build(deps): bump the rust-deps group in /ctxium with 11 updates

[dependabot]

Bumps the rust-deps group in /ctxium with 11 updates:

Package	From	To
clap	4.5.54	4.6.1
tokio	1.49.0	1.52.1
reqwest	0.12.28	0.13.2
axum	0.7.9	0.8.9
chrono	0.4.43	0.4.44
colored	2.2.0	3.1.1
tar	0.4.44	0.4.45
flate2	1.1.8	1.1.9
tempfile	3.24.0	3.27.0
dirs	5.0.1	6.0.0
futures	0.3.31	0.3.32

Updates clap from 4.5.54 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

v4.5.60

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

v4.5.59

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

v4.5.58

[4.5.58] - 2026-02-11

v4.5.57

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

v4.5.56

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

v4.5.55

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

[4.6.0] - 2026-03-12

Compatibility

• Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

• Update dependencies

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

[4.5.58] - 2026-02-11

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates tokio from 1.49.0 to 1.52.1

Release notes

Sourced from tokio's releases.

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

• runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

Changed

• runtime: improve spawn_blocking scalability with sharded queue (#7757)
• runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

• runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

• docs: fix typo in oneshot::Sender::send docs (#8026)
• docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
• net: add docs on ConnectionRefused errors with UDP sockets (#7870)

#7757: tokio-rs/tokio#7757 #7870: tokio-rs/tokio#7870 #7907: tokio-rs/tokio#7907 #7992: tokio-rs/tokio#7992 #8010: tokio-rs/tokio#8010 #8025: tokio-rs/tokio#8025 #8026: tokio-rs/tokio#8026 #8028: tokio-rs/tokio#8028 #8029: tokio-rs/tokio#8029

... (truncated)

Commits

• 905c146 chore: prepare to release v1.52.1 (#8059)
• 56aaa43 rt: revert #7757 to fix regression in spawn_blocking (#8057)
• 57ff47a ci: update trybuild to expect output from rustc 1.95.0 (#8058)
• 812de3e ci: bump taiki-e/cache-cargo-install-action from 1 to 3 (#8053)
• ba82e73 ci: use Dependabot to keep github actions up to date (#8052)
• 2e85f9d ci: replace cirrus-ci with freebsd-vm (#8041)
• a7e1cd8 ci: update GitHub Actions workflows to use latest tool versions (#8047)
• 5f7be0a chore: perpare 1.52.0 (#8045)
• 36d12d2 taskdump: allow impl FnMut() in taskdumps instead of just fn() (#8040)
• f943312 fs: support io-uring in AsyncRead for File (#7907)
• Additional commits viewable in compare view

Updates reqwest from 0.12.28 to 0.13.2

Release notes

Sourced from reqwest's releases.

v0.13.2

tl;dr

• Fix HTTP/2 and native-tls ALPN feature combinations.
• Fix HTTP/3 to send h3 ALPN.
• (wasm) fix RequestBuilder::json() from override previously set content-type.

What's Changed

• chore(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in seanmonstar/reqwest#2921
• Update readme for 0.13 by @​VojtaStanek in seanmonstar/reqwest#2926
• fix http2 feature is not enabled for "native-tls" by @​fox0 in seanmonstar/reqwest#2927
• chore(deps): remove unused webpki-roots and rustls-native-certs by @​seanmonstar in seanmonstar/reqwest#2932
• docs: native-tls-alpn has changed to native-tls-no-alpn by @​seanmonstar in seanmonstar/reqwest#2940
• Specify h3 alpn for http3 connector by @​passcod in seanmonstar/reqwest#2929
• update copyright year to 2026 by @​taozui472 in seanmonstar/reqwest#2943
• fix(json): custom content-type overidden by json method for wasm by @​Narendran-KT in seanmonstar/reqwest#2908
• chore: upgrade wasm-streams to v0.5 by @​xangelix in seanmonstar/reqwest#2958
• chore(ci): add windows and linux arm64 to ci by @​dennisameling in seanmonstar/reqwest#2960

New Contributors

• @​VojtaStanek made their first contribution in seanmonstar/reqwest#2926
• @​fox0 made their first contribution in seanmonstar/reqwest#2927
• @​passcod made their first contribution in seanmonstar/reqwest#2929
• @​taozui472 made their first contribution in seanmonstar/reqwest#2943
• @​Narendran-KT made their first contribution in seanmonstar/reqwest#2908
• @​xangelix made their first contribution in seanmonstar/reqwest#2958
• @​dennisameling made their first contribution in seanmonstar/reqwest#2960

Full Changelog: seanmonstar/reqwest@v0.13.1...v0.13.2

v0.13.1

What's Changed

• http3: depend on quinn/rustls-aws-lc-rs to avoid ring dependency by @​djc in seanmonstar/reqwest#2917
• fix rustls on android by @​seanmonstar in seanmonstar/reqwest#2918

Full Changelog: seanmonstar/reqwest@v0.13.0...v0.13.1

v0.13.0

Breaking changes

• rustls is now the default TLS backend, instead of native-tls.
• rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
• rustls-tls has been renamed to rustls.
• rustls roots features removed, rustls-platform-verifier is used by default.
  • To use different roots, call tls_certs_only(your_roots).
• native-tls now includes ALPN. To disable, use native-tls-no-alpn.
• query and form are now crate features, disabled by default.
• Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.2

• Fix HTTP/2 and native-tls ALPN feature combinations.
• Fix HTTP/3 to send h3 ALPN.
• (wasm) fix RequestBuilder::json() from override previously set content-type.

v0.13.1

• Fixes compiling with rustls on Android targets.

v0.13.0

• Breaking changes:
  • rustls is now the default TLS backend, instead of native-tls.
  • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
  • rustls-tls has been renamed to rustls.
  • rustls roots features removed, rustls-platform-verifier is used by default.
    • To use different roots, call tls_certs_only(your_roots).
  • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
  • query and form are now crate features, disabled by default.
  • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
• Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
  • For example, prefer tls_backend_rustls() over use_rustls_tls().

Commits

• ad83b63 v0.13.2
• c25f3db chore: Add Windows and Linux arm64 to CI (#2960)
• 761b89e chore: upgrade wasm-streams to v0.5 (#2958)
• fd2d507 fix(wasm): custom content-type overidden by json method for wasm (#2908)
• 23eb7d4 chore: update copyright year to 2026 (#2943)
• 10c31c2 fix(http3): specify h3 alpn for http3 connector (#2929)
• 8530ec3 docs: native-tls-alpn has changed to native-tls-no-alpn (#2940)
• 04a216f chore(deps): remove unused webpki-roots and rustls-native-certs (#2932)
• 406b59e fix http2 feature is not enabled for native-tls ALPN (#2927)
• 325a020 Update readme for 0.13 (#2926)
• Additional commits viewable in compare view

Updates axum from 0.7.9 to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

• added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
• changed: Update minimum rust version to 1.80 (#3620)
• fixed: Set connect endpoint on correct field in MethodRouter (#3656)
• fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

axum v0.8.8

• Clarify documentation for Router::route_layer (#3567)

#3567: tokio-rs/axum#3567

axum v0.8.7

• Relax implicit Send / Sync bounds on RouterAsService, RouterIntoService (#3555)
• Make it easier to visually scan for default features (#3550)
• Fix some documentation typos

#3550: tokio-rs/axum#3550 #3555: tokio-rs/axum#3555

axum v0.8.5

• fixed: Reject JSON request bodies with trailing characters after the JSON document (#3453)
• added: Implement OptionalFromRequest for Multipart (#3220)
• added: Getter methods Location::{status_code, location}
• added: Support for writing arbitrary binary data into server-sent events (#3425)]
• added: middleware::ResponseAxumBodyLayer for mapping response body to axum::body::Body (#3469)
• added: impl FusedStream for WebSocket (#3443)
• changed: The sse module and Sse type no longer depend on the tokio feature (#3154)
• changed: If the location given to one of Redirects constructors is not a valid header value, instead of panicking on construction, the IntoResponse impl now returns an HTTP 500, just like Json does when serialization fails (#3377)
• changed: Update minimum rust version to 1.78 (#3412)

#3154: tokio-rs/axum#3154 #3220: tokio-rs/axum#3220 #3377: tokio-rs/axum#3377 #3412: tokio-rs/axum#3412 #3425: tokio-rs/axum#3425 #3443: tokio-rs/axum#3443 #3453: tokio-rs/axum#3453 #3469: tokio-rs/axum#3469

axum v0.8.4

• added: Router::reset_fallback (#3320)
• added: WebSocketUpgrade::selected_protocol (#3248)
• fixed: Panic location for overlapping method routes (#3319)
• fixed: Don't leak a tokio task when using serve without graceful shutdown (#3129)

... (truncated)

Commits

• c59208c revert axum-core changelog changes
• 99068f5 Revert "Fix IntoResponse for tuples overriding error response codes (#3603)"
• 23d7098 Revert "axum-core 0.5.6"
• e8a39ad axum-macros 0.5.1
• 6e9a249 axum-extra 0.12.6
• 0ec9041 axum 0.8.9
• c3fcebb axum-core 0.5.6
• a8790fc update release notes
• 26ba7bb docs: consolidate state management docs in crate root (#3683)
• 9fc59ef Update to tokio-tungstenite 0.29 (#3689)
• Additional commits viewable in compare view

Updates chrono from 0.4.43 to 0.4.44

Release notes

Sourced from chrono's releases.

0.4.44

What's Changed

• docs: match MSRV with Cargo.toml contents by @​coryan in chronotope/chrono#1772
• Add track_caller to non-deprecated functions by @​svix-jplatte in chronotope/chrono#1774

Commits

• c14b459 Bump version to 0.4.44
• ea832c5 Add track_caller to non-deprecated functions
• cfae889 Fix panic message in to_rfc2822
• f8900b5 docs: match MSRV with Cargo.toml contents
• See full diff in compare view

Updates colored from 2.2.0 to 3.1.1

Release notes

Sourced from colored's releases.

v3.1.1

No release notes provided.

v3.1.0

No release notes provided.

v3.0.0

• [BREAKING CHANGE]: Upgrade MSRV to 1.80 and remove the then unnecessary lazy_static dependency.

Changelog

Sourced from colored's changelog.

Unreleased

• Added methods ansi_color and on_ansi_color to Colorize.

3.0.0

• [BREAKING CHANGE]: Upgrade MSRV to 1.80 and remove the then unnecessary lazy_static dependency.

Commits

• 5204a26 3.1.1
• 49392a3 Limit to 5 keywords
• b791685 3.1.0
• 9a83121 Allow windows-sys 0.61 to be used (#218)
• 192598d Clean up Colorize trait
• ec013ae chore: minor improvement for docs (#212)
• 5bc198b Replace 'ansi_term' dev-dependency with 'ansiterm' (#209)
• a21367d Allow windows-sys 0.60 to be used (#206)
• 9450fea Fix clippy warning (#207)
• 68761c1 README: use the latest v3.0 version for example (#204)
• Additional commits viewable in compare view

Updates tar from 0.4.44 to 0.4.45

Commits

• 096e3d1 Bump to 0.4.45 (#443)
• 17b1fd8 archive: Prevent symlink-directory collision chmod attack (#442)
• de1a587 archive: Unconditionally honor PAX size (#441)
• 6071cbe ci: Consolidate workflows (#439)
• ad1fde9 build-sys: Promote unused_code to an error
• c8cb250 tests: Squash a warning
• 638c495 ci: Add xtask infra + reverse dependency testing (#435)
• 32a9bbb tests: Add RandomReader to exercise partial-read resilience (#436)
• 9c5df0b Fix GNU long-name extension stream corruption on validation error (#434)
• 88b1e3b Fix docs typo in header.rs (#431)
• Additional commits viewable in compare view

Updates flate2 from 1.1.8 to 1.1.9

Commits

• 19ddb18 Merge pull request #529 from folkertdev/update-zlib-rs-0.6.0
• c956e12 upgrade zlib-rs to version 0.6.0
• 21d5eeb Merge pull request #528 from wgyt/wgyt/patch
• 54f8484 update LICENSE-MIT
• f4924fe Merge pull request #527 from jongiddy/crc-tests
• 8b9b7a6 Add tests to check data CRC
• fd17c74 Merge pull request #526 from folkertdev/zlib-rs-crc32
• aef26ac check that zlib-rs no longer compiles crc32fast
• 5ec7647 make crc32fast an optional dependency
• c584e97 use zlib-rs for crc32 (when available)
• See full diff in compare view

Updates tempfile from 3.24.0 to 3.27.0

Changelog

Sourced from tempfile's changelog.

3.27.0

This release adds TempPath::try_from_path and deprecates TempPath::from_path.

Prior to this release, TempPath::from_path made no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:

let tmp_path = TempPath::from_path("foo")
std::env::set_current_dir("/some/other/path").unwrap();
drop(tmp_path);

Now:

1. TempPath::from_path will attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to call std::env::current_dir, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.
2. The TempPath::try_from_path behaves exactly like TempPath::from_path, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).

Neither function attempt to verify the existence of the file in question.

Thanks to @​meng-xu-cs for reporting this issue.

3.26.0

• Support NamedTempFile::persist on RedoxOS (#393) (thanks to @​Andy-Python-Programmer).

3.25.0

• Allow getrandom 0.4.x while retaining support for getrandom 0.3.x.

Commits

• 5c8fa12 chore: release 3.27.0
• e34e574 test: disable uds conflict test on redox
• 772c795 test: add CWD guards
• 2632fb9 fix: resolve relative paths when constructing TempPath
• 929a112 chore: release 3.26.0
• 29d6ac5 Add Redox OS CI (#394)
• 375067f doc(README): document supported platforms
• d353717 feat(redox): implement persist() (#393)
• 64114d7 Fix typos in documentation (#392)
• 9a38b8d chore: release 3.25.0
• Additional commits viewable in compare view

Updates dirs from 5.0.1 to 6.0.0

Commits

• See full diff in compare view

Updates futures from 0.3.31 to 0.3.32

Release notes

Sourced from futures's releases.

0.3.32

• Bump MSRV of utility crates to 1.71. (#2989)
• Soft-deprecate ready! macro in favor of std::task::ready! added in Rust 1.64 (#2925)
• Soft-deprecate pin_mut! macro in favor of std::pin::pin! added in Rust 1.68 (#2929)
• Add FuturesOrdered::clear (#2927)
• Add mpsc::*Receiver::recv (#2947)
• Add mpsc::*Receiver::try_recv and deprecate mpsc::*Receiver::::try_next (#2944)
• Implement FusedStream for sink::With (#2948)
• Add no_std support for shared (#2868)
• Make Mutex::new() const (#2956)
• Add #[clippy::has_significant_drop] to guards (#2967)
• Remove dependency to pin-utils (#2929)
• Remove dependency on num_cpus (#2946)
• Performance improvements (#2983)
• Documentation improvements (#2925, #2926, #2940, #2971)

Changelog

Sourced from futures's changelog.

0.3.32 - 2026-02-15

• Bump MSRV of utility crates to 1.71. (#2989)
• Soft-deprecate ready! macro in favor of std::task::ready! added in Rust 1.64 (#2925)
• Soft-deprecate pin_mut! macro in favor of std::pin::pin! added in Rust 1.68 (#2929)
• Add FuturesOrdered::clear (#2927)
• Add mpsc::*Receiver::recv (#2947)
• Add mpsc::*Receiver::try_recv and deprecate mpsc::*Receiver::::try_next (#2944)
• Implement FusedStream for sink::With (#2948)
• Add no_std support for shared (#2868)
• Make Mutex::new() const (#2956)
• Add #[clippy::has_significant_drop] to guards (#2967)
• Remove dependency to pin-utils (#2929)
• Remove dependency on num_cpus (#2946)
• Performance improvements (#2983)
• Documentation improvements (#2925, #2926, #2940, #2971)

Commits

• d9bba94 Release 0.3.32
• 151e0b9 Add comments on rust-version field in Cargo.toml
• 4aaf00c Bump MSRV of utility crates to 1.71
• a4cce12 perf: improve AtomicWaker::wake performance (#2983)
• ba9d102 Add #[clippy::has_significant_drop] to guards (#2967)
• 20396a8 Fix rustdoc::broken_intra_doc_links warning
• 815f6eb Fix documentation of BiLock::lock (#2971)
• 0f0db04 futures-util: make Mutex::new() const (#2956)
• 5d6fc5e ci: Test big-endian target (s390x Linux)
• 9f739fe Ignore dead_code lint on Fn1 trait
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions