chore(deps): bump the dependencies group with 12 updates

[dependabot]

Bumps the dependencies group with 12 updates:

Package	From	To
rand	0.10.0	0.10.1
tokio	1.51.1	1.52.0
aws-lc-rs	1.16.2	1.16.3
aws-lc-sys	0.39.1	0.40.0
bitflags	2.11.0	2.11.1
cc	1.2.59	1.2.60
clap	4.6.0	4.6.1
clap_derive	4.6.0	4.6.1
indexmap	2.13.1	2.14.0
libc	0.2.184	0.2.185
rustls	0.23.37	0.23.38
rustls-webpki	0.103.10	0.103.12

Updates rand from 0.10.0 to 0.10.1

Changelog

Sourced from rand's changelog.

[0.10.1] — 2026-02-11

This release includes a fix for a soundness bug; see #1763.

Changes

• Document panic behavior of make_rng and add #[track_caller] (#1761)
• Deprecate feature log (#1763)

#1761: rust-random/rand#1761 #1763: rust-random/rand#1763

Commits

• 27ff4cb Prepare v0.10.1: deprecate feature log (#1763)
• 98d0638 make_rng: document panic and add #[track_caller] (#1761)
• 54e5eaa Fix doc error (#1758)
• 1ce4c08 Bump itoa from 1.0.17 to 1.0.18 in the all-deps group (#1756)
• ccb734b docs: fix typo in doc comment (#1754)
• 357eb7d Bump libc from 0.2.182 to 0.2.183 in the all-deps group (#1753)
• 5e77fe5 Fix trait references in documentation (#1752)
• da89185 Bump the all-deps group with 3 updates (#1751)
• 50516ff Bump the all-deps group with 2 updates (#1749)
• fd71de9 Bump the all-deps group with 2 updates (#1747)
• Additional commits viewable in compare view

Updates tokio from 1.51.1 to 1.52.0

Release notes

Sourced from tokio's releases.

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

Changed

• runtime: improve spawn_blocking scalability with sharded queue (#7757)
• runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

• runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

• docs: fix typo in oneshot::Sender::send docs (#8026)
• docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
• net: add docs on ConnectionRefused errors with UDP sockets (#7870)

#7757: tokio-rs/tokio#7757 #7870: tokio-rs/tokio#7870 #7907: tokio-rs/tokio#7907 #7992: tokio-rs/tokio#7992 #8010: tokio-rs/tokio#8010 #8025: tokio-rs/tokio#8025 #8026: tokio-rs/tokio#8026 #8028: tokio-rs/tokio#8028 #8029: tokio-rs/tokio#8029 #8030: tokio-rs/tokio#8030 #8035: tokio-rs/tokio#8035 #8040: tokio-rs/tokio#8040

Commits

• 5f7be0a chore: perpare 1.52.0 (#8045)
• 36d12d2 taskdump: allow impl FnMut() in taskdumps instead of just fn() (#8040)
• f943312 fs: support io-uring in AsyncRead for File (#7907)
• 5db10f5 net: add 'try_io' function to 'unix::pipe' sender and receiver types (#8030)
• bbdba71 taskdump: add trace_with for customized task dumps (#8025)
• 7cfce54 ci: update FreeBSD image to 14.4 (#8038)
• 81370e6 net: add docs on ConnectionRefused errors with udp sockets (#7870)
• 203af02 runtime: overflow second half of tasks when local queue is filled instead of ...
• de23092 net: temporarily disable tcp_stream try_read_buf test on WASI (#8036)
• 432ec3f sync: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
• Additional commits viewable in compare view

Updates aws-lc-rs from 1.16.2 to 1.16.3

Release notes

Sourced from aws-lc-rs's releases.

aws-lc-rs v1.16.3

What's Changed

• Key length validation in UnboundCipherKey::new() now enforced at runtime by @​justsmth in aws/aws-lc-rs#1092
  • The documented error on key length mismatch was never actually checked. Streaming cipher constructors also relied on debug_assert_eq! which gets stripped in release builds — these are now runtime checks.
• Support MSAN and TSAN sanitizer builds via AWS_LC_SYS_SANITIZER environment variable by @​justsmth in aws/aws-lc-rs#1100
  • Accepts asan, msan, or tsan. The existing asan feature flag continues to work.

Build Improvements

• Follow symlinks when classifying include directory entries by @​cmtm in aws/aws-lc-rs#1071
  • Fixes builds under Bazel (and other build systems) where source files in CARGO_MANIFEST_DIR are symlinks into a content-addressable store.
• Improve clang-cl discovery for Windows ARM64 builds by @​justsmth in aws/aws-lc-rs#1060
  • The build script now discovers clang-cl inside Visual Studio installations rather than requiring it on PATH.
• Fix Windows ARM64 FIPS build: pass correct architecture to vcvarsall.bat by @​justsmth in aws/aws-lc-rs#1075
• Strip LTO flags from CFLAGS for FIPS builds by @​skmcgrail in aws/aws-lc-rs#1087
  • Build environments like RPM mock chroots (e.g. AL2023) that export -flto=auto in CFLAGS would break the FIPS delocator pipeline.
• MSVC: Fix builtin swap intrinsic check to avoid link-time failures by @​walter-zeromatter in aws/aws-lc-rs#1086
• MSVC: Add jitterentropy src subdirectory to include search path by @​walter-zeromatter in aws/aws-lc-rs#1085
• MSVC: Use 8.3 short paths on Windows to avoid MAX_PATH limits by @​walter-zeromatter in aws/aws-lc-rs#1081

Issues Being Closed

• Clarify that build needs to run from VS Developer shell for Windows builds -- aws/aws-lc-rs#1056
• Add MSAN (MemorySanitizer) support, matching existing ASAN support -- aws/aws-lc-rs#1077

Other Merged PRs

• Prepare aws-lc-sys v0.39.1 by @​justsmth in aws/aws-lc-rs#1080
• Bump aws-lc-fips-sys to v0.13.14 by @​skmcgrail in aws/aws-lc-rs#1088
• CI: Harden artifact workflows and update action versions by @​justsmth in aws/aws-lc-rs#1091
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in aws/aws-lc-rs#1096
• Bump actions/setup-go from 4 to 6 by @​dependabot[bot] in aws/aws-lc-rs#1095
• Bump codecov/codecov-action from 4 to 6 by @​dependabot[bot] in aws/aws-lc-rs#1094
• Prepare aws-lc-rs v1.16.3 by @​justsmth in aws/aws-lc-rs#1098
• Prepare aws-lc-sys v0.40.0 by @​justsmth in aws/aws-lc-rs#1099

New Contributors

• @​cmtm made their first contribution in aws/aws-lc-rs#1071
• @​walter-zeromatter made their first contribution in aws/aws-lc-rs#1086

Full Changelog: aws/aws-lc-rs@v1.16.2...v1.16.3

Commits

• f75bae5 Support MSAN and TSAN sanitizer builds via environment variable (#1100)
• 64677e8 Improve clang-cl discovery for Windows ARM64 builds (#1060)
• e2e3e15 Prepare aws-lc-sys v0.40.0 (#1099)
• e0ec100 Prepare aws-lc-rs v1.16.3 (#1098)
• 46ed951 MSVC Fix: use 8.3 short paths on Windows to avoid MAX_PATH limits in building...
• 27c4cca Add jitterentropy src subdirectory to include search path (#1085)
• 6b30158 MSVC Fix: Improve bad intrinsic check on msvc (#1086)
• 5a3f9ca Bump codecov/codecov-action from 4 to 6 (#1094)
• 6a7b379 Bump actions/setup-go from 4 to 6 (#1095)
• f7cb890 Bump actions/checkout from 4 to 6 (#1096)
• Additional commits viewable in compare view

Updates aws-lc-sys from 0.39.1 to 0.40.0

Commits

• f75bae5 Support MSAN and TSAN sanitizer builds via environment variable (#1100)
• 64677e8 Improve clang-cl discovery for Windows ARM64 builds (#1060)
• e2e3e15 Prepare aws-lc-sys v0.40.0 (#1099)
• e0ec100 Prepare aws-lc-rs v1.16.3 (#1098)
• 46ed951 MSVC Fix: use 8.3 short paths on Windows to avoid MAX_PATH limits in building...
• 27c4cca Add jitterentropy src subdirectory to include search path (#1085)
• 6b30158 MSVC Fix: Improve bad intrinsic check on msvc (#1086)
• 5a3f9ca Bump codecov/codecov-action from 4 to 6 (#1094)
• 6a7b379 Bump actions/setup-go from 4 to 6 (#1095)
• f7cb890 Bump actions/checkout from 4 to 6 (#1096)
• Additional commits viewable in compare view

Updates bitflags from 2.11.0 to 2.11.1

Release notes

Sourced from bitflags's releases.

2.11.1

What's Changed

• Bless compile-fail tests for current beta by @​DanielEScherzer in bitflags/bitflags#478
• example_generated.rs: add missing third slash for doc comment by @​DanielEScherzer in bitflags/bitflags#477
• Clarify self and other in method docs by @​KodrAus in bitflags/bitflags#481
• Prepare for 2.11.1 release by @​KodrAus in bitflags/bitflags#482

New Contributors

• @​DanielEScherzer made their first contribution in bitflags/bitflags#478

Full Changelog: bitflags/bitflags@2.11.0...2.11.1

Changelog

Sourced from bitflags's changelog.

2.11.1

What's Changed

• Bless compile-fail tests for current beta by @​DanielEScherzer in bitflags/bitflags#478
• example_generated.rs: add missing third slash for doc comment by @​DanielEScherzer in bitflags/bitflags#477
• Clarify self and other in method docs by @​KodrAus in bitflags/bitflags#481

New Contributors

• @​DanielEScherzer made their first contribution in bitflags/bitflags#478

Full Changelog: bitflags/bitflags@2.11.0...2.11.1

Commits

• 4ed9ffa Merge pull request #482 from KodrAus/cargo/2.11.1
• c53cd57 prepare for 2.11.1 release
• a44410a Merge pull request #481 from KodrAus/docs/clarifications
• 3d671b9 update more compile error messages
• 5f3adad fix up compile error messages
• 780765d fix up contains and intersection docs
• 97b7607 clarify self and other in method docs
• 88a7a18 Merge pull request #477 from DanielEScherzer/patch-1
• f0e4646 example_generated.rs: add missing third slash for doc comment
• a31c96f Merge pull request #478 from DanielEScherzer/beta-bless
• Additional commits viewable in compare view

Updates cc from 1.2.59 to 1.2.60

Release notes

Sourced from cc's releases.

cc-v1.2.60

Fixed

• (ar) suppress warnings from D modifier probe (#1700)

Changelog

Sourced from cc's changelog.

1.2.60 - 2026-04-10

Fixed

• (ar) suppress warnings from D modifier probe (#1700)

Commits

• 7cad9f5 chore(cc): release v1.2.60 (#1701)
• c15c3eb fix(ar): suppress warnings from D modifier probe (#1700)
• See full diff in compare view

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates clap_derive from 4.6.0 to 4.6.1

Release notes

Sourced from clap_derive's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap_derive's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• ac5fda6 chore: Release
• b73c627 docs: Update changelog
• 44cfb34 Merge pull request #6346 from TomPlanche/fix/cargo-env-incremental-rebuild
• 34ef8a0 fix(derive): Track Cargo env vars for incremental rebuilds
• 0fe0be3 chore: Release
• 480af9d docs: Update changelog
• 2b3ddd0 Merge pull request #6340 from liskin/fix-completion-escape
• 7ffe739 fix(complete): Do not suggest options after "--"
• d47fc4f test(complete): Options suggested after escape (--)
• 1420275 chore: Release
• Additional commits viewable in compare view

Updates indexmap from 2.13.1 to 2.14.0

Changelog

Sourced from indexmap's changelog.

2.14.0 (2026-04-09)

• MSRV: Rust 1.85.0 or later is now required.
• Updated the hashbrown dependency to 0.17.
• Made more map::Slice methods const: new_mut, first_mut, last_mut, split_at_mut, split_at_mut_checked, split_first_mut, split_last_mut

Commits

• bcd165b Merge pull request #439 from cuviper/release-2.14.0
• 4ef06a7 Release 2.14.0
• d21826c Merge pull request #438 from cuviper/hashbrown-0.17
• 2566bec Upgrade to hashbrown v0.17
• 4b62776 Merge pull request #437 from cuviper/disjoint-panic
• 478fba2 Normalize the panic doc of get_disjoint_mut
• fb6dafd Merge pull request #436 from cuviper/const-slice-mut
• 5c237a2 Make Slice::{first,last,split_*}_mut methods const
• 48ff9ce Merge pull request #435 from cuviper/edition-2024
• 648be98 cargo fmt with edition 2024
• Additional commits viewable in compare view

Updates libc from 0.2.184 to 0.2.185

Release notes

Sourced from libc's releases.

0.2.185

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Changelog

Sourced from libc's changelog.

0.2.185 - 2026-04-13

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Commits

• 71d5bfc libc: Release 0.2.185
• 1027d1c Revert "ci: Pin nightly to 2026-04-01"
• 0e9c6e5 redox: Add semaphore functions
• 24ef457 feat: add back support for gnu windows x86 in ci
• aa75caf horizon: Change POLL constants from c_short to c_int
• b7eda5a hexagon: add missing constants and fix types for linux-musl
• d4613f9 newlib/espidf: Add espidf_picolibc cfg for picolibc O_* flag values
• c89fd76 Fix typo in Padding comments
• b3264b2 hexagon: decouple time64 types from musl symbol redirects
• db1ebee ci: Pin nightly to 2026-04-01
• Additional commits viewable in compare view

Updates rustls from 0.23.37 to 0.23.38

Commits

• 6b116bc Bump version of rustls
• a1da268 client: allow skipping selected ALPN validation
• 5b3ef11 Fix ambiguous panic! warning
• 0f0fbf5 Fix clippy::result_large_err
• 7e99b52 Update semver-compatible dependencies
• See full diff in compare view

Updates rustls-webpki from 0.103.10 to 0.103.12

Release notes

Sourced from rustls-webpki's releases.

0.103.12

This release fixes two bugs in name constraint enforcement:

• GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
• GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

What's Changed

• Prepare 0.103.12 by @​djc in rustls/webpki#470

Full Changelog: rustls/webpki@v/0.103.11...v/0.103.12

0.103.11

In response to #464, we've slightly relaxed requirements for anchor_from_trust_cert() to ignore unknown extensions even if they're marked as critical. This only affects parsing a TrustAnchor from DER, for which most extensions are ignored anyway.

What's Changed

• Backport parsing trust anchors with unknown critical extensions to 0.103 by @​djc in rustls/webpki#466

Commits

• 27131d4 Bump version to 0.103.12
• 6ecb876 Clean up stuttery enum variant names
• 318b3e6 Ignore wildcard labels when matching name constraints
• 1219622 Rewrite constraint matching to avoid permissive catch-all branch
• 57bc62c Bump version to 0.103.11
• d0fa01e Allow parsing trust anchors with unknown criticial extensions
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Milestone

The specified milestone could not be found on this repository. If you view a milestone, the final part of the page URL, after milestone, is the identifier. For example: https://github.com/<org>/<repo>/milestone/3.

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.