Bump the rust-patch-updates group across 1 directory with 11 updates

[dependabot]

Bumps the rust-patch-updates group with 11 updates in the / directory:

Package	From	To
serde_json	1.0.149	1.0.150
config	0.15.22	0.15.23
log	0.4.29	0.4.30
clap_complete	4.6.4	4.6.5
rpassword	7.5.2	7.5.4
tower-http	0.6.10	0.6.11
reqwest	0.13.3	0.13.4
sysinfo	0.39.0	0.39.3
shlex	2.0.0	2.0.1
tar	0.4.45	0.4.46
uuid	1.23.1	1.23.2

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates config from 0.15.22 to 0.15.23

Changelog

Sourced from config's changelog.

[0.15.23] - 2026-05-14

Fixes

• Environment::convert_case: correctly apply casing to each key segment

Commits

• 9053d29 chore: Release config version 0.15.23
• e194797 docs: Update changelog
• 40f2698 fix(env): apply convert_case to each nested key segment (#754)
• c2920ac fix(env): apply convert_case to each nested key segment
• 06d760e test: capture missing nested-segment case conversion in Environment
• e7e72cc chore(deps): Update pre-commit hook crate-ci/typos to v1.46.0 (#753)
• 16a85fa chore(deps): Update compatible (dev) (#752)
• 53c9e30 chore(deps): Update pre-commit hook crate-ci/typos to v1.46.0
• 7f4482c chore(deps): Update Rust Stable to v1.95 (#750)
• 33f0b36 chore(deps): Update Rust crate yaml-rust2 to 0.11.0 (#749)
• Additional commits viewable in compare view

Updates log from 0.4.29 to 0.4.30

Release notes

Sourced from log's releases.

0.4.30

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Changelog

Sourced from log's changelog.

[0.4.30] - 2026-05-21

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Commits

• 9c55760 Merge pull request #725 from rust-lang/cargo/0.4.30
• d1acb05 update docs on current MSRV and note latest bump in changelog
• 5068293 prepare for 0.4.30 release
• 7ccd873 Merge pull request #724 from rust-lang/feat/net-to-value
• 923dfaa fix up test cfgs
• ecb7de8 gate net value impls on std
• 67bb4f6 run fmt
• 25f49fe rework net type capturing
• 7087dcb feat: impl ToValue for core::net types
• 67bc7e3 Merge pull request #723 from woodruffw-forks/ww/ci
• Additional commits viewable in compare view

Updates clap_complete from 4.6.4 to 4.6.5

Commits

• c8c9355 chore: Release
• af74def docs: Update changelog
• c96f222 Merge pull request #6368 from truffle-dev/fix/fish-env-escaping
• 49a05cd fix(complete): Two-pass quote fish env-completer
• e791004 test(complete): Snapshot fish env quoting cases
• See full diff in compare view

Updates rpassword from 7.5.2 to 7.5.4

Release notes

Sourced from rpassword's releases.

v7.5.4

No functional changes.

I've added license checks with Cargo Deny to ensure that the Apache 2.0 license is compatible with dependencies.

This release also updates the description to make it clear this library is cross-platform on crates.io.

v7.5.3

Fixes compile errors with Rust 1.85. Thanks @​nwalfield for reporting in conradkleinespel/rpassword#130.

Backwards compatible. No breaking change.

Commits

• 1151510 add license checks
• 3ca2ece bump to 7.5.3
• ed863bf remove cargo-tarpaulin build incompatible with rust 1.85 from ci
• 479012d fixes compile errors with rust 1.85
• 6ee4708 update nix config to use rust 1.85
• 6d3518d run ci with rust 1.85
• See full diff in compare view

Updates tower-http from 0.6.10 to 0.6.11

Release notes

Sourced from tower-http's releases.

tower-http-0.6.11

Added

• set-header: add SetMultipleResponseHeadersLayer and SetMultipleResponseHeader for setting multiple response headers at once. Supports overriding, appending, and if_not_present modes. Header values can be fixed or computed dynamically via closures (#672)

  use http::{Response, header::{self, HeaderValue}};
  use http_body::Body as _;
  use tower_http::set_header::response::SetMultipleResponseHeadersLayer;
  let layer = SetMultipleResponseHeadersLayer::overriding(vec![
  (header::X_FRAME_OPTIONS, HeaderValue::from_static("DENY")).into(),
  (header::CONTENT_LENGTH, |res: &Response<MyBody>| {
  res.body().size_hint().exact()
  .map(|size| HeaderValue::from_str(&size.to_string()).unwrap())
  }).into(),
  ]);

• set-header: add SetMultipleRequestHeadersLayer and SetMultipleRequestHeaders for setting multiple request headers at once, mirroring the response-side API (#677)

• classify: add From<i32> and From<NonZeroI32> impls for GrpcCode. Unrecognized status codes map to GrpcCode::Unknown (#506)

Changed

• compression: compress application/grpc-web responses. Previously all application/grpc* content types were excluded from compression; now only application/grpc (non-web) is excluded (#408)

Fixed

• fs: fix ServeDir returning 500 instead of 405 for non-GET/HEAD requests when call_fallback_on_method_not_allowed is enabled but no fallback service is configured (#587)
• fs: remove duplicate cfg attribute on is_reserved_dos_name (#675)

#408: tower-rs/tower-http#408 #506: tower-rs/tower-http#506 #587: tower-rs/tower-http#587 #672: tower-rs/tower-http#672 #675: tower-rs/tower-http#675 #677: tower-rs/tower-http#677

All PRs

• ci: fix flaky encoding test, add nightly stress test job by @​jlizen in tower-rs/tower-http#670

... (truncated)

Commits

• 1d082ef v0.6.11
• 9c3117d feat: set multiple request header (#677)
• 667e7c7 Remove duplicate cfg attribute for is_reserved_dos_name (#675)
• 7551a9b feat(set_header): refactor and improve multiple header middleware (#672)
• 991e9ee add From<i32> impl for GrpcCode (#506)
• 3962dba Do compress grpc-web responses (#408)
• f0b3bb6 Fix serve_dir method not allowed handling when no fallback is configured (#587)
• d1a571b ci: use static timeout in stress-test workflow (#671)
• 309555a ci: fix flaky encoding test, add nightly stress test job (#670)
• See full diff in compare view

Updates reqwest from 0.13.3 to 0.13.4

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

What's Changed

• fix(tls): improve rustls-no-provider panic message and add module docs by @​smythg4 in seanmonstar/reqwest#3021
• fix: do not lose the url in error when decoding json by @​Dushistov in seanmonstar/reqwest#3026
• Add tls_sslkeylogfile builder method by @​passcod in seanmonstar/reqwest#2923
• fix(redirect): strip sensitive headers on scheme change across redirects by @​SAY-5 in seanmonstar/reqwest#3034
• chore: upgrade MSRV to 1.85 by @​seanmonstar in seanmonstar/reqwest#3038
• chore: clean up minimal-versions CI job by @​seanmonstar in seanmonstar/reqwest#3039
• fix(http3): use happy eyeballs for h3 connect by @​lyuzichong in seanmonstar/reqwest#3030
• fix: update hickory-resolver to 0.26 and adjust code accordingly by @​seanmonstar in seanmonstar/reqwest#3040
• fix: remove unwrap in hickory initialization by @​mat813 in seanmonstar/reqwest#3041
• feat(https): support TLS 1.3 as min version under native-tls 🎉 by @​AverageHelper in seanmonstar/reqwest#2975
• Expose keep alive configurations in blocking client by @​aeb-dev in seanmonstar/reqwest#3043
• Prepare v0.13.4 by @​seanmonstar in seanmonstar/reqwest#3046

New Contributors

• @​smythg4 made their first contribution in seanmonstar/reqwest#3021
• @​Dushistov made their first contribution in seanmonstar/reqwest#3026
• @​SAY-5 made their first contribution in seanmonstar/reqwest#3034
• @​mat813 made their first contribution in seanmonstar/reqwest#3041
• @​AverageHelper made their first contribution in seanmonstar/reqwest#2975
• @​aeb-dev made their first contribution in seanmonstar/reqwest#3043

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

Changelog

Sourced from reqwest's changelog.

v0.13.4

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

Commits

• 11489b3 v0.13.4
• d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
• 79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
• fb7bf6a fix: remove unwrap in hickory initialization (#3041)
• 3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
• c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
• 9cbb65b chore: clean up minimal-versions CI job (#3039)
• 17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
• 03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
• 4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
• Additional commits viewable in compare view

Updates sysinfo from 0.39.0 to 0.39.3

Changelog

Sourced from sysinfo's changelog.

0.39.3

• Unix: Fix retrieval of Network::mac_addr.
• Linux: Improve retrieval of process information if process terminates while doing so.

0.39.2

• Windows: Greatly improve performance of System::refresh_cpu_specifics when CPU usage is not requested.
• iOS: Fix compilation error when user feature is enabled.
• Linux: Correctly set thread information for processes.

0.39.1

• Linux: Fix wrong network numbers computation.

Commits

• 3d1c52a Update crate version to 0.39.3
• cce524d Update CHANGELOG for 0.39.3 version
• 891085c Unix: Fix retrieval of Network::mac_addr
• 1f327b5 linux: prevent TOCTOU data loss when process terminates during refresh
• c43234a Update crate version to 0.39.2
• b71467e Update CHANGELOG for 0.39.2 version
• 345915a Improve code readability
• 35f3c18 Fix fmt and clippy
• 4bf1fe4 Windows: skip PDH setup when cpu_usage isn't requested (#1664)
• 2be72d7 Stub get_users on iOS via app_store::users
• Additional commits viewable in compare view

Updates shlex from 2.0.0 to 2.0.1

Changelog

Sourced from shlex's changelog.

2.0.1

• Fixes a compile error when building the documentation.

Commits

• See full diff in compare view

Updates tar from 0.4.45 to 0.4.46

Release notes

Sourced from tar's releases.

0.4.46

Security

• archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm) by @​cgwalters in composefs/tar-rs#454

See also GHSA-3cv2-h65g-fgmm

Other changes

• ci: Fix and re-enable reverse dependency testing by @​cgwalters in composefs/tar-rs#444
• Update astral-tokio-tar requirement from 0.5 to 0.6 by @​dependabot[bot] in composefs/tar-rs#446
• Update some links by @​atouchet in composefs/tar-rs#445
• Add support of absolute paths by @​zxvfc in composefs/tar-rs#426
• docs: Expand notes on concurrent mutations and following symlinks by @​cgwalters in composefs/tar-rs#453
• Update repo links by @​cgwalters in composefs/tar-rs#451
• ci: Add crates.io trusted publishing workflow by @​cgwalters in composefs/tar-rs#456
• Release 0.4.46 by @​cgwalters in composefs/tar-rs#455

New Contributors

• @​dependabot[bot] made their first contribution in composefs/tar-rs#446
• @​atouchet made their first contribution in composefs/tar-rs#445
• @​zxvfc made their first contribution in composefs/tar-rs#426

Full Changelog: composefs/tar-rs@0.4.45...0.4.46

Commits

• fc459c1 Release 0.4.46
• 43e05a8 ci: Add crates.io trusted publishing workflow
• bba5666 Update repo links
• cd94c46 docs: Document TOCTOU / concurrent-mutation threat model
• 1b4997c builder: Expand docs for follow_symlinks and append_dir_all
• bab14dd archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm)
• 2349b49 Add support of absolute paths
• 39d0311 Update some links
• 59d803e Update astral-tokio-tar requirement from 0.5 to 0.6
• 8296b9a ci: Fix and re-enable reverse dependency testing (#444)
• See full diff in compare view

Updates uuid from 1.23.1 to 1.23.2

Release notes

Sourced from uuid's releases.

v1.23.2

What's Changed

• Improve error messages for ambiguous formats by @​KodrAus in uuid-rs/uuid#882
• Prepare for 1.23.2 release by @​KodrAus in uuid-rs/uuid#883

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

Commits

• d119657 Merge pull request #883 from uuid-rs/cargo/v1.23.2
• 0651cfc prepare for 1.23.2 release
• e8dea0c Merge pull request #882 from uuid-rs/fix/error-msgs
• bdc429a fix up serde messages
• d4342e4 make indexes 0 based and fix up more error messages
• 4ad479f work on more accurate parser errors
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions