chore(deps): bump the rust-minor-patch group across 1 directory with 7 updates

[dependabot]

Bumps the rust-minor-patch group with 7 updates in the / directory:

Package	From	To
clap	4.6.0	4.6.1
tracing-appender	0.2.4	0.2.5
tonic	0.14.5	0.14.6
tokio	1.51.1	1.52.3
jsonwebtoken	10.3.0	10.4.0
reqwest	0.13.2	0.13.3
libc	0.2.184	0.2.186

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates tracing-appender from 0.2.4 to 0.2.5

Release notes

Sourced from tracing-appender's releases.

tracing-appender 0.2.5

Added

• Add latest symlink builder option (#3447)

Fixed

• Fix RollingFileAppender broken links in docs (#3445)
• Fix parsing of date from filename when no time is incuded (#3471)

#3445: tokio-rs/tracing#3445 #3447: tokio-rs/tracing#3447 #3471: tokio-rs/tracing#3471

Commits

• 53e1490 chore: prepare tracing-appender 0.2.5 (#3522)
• 4fb9ca3 examples: add per-layer filtering example (#3488)
• df05516 docs: improve assert message to mention a possible cause of hitting cloning a...
• 72cf52a docs: recommend configuring await-holding-invalid-types lint (#3463)
• 9545be1 attributes: silence clippy lints for #[instrument] on async functions for cra...
• 3160dc1 subscriber: skip RwLock in EnvFilter span callbacks when no dynamic directive...
• 3af2e54 appender: fix parsing of date from filename when no time is incuded (#3471)
• 412986f appender: fix RollingFileAppender broken links in docs (#3445)
• bdccf4d appender: add latest symlink builder option (#3447)
• 2c80f9d subscriber: propagate on_register_dispatch for Option<Layer> and Vec<Layer> (...
• Additional commits viewable in compare view

Updates tonic from 0.14.5 to 0.14.6

Release notes

Sourced from tonic's releases.

tonic-build-v0.14.6

Other

• update rust edition and version to 2024 and 1.88, respectively (#2525)

tonic-health-v0.14.6

Other

• update rust edition and version to 2024 and 1.88, respectively (#2525)

tonic-prost-build-v0.14.6

Other

• Support well known types resolved by prost to their rust counterparts (#2544)
• update rust edition and version to 2024 and 1.88, respectively (#2525)

tonic-prost-v0.14.6

Other

• update rust edition and version to 2024 and 1.88, respectively (#2525)

tonic-reflection-v0.14.6

Other

• fix panic when client drops connection early (#2596)
• update rust edition and version to 2024 and 1.88, respectively (#2525)

tonic-types-v0.14.6

Other

• update rust edition and version to 2024 and 1.88, respectively (#2525)

tonic-v0.14.6

Added

• (transport/channel) expose ServerCertVerifier API (#2612)

Fixed

• map no trailers ok status to unknown (#2543)

Other

• add max_frame_size to client Endpoint (#2592)
• Allow setting the HTTP/2 client header table size (#2582)
• update rust edition and version to 2024 and 1.88, respectively (#2525)

tonic-web-v0.14.6

Other

... (truncated)

Commits

• 6cb6056 chore: release v0.14.6 (#2624)
• efde924 grpc: change helloworld example to pass request as a view (#2632)
• d47b001 transport: add max_frame_size to client Endpoint (#2592)
• 02c01c7 Allow setting the HTTP/2 client header table size (#2582)
• 3185354 examples: add grpc version of helloworld (#2630)
• f585303 fix(grpc): Fix grpc-google build (#2628)
• ff7bcbb feat(grpc): Google call credentials (#2610)
• f93037b feat(tonic-xds): make XdsChannelGrpc Sync (#2627)
• d834beb grpc: Update Status to be a Result<> and make StatusErr which holds non-OK co...
• 2392224 grpc: add route_guide example and make minor tweaks to the generated code API...
• Additional commits viewable in compare view

Updates tokio from 1.51.1 to 1.52.3

Release notes

Sourced from tokio's releases.

Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

• sync: fix underflow in mpsc channel len() (#8062)
• sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• sync: require that an RwLock has max_readers != 0 (#8076)
• sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

#8062: tokio-rs/tokio#8062 #8074: tokio-rs/tokio#8074 #8075: tokio-rs/tokio#8075 #8076: tokio-rs/tokio#8076

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

• runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

... (truncated)

Commits

• d875691 chore: prepare Tokio v1.52.3 (#8130)
• e1aebb0 Merge 'tokio-1.51.3' into 'tokio-1.52.x' (#8129)
• fd63094 chore: prepare Tokio v1.51.3 (#8127)
• 8c600d0 Merge 'tokio-1.47.5' into 'tokio-1.51.x' (#8123)
• 11bfc13 chore: prepare Tokio v1.47.5 (#8122)
• f085b62 sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• 30d25cc sync: require that an RwLock has max_readers != 0 (#8076)
• 9fccf53 sync: return Empty from try_recv() when mpsc is closed with outstanding p...
• ebf61b4 sync: fix underflow in mpsc channel len() (#8062)
• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• Additional commits viewable in compare view

Updates jsonwebtoken from 10.3.0 to 10.4.0

Changelog

Sourced from jsonwebtoken's changelog.

10.4.0 (2026-05-11)

• Fix incorrect encoding for Ed25519 JWK thumbprints
• Make Algorithm.family public and add Validation.new_for_family
• EncodingKey and DecodingKey are now partially zeroized on drop (the intermediate PemEncodedKey isn't so far)

Commits

• 69a8fbf v10.4.0
• d18e40f Update changelog for 10.4.0 (#507)
• ddd2389 security: zeroize encoding and decoding keys (#483)
• 991e89a Fix more clippy complaints (#503)
• 75f2113 algorithms: expose AlgorithmFamily (#466)
• 0c5931a Fixup typo in the DecodingKey::from_ec_der method (#501)
• 8a80349 Small fixes (#498)
• 9934c7f Fix formatting in Ed25519 key serialization (#485)
• See full diff in compare view

Updates reqwest from 0.13.2 to 0.13.3

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

• Update docs.rs Features by @​JamesWiresmith in seanmonstar/reqwest#2961
• fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @​monosans in seanmonstar/reqwest#2797
• fix: remove timeout con by @​cuiweixie in seanmonstar/reqwest#2967
• http3: handle stop_sending without error by @​anuraaga in seanmonstar/reqwest#2978
• resolve: debug log to change only host by @​lms0806 in seanmonstar/reqwest#2992
• Edit reference link by @​lms0806 in seanmonstar/reqwest#2996
• docs: more accurate about default HTTP2 window sizes by @​seanmonstar in seanmonstar/reqwest#3007
• [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 by @​lyuzichong in seanmonstar/reqwest#3006
• Upgrade rustls-platform-verifier by @​jplatte in seanmonstar/reqwest#3010
• use wasm-bindgen ecosystem only for wasm32-unknown-* target by @​Ludea in seanmonstar/reqwest#3000
• fix rustls crl pem parsing by @​Threated in seanmonstar/reqwest#3013
• docs(retry): include ReqRep in docsrs by @​seanmonstar in seanmonstar/reqwest#3020

New Contributors

• @​JamesWiresmith made their first contribution in seanmonstar/reqwest#2961
• @​monosans made their first contribution in seanmonstar/reqwest#2797
• @​cuiweixie made their first contribution in seanmonstar/reqwest#2967
• @​anuraaga made their first contribution in seanmonstar/reqwest#2978
• @​lms0806 made their first contribution in seanmonstar/reqwest#2992
• @​lyuzichong made their first contribution in seanmonstar/reqwest#3006
• @​Ludea made their first contribution in seanmonstar/reqwest#3000

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

Commits

• a9a88c4 v0.13.3
• f3f6d9d docs(retry): include ReqRep in docsrs (#3020)
• 5f9c231 fix rustls CRL PEM parsing (#3013)
• 11d835d use wasm-bindgen ecosystem only for wasm32-unknown-* target (#3000)
• 1f72916 Upgrade rustls-platform-verifier (#3010)
• 5d5bf35 [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 (#3006)
• 93dc1b2 docs: more accurate about default HTTP2 window sizes (#3007)
• c5e50f0 docs: update outdated link in comments
• b25611f resolve: debug log to change only host (#2992)
• ca1f479 http3: handle stop_sending without error (#2978)
• Additional commits viewable in compare view

Updates libc from 0.2.184 to 0.2.186

Release notes

Sourced from libc's releases.

0.2.186

Added

• Apple: Add KEVENT_FLAG_* constants (#5070)
• Linux: Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE (#5060)

Changed

• CI: Migrate FreeBSD CI from Cirrus CI to GitHub Actions (#5058)

0.2.185

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Changelog

Sourced from libc's changelog.

0.2.186 - 2026-04-24

Added

• Apple: Add KEVENT_FLAG_* constants (#5070)
• Linux: Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE (#5060)

Changed

• CI: Migrate FreeBSD CI from Cirrus CI to GitHub Actions (#5058)

0.2.185 - 2026-04-13

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Commits

• 42620ff [0.2] libc: Release 0.2.186
• 9db2eaa apple: add KEVENT_FLAG_* constants
• 3840939 Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE for linux
• f697deb chore: migrate from Cirrus CI to GHA
• 71d5bfc libc: Release 0.2.185
• 1027d1c Revert "ci: Pin nightly to 2026-04-01"
• 0e9c6e5 redox: Add semaphore functions
• 24ef457 feat: add back support for gnu windows x86 in ci
• aa75caf horizon: Change POLL constants from c_short to c_int
• b7eda5a hexagon: add missing constants and fix types for linux-musl
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: rust. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d43b0197a1

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Update the generated Cargo template too

This changes the generated pet-store manifest, but templates/Cargo.toml.txt still emits clap = { version = "4.5.39", features = ["derive"] } (via CargoTomlTemplateData in src/generator/templates.rs). In this repo examples/pet_store/ is regenerated from that template, so the next just gen will revert this line and any newly generated service will keep the old clap constraint; please update the template and regenerate the example so the dependency bump is durable.

Useful? React with 👍 / 👎.

[dependabot]

Dependabot couldn't fetch all your path-based dependencies. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot couldn't fetch all your path-based dependencies. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot couldn't fetch all your path-based dependencies. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot couldn't fetch all your path-based dependencies. Because of this, Dependabot cannot update this pull request.