

What's Changed

• build(deps): silence unused deps in WASM build by @​0x676e67 in seanmonstar/reqwest#2799
• perf(util): avoid extra copy when base64 encoding by @​0x676e67 in seanmonstar/reqwest#2805
• docs: fix method name in changelog entry by @​johannespfrang in seanmonstar/reqwest#2807
• chore: Align the name usage of TotalTimeout by @​Xuanwo in seanmonstar/reqwest#2657
• refactor(cookie): add CookieService by @​linyihai in seanmonstar/reqwest#2787
• Fixes typo in retry max_retries_per_request doc comment re 2813 by @​dmackinn in seanmonstar/reqwest#2824
• test(multipart): fix build failure with no-default-features by @​0x676e67 in seanmonstar/reqwest#2801
• refactor(cookie): avoid duplicate cookie insertion by @​0x676e67 in seanmonstar/reqwest#2834

New Contributors

• @​johannespfrang made their first contribution in seanmonstar/reqwest#2807
• @​dmackinn made their first contribution in seanmonstar/reqwest#2824

Full Changelog: seanmonstar/reqwest@v0.12.23...v0.12.24

Changelog

Sourced from reqwest's changelog.

v0.12.24

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

Commits

• b126ca4 v0.12.24
• 4023493 refactor: change fast_random from xorshift to siphash a counter
• fd61bc9 refactor(cookie): avoid duplicate cookie insertion (#2834)
• 0bfa526 test(multipart): fix build failure with no-default-features (#2801)
• 994b8a0 docs: typo in retry max_retries_per_request (#2824)
• da0702b refactor(cookie): de-duplicate cookie support as CookieService middleware (...
• 7ebddea chore: align internal name usage of TotalTimeout (#2657)
• b540a4e chore(readme): use correct CI status badge
• e4550c4 docs: fix method name in changelog entry (#2807)
• f4694a2 perf(util): avoid extra copy when base64 encoding (#2805)
• Additional commits viewable in compare view

Updates serde_with from 3.14.1 to 3.15.0

Release notes

Sourced from serde_with's releases.

serde_with v3.15.0

Added

• Added error inspection to VecSkipError and MapSkipError by @​michelhe (#878) This allows interacting with the previously hidden error, for example for logging. Checkout the newly added example to both types.

• Allow documenting the types generated by serde_conv!. The serde_conv! macro now acceps outer attributes before the optional visibility modifier. This allow adding doc comments in the shape of #[doc = "..."] or any other attributes, such as lint modifiers.

  serde_conv!(
      #[doc = "Serialize bools as string"]
      #[allow(dead_code)]
      pub BoolAsString,
      bool,
      |x: &bool| ::std::string::ToString::to_string(x),
      |x: ::std::string::String| x.parse()
  );

• Add support for hashbrown v0.16 (#877)

  This extends the existing support for hashbrown v0.14 and v0.15 to the newly released version.

Changed

• Bump MSRV to 1.76, since that is required for toml dev-dependency.

Commits

• ea38dce Bump version to 3.15.0 (#892)
• a3da8e6 Bump version to 3.15.0
• c36e692 Bump dev-dependencies (#891)
• ae8466d Bump dev-dependencies
• f7337ff Support serde_core and remove dependencies on serde_derive (#889)
• c1d73b3 Replace serde with serde_core in all files
• 320d292 Remove dependency on serde_derive
• dca6df8 Remove version-sync crate and reimplement needed functionality with regex and...
• 6c6e53f Remove version-sync crate and reimplement needed functionality with regex and...
• f64ea40 Add support for hashbrown v0.16 (#888)
• Additional commits viewable in compare view

Updates thiserror from 2.0.16 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

• Use differently named __private module per patch release (#434)

Commits

• 72ae716 Release 2.0.17
• 599fdce Merge pull request #434 from dtolnay/private
• 9ec05f6 Use differently named __private module per patch release
• d2c492b Raise minimum tested compiler to rust 1.76
• fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
• 819fe29 Update ui test suite to nightly-2025-09-12
• 259f48c Enforce trybuild >= 1.0.108
• 470e6a6 Update ui test suite to nightly-2025-08-24
• 544e191 Update actions/checkout@v4 -> v5
• cbc1eba Delete duplicate cap-lints flag from build script
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 37.74%. Comparing base (3b9f351) to head (d35fb99).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #85   +/-   ##
=======================================
  Coverage   37.74%   37.74%           
=======================================
  Files           7        7           
  Lines         408      408           
=======================================
  Hits          154      154           
  Misses        254      254           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.