chore(deps): bump the cargo-deps group across 1 directory with 11 updates

[dependabot]

Bumps the cargo-deps group with 11 updates in the / directory:

Package	From	To
tokio	1.51.1	1.52.3
axum	0.8.8	0.8.9
dashmap	6.1.0	6.2.1
jsonwebtoken	10.3.0	10.4.0
serde_json	1.0.149	1.0.150
uuid	1.23.0	1.23.1
rustls	0.23.37	0.23.40
sentry	0.47.0	0.48.2
sentry-tracing	0.47.0	0.48.2
reqwest	0.13.2	0.13.3
redis	0.27.6	1.2.1

Updates tokio from 1.51.1 to 1.52.3

Release notes

Sourced from tokio's releases.

Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

• sync: fix underflow in mpsc channel len() (#8062)
• sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• sync: require that an RwLock has max_readers != 0 (#8076)
• sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

#8062: tokio-rs/tokio#8062 #8074: tokio-rs/tokio#8074 #8075: tokio-rs/tokio#8075 #8076: tokio-rs/tokio#8076

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

• runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

... (truncated)

Commits

• d875691 chore: prepare Tokio v1.52.3 (#8130)
• e1aebb0 Merge 'tokio-1.51.3' into 'tokio-1.52.x' (#8129)
• fd63094 chore: prepare Tokio v1.51.3 (#8127)
• 8c600d0 Merge 'tokio-1.47.5' into 'tokio-1.51.x' (#8123)
• 11bfc13 chore: prepare Tokio v1.47.5 (#8122)
• f085b62 sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• 30d25cc sync: require that an RwLock has max_readers != 0 (#8076)
• 9fccf53 sync: return Empty from try_recv() when mpsc is closed with outstanding p...
• ebf61b4 sync: fix underflow in mpsc channel len() (#8062)
• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• Additional commits viewable in compare view

Updates axum from 0.8.8 to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

• added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
• changed: Update minimum rust version to 1.80 (#3620)
• fixed: Set connect endpoint on correct field in MethodRouter (#3656)
• fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

Commits

• c59208c revert axum-core changelog changes
• 99068f5 Revert "Fix IntoResponse for tuples overriding error response codes (#3603)"
• 23d7098 Revert "axum-core 0.5.6"
• e8a39ad axum-macros 0.5.1
• 6e9a249 axum-extra 0.12.6
• 0ec9041 axum 0.8.9
• c3fcebb axum-core 0.5.6
• a8790fc update release notes
• 26ba7bb docs: consolidate state management docs in crate root (#3683)
• 9fc59ef Update to tokio-tungstenite 0.29 (#3689)
• Additional commits viewable in compare view

Updates dashmap from 6.1.0 to 6.2.1

Release notes

Sourced from dashmap's releases.

v6.2.1

This is an interim maintenance release for the existing v6 branch before v7 can be released. This bumps the MSRV to 1.85 and updates dependencies to their latest versions.

Commits

• 749ed1f v6.2.1
• d02b945 v6.2.0
• b983625 update dependencies
• 94a294a bump msrv to 1.85
• See full diff in compare view

Updates jsonwebtoken from 10.3.0 to 10.4.0

Changelog

Sourced from jsonwebtoken's changelog.

10.4.0 (2026-05-11)

• Fix incorrect encoding for Ed25519 JWK thumbprints
• Make Algorithm.family public and add Validation.new_for_family
• EncodingKey and DecodingKey are now partially zeroized on drop (the intermediate PemEncodedKey isn't so far)

Commits

• 69a8fbf v10.4.0
• d18e40f Update changelog for 10.4.0 (#507)
• ddd2389 security: zeroize encoding and decoding keys (#483)
• 991e89a Fix more clippy complaints (#503)
• 75f2113 algorithms: expose AlgorithmFamily (#466)
• 0c5931a Fixup typo in the DecodingKey::from_ec_der method (#501)
• 8a80349 Small fixes (#498)
• 9934c7f Fix formatting in Ed25519 key serialization (#485)
• See full diff in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates uuid from 1.23.0 to 1.23.1

Release notes

Sourced from uuid's releases.

v1.23.1

What's Changed

• Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
• fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
• Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

• @​guybedford made their first contribution in uuid-rs/uuid#877
• @​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

Commits

• ca0c85f Merge pull request #879 from uuid-rs/cargo/v1.23.1
• b4db015 prepare for 1.23.1 release
• 771069d Merge pull request #878 from aznashwan/fix-from-gregorian-deprecation-note
• 80994a2 fix: Timestamp::from_gregorian deprecation note
• 90c5be8 Merge pull request #877 from guybedford/remove-wasm-bindgen-msrv
• 8b8c4f4 Remove deprecated feature from wasm-bindgen dependency
• See full diff in compare view

Updates rustls from 0.23.37 to 0.23.40

Commits

• b44c09f Prepare 0.23.40
• e7a555f Prefer Ord::max to core::cmp
• c0005be ech: base inner name padding on actual extension
• 4e49529 ech: test inner name padding
• 3e06ef1 ech: add both name and "gross" padding
• c574ffd ech: avoid short-lived allocation for padding
• 8bf935c ech: pop comment from match arm
• 9088004 ech: expand maximum_name_length to usize ASAP
• a612901 Default require_ems based on CryptoProvider FIPS status
• 0541605 Cargo: version 0.23.38 -> 0.23.39
• Additional commits viewable in compare view

Updates sentry from 0.47.0 to 0.48.2

Release notes

Sourced from sentry's releases.

0.48.2

New Features

• Added rustls-no-provider feature flag in the sentry crate to allow using the rustls transport with a different crypto provider (#1103).

Fixes

• Serialize attachment envelope headers as JSON to correctly encode header values (#1109).
• Use checked arithmetic to handle possible overflows (#1119, #1121, #1122).

0.48.1

Fixes

• Changed ClientOptions::enable_metrics to default to true, aligning metrics behavior with other Sentry SDKs (#1106). Metric capture APIs still require the metrics feature flag at compile time.

0.48.0

Breaking Changes

• Added the following metrics-related fields to the ClientOptions struct in sentry-core. Both fields are no-ops, unless the metrics feature flag is enabled:
  • enable_metrics, used to enable sending metrics to Sentry (#1073).
  • before_send_metric, used to define a callback for filtering/pre-processing metrics before sending to Sentry (#1064).
• There are several breakages related to the SemVer feature additivity bug fixes:
  • sentry_core::ClientOptions fields before_send_log, enable_logs, auto_session_tracking, and session_mode are no longer gated behind the logs and release-health feature flags (#1091). Code that constructs ClientOptions with a full struct literal (without ..Default::default()), or which exhaustively matches against it, must now include all four fields regardless of enabled features.
  • sentry_core::Scope can no longer be publicly constructed or exhaustively matched against, even when the client feature is disabled (#1094). Previously, both of these were possible when client was disabled.
  • sentry_core::Scope::add_event_processor now requires passed closures to be RefUnwindSafe (#1093). Thanks to this change, sentry_core::Scope is now UnwindSafe regardless of feature flag configuration; previously, Scope was only UnwindSafe when the client feature was disabled.
  • sentry_tracing::EventMapping is now #[non_exhaustive] (#1097).
  • sentry_log::RecordMapping is now #[non_exhaustive] (#1098).

New Features

📊📈💯 The Sentry-Rust SDK now supports emitting Sentry Metrics (#1073)!

To get started, you will need to add the metrics feature flag when compiling the sentry crate. You will also need to enable metrics when initializing the SDK, like so:

use sentry::ClientOptions;
let _guard = sentry::init((
"(your DSN here)",
ClientOptions {
enable_metrics: true,
// ... other options ...
..Default::default()
},
));

You can then capture metrics as follows:

</tr></table> 

... (truncated)

Changelog

Sourced from sentry's changelog.

0.48.2

New Features

• Added rustls-no-provider feature flag in the sentry crate to allow using the rustls transport with a different crypto provider (#1103).

Fixes

• Serialize attachment envelope headers as JSON to correctly encode header values (#1109).
• Use checked arithmetic to handle possible overflows (#1119, #1121, #1122).

0.48.1

Fixes

• Changed ClientOptions::enable_metrics to default to true, aligning metrics behavior with other Sentry SDKs (#1106). Metric capture APIs still require the metrics feature flag at compile time.

0.48.0

Breaking Changes

• Added the following metrics-related fields to the ClientOptions struct in sentry-core. Both fields are no-ops, unless the metrics feature flag is enabled:
  • enable_metrics, used to enable sending metrics to Sentry (#1073).
  • before_send_metric, used to define a callback for filtering/pre-processing metrics before sending to Sentry (#1064).
• There are several breakages related to the SemVer feature additivity bug fixes:
  • sentry_core::ClientOptions fields before_send_log, enable_logs, auto_session_tracking, and session_mode are no longer gated behind the logs and release-health feature flags (#1091). Code that constructs ClientOptions with a full struct literal (without ..Default::default()), or which exhaustively matches against it, must now include all four fields regardless of enabled features.
  • sentry_core::Scope can no longer be publicly constructed or exhaustively matched against, even when the client feature is disabled (#1094). Previously, both of these were possible when client was disabled.
  • sentry_core::Scope::add_event_processor now requires passed closures to be RefUnwindSafe (#1093). Thanks to this change, sentry_core::Scope is now UnwindSafe regardless of feature flag configuration; previously, Scope was only UnwindSafe when the client feature was disabled.
  • sentry_tracing::EventMapping is now #[non_exhaustive] (#1097).
  • sentry_log::RecordMapping is now #[non_exhaustive] (#1098).

New Features

📊📈💯 The Sentry-Rust SDK now supports emitting Sentry Metrics (#1073)!

To get started, you will need to add the metrics feature flag when compiling the sentry crate. You will also need to enable metrics when initializing the SDK, like so:

use sentry::ClientOptions;
let _guard = sentry::init((
"(your DSN here)",
ClientOptions {
enable_metrics: true,
// ... other options ...
..Default::default()
},
));

... (truncated)

Commits

• 8d8e8fc meta(changelog): Update CHANGELOG for version 0.48.2
• 3899506 release: 0.48.2
• a9fc8af fix(types): Use checked arithmetic in envelope parsing (#1122)
• a6ce8b0 feat: introduce rustls-no-provider feature flag (#1103)
• df88275 fix(ratelimit): Fix clippy::arithmetic_side_effects lint (#1121)
• d65272b fix: Enable clippy::arithmetic_side_effects lint (#1119)
• f801a2c build(deps): bump openssl from 0.10.78 to 0.10.79 (#1120)
• 5dc48f3 chore(meta): Centralize workspace lint config (#1114)
• 09aceec ref(sentry-panic): PanicInfo → PanicHookInfo (#1074)
• 2bebbd4 fix(types): Serialize attachment headers as JSON (#1109)
• Additional commits viewable in compare view

Updates sentry-tracing from 0.47.0 to 0.48.2

Release notes

Sourced from sentry-tracing's releases.

0.48.2

New Features

• Added rustls-no-provider feature flag in the sentry crate to allow using the rustls transport with a different crypto provider (#1103).

Fixes

• Serialize attachment envelope headers as JSON to correctly encode header values (#1109).
• Use checked arithmetic to handle possible overflows (#1119, #1121, #1122).

0.48.1

Fixes

• Changed ClientOptions::enable_metrics to default to true, aligning metrics behavior with other Sentry SDKs (#1106). Metric capture APIs still require the metrics feature flag at compile time.

0.48.0

Breaking Changes

• Added the following metrics-related fields to the ClientOptions struct in sentry-core. Both fields are no-ops, unless the metrics feature flag is enabled:
  • enable_metrics, used to enable sending metrics to Sentry (#1073).
  • before_send_metric, used to define a callback for filtering/pre-processing metrics before sending to Sentry (#1064).
• There are several breakages related to the SemVer feature additivity bug fixes:
  • sentry_core::ClientOptions fields before_send_log, enable_logs, auto_session_tracking, and session_mode are no longer gated behind the logs and release-health feature flags (#1091). Code that constructs ClientOptions with a full struct literal (without ..Default::default()), or which exhaustively matches against it, must now include all four fields regardless of enabled features.
  • sentry_core::Scope can no longer be publicly constructed or exhaustively matched against, even when the client feature is disabled (#1094). Previously, both of these were possible when client was disabled.
  • sentry_core::Scope::add_event_processor now requires passed closures to be RefUnwindSafe (#1093). Thanks to this change, sentry_core::Scope is now UnwindSafe regardless of feature flag configuration; previously, Scope was only UnwindSafe when the client feature was disabled.
  • sentry_tracing::EventMapping is now #[non_exhaustive] (#1097).
  • sentry_log::RecordMapping is now #[non_exhaustive] (#1098).

New Features

📊📈💯 The Sentry-Rust SDK now supports emitting Sentry Metrics (#1073)!

To get started, you will need to add the metrics feature flag when compiling the sentry crate. You will also need to enable metrics when initializing the SDK, like so:

use sentry::ClientOptions;
let _guard = sentry::init((
"(your DSN here)",
ClientOptions {
enable_metrics: true,
// ... other options ...
..Default::default()
},
));

You can then capture metrics as follows:

</tr></table> 

... (truncated)

Changelog

Sourced from sentry-tracing's changelog.

0.48.2

New Features

• Added rustls-no-provider feature flag in the sentry crate to allow using the rustls transport with a different crypto provider (#1103).

Fixes

• Serialize attachment envelope headers as JSON to correctly encode header values (#1109).
• Use checked arithmetic to handle possible overflows (#1119, #1121, #1122).

0.48.1

Fixes

• Changed ClientOptions::enable_metrics to default to true, aligning metrics behavior with other Sentry SDKs (#1106). Metric capture APIs still require the metrics feature flag at compile time.

0.48.0

Breaking Changes

• Added the following metrics-related fields to the ClientOptions struct in sentry-core. Both fields are no-ops, unless the metrics feature flag is enabled:
  • enable_metrics, used to enable sending metrics to Sentry (#1073).
  • before_send_metric, used to define a callback for filtering/pre-processing metrics before sending to Sentry (#1064).
• There are several breakages related to the SemVer feature additivity bug fixes:
  • sentry_core::ClientOptions fields before_send_log, enable_logs, auto_session_tracking, and session_mode are no longer gated behind the logs and release-health feature flags (#1091). Code that constructs ClientOptions with a full struct literal (without ..Default::default()), or which exhaustively matches against it, must now include all four fields regardless of enabled features.
  • sentry_core::Scope can no longer be publicly constructed or exhaustively matched against, even when the client feature is disabled (#1094). Previously, both of these were possible when client was disabled.
  • sentry_core::Scope::add_event_processor now requires passed closures to be RefUnwindSafe (#1093). Thanks to this change, sentry_core::Scope is now UnwindSafe regardless of feature flag configuration; previously, Scope was only UnwindSafe when the client feature was disabled.
  • sentry_tracing::EventMapping is now #[non_exhaustive] (#1097).
  • sentry_log::RecordMapping is now #[non_exhaustive] (#1098).

New Features

📊📈💯 The Sentry-Rust SDK now supports emitting Sentry Metrics (#1073)!

To get started, you will need to add the metrics feature flag when compiling the sentry crate. You will also need to enable metrics when initializing the SDK, like so:

use sentry::ClientOptions;
let _guard = sentry::init((
"(your DSN here)",
ClientOptions {
enable_metrics: true,
// ... other options ...
..Default::default()
},
));

... (truncated)

Commits

• 8d8e8fc meta(changelog): Update CHANGELOG for version 0.48.2
• 3899506 release: 0.48.2
• a9fc8af fix(types): Use checked arithmetic in envelope parsing (#1122)
• a6ce8b0 feat: introduce rustls-no-provider feature flag (#1103)
• df88275 fix(ratelimit): Fix clippy::arithmetic_side_effects lint (#1121)
• d65272b fix: Enable clippy::arithmetic_side_effects lint (#1119)
• f801a2c build(deps): bump openssl from 0.10.78 to 0.10.79 (#1120)
• 5dc48f3 chore(meta): Centralize workspace lint config (#1114)
• 09aceec ref(sentry-panic): PanicInfo → PanicHookInfo (#1074)
• 2bebbd4 fix(types): Serialize attachment headers as JSON (#1109)
• Additional commits viewable in compare view

Updates reqwest from 0.13.2 to 0.13.3

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

• Update docs.rs Features by @​JamesWiresmith in seanmonstar/reqwest#2961
• fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @​monosans in seanmonstar/reqwest#2797
• fix: remove timeout con by @​cuiweixie in seanmonstar/reqwest#2967
• http3: handle stop_sending without error by @​anuraaga in seanmonstar/reqwest#2978
• resolve: debug log to change only host by @​lms0806 in seanmonstar/reqwest#2992
• Edit reference link by @​lms0806 in seanmonstar/reqwest#2996
• docs: more accurate about default HTTP2 window sizes by @​seanmonstar in seanmonstar/reqwest#3007
• [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 by @​lyuzichong in seanmonstar/reqwest#3006
• Upgrade rustls-platform-verifier by @​jplatte in seanmonstar/reqwest#3010
• use wasm-bindgen ecosystem only for wasm32-unknown-* target by @​Ludea in seanmonstar/reqwest#3000
• fix rustls crl pem parsing by @​Threated in seanmonstar/reqwest#3013
• docs(retry): include ReqRep in docsrs by @​seanmonstar in seanmonstar/reqwest#3020

New Contributors

• @​JamesWiresmith made their first contribution in seanmonstar/reqwest#2961
• @​monosans made their first contribution in seanmonstar/reqwest#2797
• @​cuiweixie made their first contribution in seanmonstar/reqwest#2967
• @​anuraaga made their first contribution in seanmonstar/reqwest#2978
• @​lms0806 made their first contribution in seanmonstar/reqwest#2992
• @​lyuzichong made their first contribution in seanmonstar/reqwest#3006
• @​Ludea made their first contribution in seanmonstar/reqwest#3000

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

Commits

• a9a88c4 v0.13.3
• f3f6d9d docs(retry): include ReqRep in docsrs (#3020)
• 5f9c231 fix rustls CRL PEM parsing (#3013)
• 11d835d use wasm-bindgen ecosystem only for wasm32-unknown-* target (#3000)
• 1f72916 Upgrade rustls-platform-verifier (#3010)
• 5d5bf35 [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 (#3006)
• 93dc1b2 docs: more accurate about default HTTP2 window sizes (#3007)
• c5e50f0 docs: update outdated link in comments
• b25611f resolve: debug log to change only host (#2992)
• ca1f479 http3: handle stop_sending without error (#2978)
• Additional commits viewable in compare view

Updates redis from 0.27.6 to 1.2.1

Release notes

Sourced from redis's releases.

redis-1.2.1

Changes & Bug fixes

• commands: Stop double-take-ing for mset (#2043 by @​somechris)
• json: Stop double-wrapping commands in RedisResult (#2042 by @​somechris)
• ValueType: Add missing possible types (#2030 by @​somechris)
• Stream idempotent producers (at-most-once guarantee) (#2032 by @​StefanPalashev)
• Improve streaming auth error handling (#2021 by @​alexcole)
• feat: add Slot type and functions to create Slot / Route with key (#2047 by @​anatawa12)
• Fix async connection handling to avoid TCP deadlocks (#2070 by @​PDXKimani)

CI improvements

• ci: Bump Redis/Valkey versions (#2035 by @​somechris)
• ci: Clarify how databases get selected (#2040 by @​somechris)
• README: Declare "supported" versions (#2034 by @​somechris)
• Add EntraID integration tests for OSS cluster API (#2050 by @​StefanPalashev)
• fix new nightly lint & fmt (#2052 by @​nihohit)
• log sentinel test startup failures. (#2062 by @​nihohit)

redis-test-1.0.3

• Track redis 1.2.0 release
• Disable snapshotting when running Redis in tests (#2010 by @​somechris)

redis-1.2.0

What's Changed

• feat: support custom TcpSettings on sentinel client by @​hugobpx in redis-rs/redis-rs#2016
• Attempt to Fix CI by @​nihohit in

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.