build(deps): bump the dependencies group across 1 directory with 14 updates

[dependabot]

Bumps the dependencies group with 13 updates in the / directory:

Package	From	To
tokio	1.49.0	1.50.0
toml	1.0.3+spec-1.1.0	1.0.6+spec-1.1.0
zip	8.1.0	8.2.0
zerocopy	0.8.39	0.8.42
moka	0.12.13	0.12.14
nix	0.31.1	0.31.2
jiff	0.2.21	0.2.23
redb	3.1.0	3.1.1
which	8.0.0	8.0.2
tempfile	3.25.0	3.26.0
uuid	1.21.0	1.22.0
winnow	0.7.14	0.7.15
whoami	2.1.0	2.1.1

Updates tokio from 1.49.0 to 1.50.0

Release notes

Sourced from tokio's releases.

Tokio v1.50.0

1.50.0 (Mar 3rd, 2026)

Added

• net: add TcpStream::set_zero_linger (#7837)
• rt: add is_rt_shutdown_err (#7771)

Changed

• io: add optimizer hint that memchr returns in-bounds pointer (#7792)
• io: implement vectored writes for write_buf (#7871)
• runtime: panic when event_interval is set to 0 (#7838)
• runtime: shorten default thread name to fit in Linux limit (#7880)
• signal: remember the result of SetConsoleCtrlHandler (#7833)
• signal: specialize windows Registry (#7885)

Fixed

• io: always cleanup AsyncFd registration list on deregister (#7773)
• macros: remove (most) local use declarations in tokio::select! (#7929)
• net: fix GET_BUF_SIZE constant for target_os = "android" (#7889)
• runtime: avoid redundant unpark in current_thread scheduler (#7834)
• runtime: don't park in current_thread if before_park defers waker (#7835)
• io: fix write readiness on ESP32 on short writes (#7872)
• runtime: wake deferred tasks before entering block_in_place (#7879)
• sync: drop rx waker when oneshot receiver is dropped (#7886)
• runtime: fix double increment of num_idle_threads on shutdown (#7910, #7918, #7922)

Unstable

• fs: check for io-uring opcode support (#7815)
• runtime: avoid lock acquisition after uring init (#7850)

Documented

• docs: update outdated unstable features section (#7839)
• io: clarify the behavior of AsyncWriteExt::shutdown() (#7908)
• io: explain how to flush stdout/stderr (#7904)
• io: fix incorrect and confusing AsyncWrite documentation (#7875)
• rt: clarify the documentation of Runtime::spawn (#7803)
• rt: fix missing quotation in docs (#7925)
• runtime: correct the default thread name in docs (#7896)
• runtime: fix event_interval doc (#7932)
• sync: clarify RwLock fairness documentation (#7919)
• sync: clarify that recv returns None once closed and no more messages (#7920)
• task: clarify when to use spawn_blocking vs dedicated threads (#7923)
• task: doc that task drops before JoinHandle completion (#7825)
• signal: guarantee that listeners never return None (#7869)
• task: fix task module feature flags in docs (#7891)

... (truncated)

Commits

• 0273e45 chore: prepare Tokio v1.50.0 (#7934)
• e3ee4e5 chore: prepare tokio-macros v2.6.1 (#7943)
• 8c980ea io: add write_all_vectored to tokio-util (#7768)
• e35fd6d ci: fix patch during clippy step (#7935)
• 03fe44c runtime: fix event_interval doc (#7932)
• d18e5df io: fix race in Mock::poll_write (#7882)
• f21f269 runtime: fix race condition during the blocking pool shutdown (#7922)
• d81e8f0 macros: remove (most) local use declarations in tokio::select! (#7929)
• 25e7f26 rt: fix missing quotation in docs (#7925)
• e1a91ef util: fix typo in docs (#7926)
• Additional commits viewable in compare view

Updates toml from 1.0.3+spec-1.1.0 to 1.0.6+spec-1.1.0

Commits

• a09707e chore: Release
• 7b0feaa docs: Update changelog
• 2902954 Revert "fix(toml): Track dotted key for spans" (#1119)
• a586cae Revert "fix(toml): Track dotted key for spans"
• d35c3f6 chore: Release
• 949b4e8 docs: Update changelog
• 47b878b fix(toml): Track dotted key for spans (#1118)
• 87461d8 fix(toml): Track dotted key for spans
• 796370e test(serde): Check span meaning
• ad87859 test(serde): Track key spans
• Additional commits viewable in compare view

Updates zip from 8.1.0 to 8.2.0

Release notes

Sourced from zip's releases.

v8.2.0

🚀 Features

• allow custom salt (#680)
• Support compressing bzip2 when feature bzip2-rs is enabled, since bzip2/bzip2-sys now supports it (#685)
• enforce clippy in CI (#674)

🐛 Bug Fixes

• zip64 central header (issue 617) (#629)
• allow aes password as bytes (#686)
• handle extra field padding (#682)

🚜 Refactor

• Simplify 2 type conversions in src/write.rs (#687)

⚡ Performance

• AI tweaks for string type conversions in src/types.rs (#670)

Changelog

Sourced from zip's changelog.

8.2.0 - 2026-03-02

🚀 Features

• allow custom salt (#680)
• Support compressing bzip2 when feature bzip2-rs is enabled, since bzip2/bzip2-sys now supports it (#685)
• enforce clippy in CI (#674)

🐛 Bug Fixes

• zip64 central header (issue 617) (#629)
• allow aes password as bytes (#686)
• handle extra field padding (#682)

🚜 Refactor

• Simplify 2 type conversions in src/write.rs (#687)

⚡ Performance

• AI tweaks for string type conversions in src/types.rs (#670)

Commits

• ff001c6 chore: release v8.2.0 (#678)
• 9c328dc ci(deps): bump github/codeql-action from 4.32.2 to 4.32.4 (#707)
• f2bd439 test: add test to check len of zip64 (#705)
• 617cee1 test: Add a test that validates CRC_TABLE (#690)
• 2ee1e93 style: Rename KEYSTREAM_BASE_SUFFIX to KEYSTREAM_BITMASK and clarify comment ...
• 18301ce style: Potential fix for 1 code quality finding in tests/zip_ntfs.rs (#702)
• 240f27a feat: allow custom salt (#680)
• 8c36837 ci(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 (#698)
• 79a46ea Apply suggested fix to tests/zip_extra_field.rs from Copilot Autofix (#701)
• 7c2c6bd style: Remove macros (#689)
• Additional commits viewable in compare view

Updates zerocopy from 0.8.39 to 0.8.42

Release notes

Sourced from zerocopy's releases.

v0.8.41

What's Changed

• Add code generation tests by @​jswrenn in google/zerocopy#3042
• Introduce 'Code Generation' documentation by @​jswrenn in google/zerocopy#3078
• [codegen] Track unanalyzed assembly and include it in docs. by @​jswrenn in google/zerocopy#3081
• [codegen] Use descriptive benchmark target fn name. by @​jswrenn in google/zerocopy#3082
• [codegen] Make codegen tests even more stressful. by @​jswrenn in google/zerocopy#3083
• [codegen] Test and document codegen under different layouts by @​jswrenn in google/zerocopy#3085

Full Changelog: google/zerocopy@v0.8.40...v0.8.41

v0.8.41-alpha

What's Changed

• Add code generation tests by @​jswrenn in google/zerocopy#3042
• Introduce 'Code Generation' documentation by @​jswrenn in google/zerocopy#3078

Full Changelog: google/zerocopy@v0.8.40...v0.8.41-alpha

v0.8.40

What's Changed

• Account for alignment directives in derive(IntoBytes) by @​jswrenn in google/zerocopy#3064

Full Changelog: google/zerocopy@v0.8.39...v0.8.40

Commits

• 90600f1 [docs] Remove superfluous heading (#3099)
• fc73624 [codegen] Test and document codegen under different layouts (#3085)
• 098b966 [codegen] Make codegen tests even more stressful. (#3083)
• daa1971 [codegen] Use descriptive benchmark target fn name. (#3082)
• aa1bbf4 [codegen] Track unanalyzed assembly and include it in docs. (#3081)
• dbef272 Release 0.8.41-alpha (#3080)
• 128f030 Introduce 'Code Generation' documentation (#3078)
• 2694453 Add code generation tests (#3042)
• ff5ab2d Release 0.8.40 (#3072)
• ed93a19 Account for alignment directives in derive(IntoBytes) (#3064)
• Additional commits viewable in compare view

Updates moka from 0.12.13 to 0.12.14

Release notes

Sourced from moka's releases.

Moka 0.12.14

Version 0.12.14

Fixed

• Fixed a race condition in the and_compute_with method in the future::Cache. (#574gh-pull-0574 by @​Squadrick):
  • When multiple calls are made concurrently for the same key, the f closure may read a stale value, causing the first update to be lost when it is overwritten by a later one.

Changed

• Use dep: keyword in the crate features. (#577gh-pull-0577 by @​alexanderkjall).

Changelog

Sourced from moka's changelog.

Version 0.12.14

Fixed

• Fixed a race condition in the and_compute_with method in the future::Cache. (#574[gh-pull-0574] by [@​Squadrick][gh-Squadrick]):
  • When multiple calls are made concurrently for the same key, the f closure may read a stale value, causing the first update to be lost when it is overwritten by a later one.

Changed

• Use dep: keyword in the crate features. (#577[gh-pull-0577] by [@​alexanderkjall][gh-alexanderkjall]).

Commits

• 2d8289e Merge pull request #579 from moka-rs/chore/prepare-v0.12.14
• 03c32fe doc: Update the copyright year
• 1a199af Bump the version to v0.12.14
• 3fdaa4e Update the change log for v0.12.14
• 0f03bf7 Merge pull request #577 from alexanderkjall/reduce-features
• ffbccd2 Merge pull request #578 from moka-rs/fix-ci/2026-03-01
• fa46421 fix(test): Use closure returning async block for MSRV compatibility
• 4feccdc use dep: syntax in features
• 9a7c625 Merge pull request #574 from Squadrick/squadrick/and-compute-with-toctou
• f098c28 Merge pull request #576 from moka-rs/fix-ci/2026-02-28
• Additional commits viewable in compare view

Updates nix from 0.31.1 to 0.31.2

Changelog

Sourced from nix's changelog.

[0.31.2] - 2026-02-28

Added

• Add WatchDescriptor::as_raw, to get libc id of WatchDescriptor. (#2718)
• Added process::pthread_getthreadid_np() on FreeBSD. (#2725)
• Added timerfd support on FreeBSD (#2728)

Fixed

• The libc requirement is now 0.2.181, rather than pinned to 0.2.180. (#2744)

Commits

• bf1d0e9 chore: release v0.31.2
• 0dc1dd8 Unpin libc (#2744)
• dad24fb Allow timerfd use on FreeBSD (#2728)
• 6619d8d statfs: Fix definitions for s390x musl with libc 0.2.176 (#2678)
• 478594e Add api to get inner WatchDescriptor id, to work with c code. (#2718)
• 5507629 docs: minor fix in tcgetpgrp and tcsetpgrp doc comments (#2731)
• 9aea929 time: update comment in zero_init_timespec (#2730)
• b44fd1a FreeBSD: add pthread_getthreadid_np() (#2725)
• See full diff in compare view

Updates jiff from 0.2.21 to 0.2.23

Changelog

Sourced from jiff's changelog.

0.2.23 (2026-03-03)

This release updates Jiff's bundled copy of the [IANA Time Zone Database] to 2026a. See the 2026a release announcement for more details.

0.2.22 (2026-02-28)

This release includes a bug fix where fallible conversions from signed durations to unsigned durations could panic in some cases.

Bug fixes:

• #526: Fix a panicking bug that occurs for std::time::Duration::try_from(SignedDuration::new(0, -1)).

Commits

• e5b7f0d 0.2.23
• ff23414 jiff-tzdb-0.1.6
• 225d54b jiff-tzdb: update to tzdb 2026a
• 4fb63be 0.2.22
• 47f5abf signed_duration: fix a panicking bug in `TryFrom<SignedDuration> for std::tim...
• c3d960e fuzz: update dependencies
• See full diff in compare view

Updates redb from 3.1.0 to 3.1.1

Release notes

Sourced from redb's releases.

3.1.1

• Fix panic which could occur when inserting into a table with fixed size keys when debug_assertions are enabled
• Add additional information to the stats returned by cache_stats()

Changelog

Sourced from redb's changelog.

3.1.1 - 2026-03-08

• Fix panic which could occur when inserting into a table with fixed size keys when debug_assertions are enabled
• Add additional information to the stats returned by cache_stats()

Commits

• fc2b084 Bump version to 3.1.1
• bcc1fa3 Update changelog
• eb1c9da Fix panic inserting into fixed size key table
• c14d694 Bump dependencies: pyo3, rusqlite, rand
• 2aa4137 Example of derived Key and Value
• 32f8a13 Fix ambiguity comparing against usize
• f18fc13 Fix example in README
• b752306 Add additional information to the cache stats
• See full diff in compare view

Updates which from 8.0.0 to 8.0.2

Release notes

Sourced from which's releases.

8.0.2

What's Changed

• Remove env_home dependency by @​madsmtm in harryfei/which-rs#118
• New windows impl by @​Xaeroxe in harryfei/which-rs#121
• Swap dependency on rustix for dependency on libc by @​Xaeroxe in harryfei/which-rs#122

New Contributors

• @​madsmtm made their first contribution in harryfei/which-rs#118

Full Changelog: harryfei/which-rs@8.0.1...8.0.2

8.0.1

What's Changed

• Update Readme by @​atouchet in harryfei/which-rs#115
• Empty path fix for Windows machines by @​Xaeroxe in harryfei/which-rs#117

New Contributors

• @​atouchet made their first contribution in harryfei/which-rs#115

Full Changelog: harryfei/which-rs@8.0.0...8.0.1

Changelog

Sourced from which's changelog.

8.0.2

• Dependency on home_env removed, the implementation found in rust 1.85.0 for a home directory has been fixed. Thanks, [@​madsmtm],(https://github.com/madsmtm) for this contribution to which!
• Dependency on winsafe removed, code for Windows API is now handwritten.
• Dependency on rustix removed, we now depend on libc directly to reduce compile times.

8.0.1

• Fix Windows bug reported in harryfei/which-rs#108

Commits

• 5bb3e82 update README MSRV
• aacc10e add changelog entry
• 7b0c544 Swap dependency on rustix for dependency on libc (#122)
• 189e99a New windows impl (#121)
• c48f04e clippy fixes
• 1fa32b7 bump msrv, bump version, add to changelog
• b0d6e74 Remove env_home dependency
• 2697220 chore: add release steps documentation
• 873554e add entry to CHANGELOG.md for 8.0.1
• d684aba bump version to 8.0.1
• Additional commits viewable in compare view

Updates tempfile from 3.25.0 to 3.26.0

Changelog

Sourced from tempfile's changelog.

3.26.0

• Support NamedTempFile::persist on RedoxOS (#393) (thanks to @​Andy-Python-Programmer).

Commits

• See full diff in compare view

Updates uuid from 1.21.0 to 1.22.0

Release notes

Sourced from uuid's releases.

v1.22.0

What's Changed

• Default to rand 0.10 by @​haxtibal in uuid-rs/uuid#863
• Prepare for 1.22.0 release by @​KodrAus in uuid-rs/uuid#864

New Contributors

• @​haxtibal made their first contribution in uuid-rs/uuid#863

Full Changelog: uuid-rs/uuid@v1.21.0...v1.22.0

Commits

• da15792 Merge pull request #864 from uuid-rs/cargo/v1.22.0
• 7ec48c9 prepare for 1.22.0 release
• c4e983f Merge pull request #863 from haxtibal/tdmg/rand_0_9_and_0_10
• f3f677e update workspace root to rand 0.10
• See full diff in compare view

Updates rustix from 1.1.3 to 1.1.4

Commits

• c4caf5c chore: Release rustix version 1.1.4
• 5953a2c Prune pins in CI that are no longer needed. (#1588)
• 9116c05 Bump dependencies (#1567)
• 5ee0ca3 hurd: Fix l_type and l_whence types (#1569)
• 8950589 Clobber vector registers and do not use preserves_flags in riscv64 syscalls (...
• 7b0d2ae Update pins for MSRV compatibility (#1585)
• 99458d8 feat(redox): renameat and renameat_with (#1586)
• a9c8dcb Remove reference to yanked crate in README.md (#1587)
• 8bf15a0 Drop custom makedev implementation for Redox (#1582)
• 74b886d Update pins for MSRV compatibility (#1584)
• See full diff in compare view

Updates winnow from 0.7.14 to 0.7.15

Changelog

Sourced from winnow's changelog.

[0.7.15] - 2026-03-05

Compatibility

• Deprecate combinator::permutation in favor of combinator::unordered_seq!

Features

• Add combinator::unordered_seq!, like seq! but where the order of values does not matter

Commits

• eae4d4a chore: Release
• 5769b89 docs: Update changelog
• 329c13b Merge pull request #876 from epage/unordered_seq
• c169964 fix(comb): Deprecate permutation
• 2f97279 fix(macros): Preserve original failure location
• 5926ad3 feat(comb): Add unordered support to unordered_seq
• 6d7e8d4 feat(comb): Add baseline for unordered_seq
• cfcd411 refactor(macros): Be consistent on indentation
• 716f2a7 Merge pull request #869 from winnow-rs/renovate/crate-ci-committed-1.x
• 7cc7343 Merge pull request #870 from winnow-rs/renovate/crate-ci-typos-1.x
• Additional commits viewable in compare view

Updates whoami from 2.1.0 to 2.1.1

Release notes

Sourced from whoami's releases.

v2.1.1

Changelog

Added

• Support for other Apple targets (untested)

Changed

• Improved unix-like implementations - now depends on libc, and objc2-system-configuration on macOS
• Updated web-sys to 0.3.85

---

What's Changed

• Add initial dependency on libc by @​AldaronLau in ardaku/whoami#221
• Switch out unix defs for ones in the libc crate by @​AldaronLau in ardaku/whoami#222
• Reduce code duplication in unix implementation by @​AldaronLau in ardaku/whoami#223
• Add dependency objc2-system-configuration for MacOS by @​AldaronLau in ardaku/whoami#224
• Bump libc from 0.2.180 to 0.2.181 by @​dependabot[bot] in ardaku/whoami#226
• Bump version to 2.1.1 by @​AldaronLau in ardaku/whoami#225

Full Changelog: ardaku/whoami@v2.1.0...v2.1.1

Commits

• 7e478ff Bump version to 2.1.1 (#225)
• 110b036 Bump libc from 0.2.180 to 0.2.181 (#226)
• 65f272a Add dependency objc2-system-configuration for MacOS (#224)
• 221cd24 Reduce code duplication in unix implementation (#223)
• ad15f77 Switch out unix defs for ones in the libc crate (#222)
• 4425a27 Add initial dependency on libc (#221)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Upgrade dependencies to pick up bug fixes, performance tweaks, and better platform support. Highlights: tokio 1.50, zip 8.2, jiff 0.2.23 (tzdb 2026a), and cleanup of Windows/home-dir deps via which 8.0.2.

• Dependencies
  • Runtime & OS: tokio 1.50; nix 0.31.2; rustix 1.1.4 (FreeBSD timerfd, general fixes).
  • Time & parsing: jiff 0.2.23 (tzdb 2026a + panic fix); toml 1.0.6; winnow 0.7.15 (deprecates permutation).
  • Compression & IO: zip 8.2.0 (zip64 fix, custom salt); tempfile 3.26.0 (Redox persist); zerocopy 0.8.42.
  • Cache & storage: moka 0.12.14 (race fix in future::Cache); redb 3.1.1 (panic fix, better stats).
  • Utilities: which 8.0.2 (drops env_home/winsafe, now uses libc, better Windows PATH); whoami 2.1.1 (adds objc2-system-configuration, libc, broader Apple support); uuid 1.22.0 (defaults to rand 0.10).

^{Written for commit c8add7a. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 2 files