chore(deps): bump the dependencies group with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates:

Package	From	To
tokio	1.51.1	1.52.0
bitflags	2.11.0	2.11.1
cc	1.2.59	1.2.60
indexmap	2.13.1	2.14.0
libc	0.2.184	0.2.185
rustls	0.23.37	0.23.38
rustls-webpki	0.103.10	0.103.12

Updates tokio from 1.51.1 to 1.52.0

Release notes

Sourced from tokio's releases.

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

Changed

• runtime: improve spawn_blocking scalability with sharded queue (#7757)
• runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

• runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

• docs: fix typo in oneshot::Sender::send docs (#8026)
• docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
• net: add docs on ConnectionRefused errors with UDP sockets (#7870)

#7757: tokio-rs/tokio#7757 #7870: tokio-rs/tokio#7870 #7907: tokio-rs/tokio#7907 #7992: tokio-rs/tokio#7992 #8010: tokio-rs/tokio#8010 #8025: tokio-rs/tokio#8025 #8026: tokio-rs/tokio#8026 #8028: tokio-rs/tokio#8028 #8029: tokio-rs/tokio#8029 #8030: tokio-rs/tokio#8030 #8035: tokio-rs/tokio#8035 #8040: tokio-rs/tokio#8040

Commits

• 5f7be0a chore: perpare 1.52.0 (#8045)
• 36d12d2 taskdump: allow impl FnMut() in taskdumps instead of just fn() (#8040)
• f943312 fs: support io-uring in AsyncRead for File (#7907)
• 5db10f5 net: add 'try_io' function to 'unix::pipe' sender and receiver types (#8030)
• bbdba71 taskdump: add trace_with for customized task dumps (#8025)
• 7cfce54 ci: update FreeBSD image to 14.4 (#8038)
• 81370e6 net: add docs on ConnectionRefused errors with udp sockets (#7870)
• 203af02 runtime: overflow second half of tasks when local queue is filled instead of ...
• de23092 net: temporarily disable tcp_stream try_read_buf test on WASI (#8036)
• 432ec3f sync: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
• Additional commits viewable in compare view

Updates bitflags from 2.11.0 to 2.11.1

Release notes

Sourced from bitflags's releases.

2.11.1

What's Changed

• Bless compile-fail tests for current beta by @​DanielEScherzer in bitflags/bitflags#478
• example_generated.rs: add missing third slash for doc comment by @​DanielEScherzer in bitflags/bitflags#477
• Clarify self and other in method docs by @​KodrAus in bitflags/bitflags#481
• Prepare for 2.11.1 release by @​KodrAus in bitflags/bitflags#482

New Contributors

• @​DanielEScherzer made their first contribution in bitflags/bitflags#478

Full Changelog: bitflags/bitflags@2.11.0...2.11.1

Changelog

Sourced from bitflags's changelog.

2.11.1

What's Changed

• Bless compile-fail tests for current beta by @​DanielEScherzer in bitflags/bitflags#478
• example_generated.rs: add missing third slash for doc comment by @​DanielEScherzer in bitflags/bitflags#477
• Clarify self and other in method docs by @​KodrAus in bitflags/bitflags#481

New Contributors

• @​DanielEScherzer made their first contribution in bitflags/bitflags#478

Full Changelog: bitflags/bitflags@2.11.0...2.11.1

Commits

• 4ed9ffa Merge pull request #482 from KodrAus/cargo/2.11.1
• c53cd57 prepare for 2.11.1 release
• a44410a Merge pull request #481 from KodrAus/docs/clarifications
• 3d671b9 update more compile error messages
• 5f3adad fix up compile error messages
• 780765d fix up contains and intersection docs
• 97b7607 clarify self and other in method docs
• 88a7a18 Merge pull request #477 from DanielEScherzer/patch-1
• f0e4646 example_generated.rs: add missing third slash for doc comment
• a31c96f Merge pull request #478 from DanielEScherzer/beta-bless
• Additional commits viewable in compare view

Updates cc from 1.2.59 to 1.2.60

Release notes

Sourced from cc's releases.

cc-v1.2.60

Fixed

• (ar) suppress warnings from D modifier probe (#1700)

Changelog

Sourced from cc's changelog.

1.2.60 - 2026-04-10

Fixed

• (ar) suppress warnings from D modifier probe (#1700)

Commits

• 7cad9f5 chore(cc): release v1.2.60 (#1701)
• c15c3eb fix(ar): suppress warnings from D modifier probe (#1700)
• See full diff in compare view

Updates indexmap from 2.13.1 to 2.14.0

Changelog

Sourced from indexmap's changelog.

2.14.0 (2026-04-09)

• MSRV: Rust 1.85.0 or later is now required.
• Updated the hashbrown dependency to 0.17.
• Made more map::Slice methods const: new_mut, first_mut, last_mut, split_at_mut, split_at_mut_checked, split_first_mut, split_last_mut

Commits

• bcd165b Merge pull request #439 from cuviper/release-2.14.0
• 4ef06a7 Release 2.14.0
• d21826c Merge pull request #438 from cuviper/hashbrown-0.17
• 2566bec Upgrade to hashbrown v0.17
• 4b62776 Merge pull request #437 from cuviper/disjoint-panic
• 478fba2 Normalize the panic doc of get_disjoint_mut
• fb6dafd Merge pull request #436 from cuviper/const-slice-mut
• 5c237a2 Make Slice::{first,last,split_*}_mut methods const
• 48ff9ce Merge pull request #435 from cuviper/edition-2024
• 648be98 cargo fmt with edition 2024
• Additional commits viewable in compare view

Updates libc from 0.2.184 to 0.2.185

Release notes

Sourced from libc's releases.

0.2.185

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Changelog

Sourced from libc's changelog.

0.2.185 - 2026-04-13

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Commits

• 71d5bfc libc: Release 0.2.185
• 1027d1c Revert "ci: Pin nightly to 2026-04-01"
• 0e9c6e5 redox: Add semaphore functions
• 24ef457 feat: add back support for gnu windows x86 in ci
• aa75caf horizon: Change POLL constants from c_short to c_int
• b7eda5a hexagon: add missing constants and fix types for linux-musl
• d4613f9 newlib/espidf: Add espidf_picolibc cfg for picolibc O_* flag values
• c89fd76 Fix typo in Padding comments
• b3264b2 hexagon: decouple time64 types from musl symbol redirects
• db1ebee ci: Pin nightly to 2026-04-01
• Additional commits viewable in compare view

Updates rustls from 0.23.37 to 0.23.38

Commits

• 6b116bc Bump version of rustls
• a1da268 client: allow skipping selected ALPN validation
• 5b3ef11 Fix ambiguous panic! warning
• 0f0fbf5 Fix clippy::result_large_err
• 7e99b52 Update semver-compatible dependencies
• See full diff in compare view

Updates rustls-webpki from 0.103.10 to 0.103.12

Release notes

Sourced from rustls-webpki's releases.

0.103.12

This release fixes two bugs in name constraint enforcement:

• GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
• GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

What's Changed

• Prepare 0.103.12 by @​djc in rustls/webpki#470

Full Changelog: rustls/webpki@v/0.103.11...v/0.103.12

0.103.11

In response to #464, we've slightly relaxed requirements for anchor_from_trust_cert() to ignore unknown extensions even if they're marked as critical. This only affects parsing a TrustAnchor from DER, for which most extensions are ignored anyway.

What's Changed

• Backport parsing trust anchors with unknown critical extensions to 0.103 by @​djc in rustls/webpki#466

Commits

• 27131d4 Bump version to 0.103.12
• 6ecb876 Clean up stuttery enum variant names
• 318b3e6 Ignore wildcard labels when matching name constraints
• 1219622 Rewrite constraint matching to avoid permissive catch-all branch
• 57bc62c Bump version to 0.103.11
• d0fa01e Allow parsing trust anchors with unknown criticial extensions
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Milestone

The specified milestone could not be found on this repository. If you view a milestone, the final part of the page URL, after milestone, is the identifier. For example: https://github.com/<org>/<repo>/milestone/3.

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.