chore(deps): bump the rust-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the rust-dependencies group with 6 updates in the / directory:

Package	From	To
serde_json	1.0.148	1.0.149
uuid	1.19.0	1.20.0
chrono	0.4.42	0.4.43
octocrab	0.49.4	0.49.5
thiserror	2.0.17	2.0.18
reqwest	0.12.28	0.13.1

Updates serde_json from 1.0.148 to 1.0.149

Release notes

Sourced from serde_json's releases.

v1.0.149

• Align arbitrary_precision number strings with zmij's formatting (#1306, thanks @​b41sh)

Commits

• 4f6dbfa Release 1.0.149
• f3df680 Touch up PR 1306
• e16730f Merge pull request #1306 from b41sh/fix-float-number-display
• eeb2bcd Align arbitrary_precision number strings with zmij’s formatting
• See full diff in compare view

Updates uuid from 1.19.0 to 1.20.0

Release notes

Sourced from uuid's releases.

v1.20.0

What's Changed

• Derive Ord and PartialOrd for NonNilUuid by @​mivort in uuid-rs/uuid#854
• Implement Deserialize on adapter types by @​KodrAus in uuid-rs/uuid#855
• Deprecate macro-diagnostics by @​KodrAus in uuid-rs/uuid#856
• Prepare for 1.20.0 release by @​KodrAus in uuid-rs/uuid#857

New Contributors

• @​mivort made their first contribution in uuid-rs/uuid#854

Full Changelog: uuid-rs/uuid@v1.19.0...v1.20.0

Commits

• c3346dd Merge pull request #857 from uuid-rs/cargo/v1.20.0
• 66eebc3 prepare for 1.20.0 release
• 3b66758 Merge pull request #856 from uuid-rs/docs/bytes-le-ordering
• e2bdd44 don't run UI tests in wasm
• b6dc7ec note that ordering applies to fields in to/from_bytes_le
• a0281cd Merge pull request #855 from uuid-rs/feat/serde-fmt
• db27b67 Merge pull request #854 from mivort/non-nil-uuid-ord
• efb06f2 implement Deserialize on adapter types
• 50d44ad Derive Ord and PartialOrd for NonNilUuid
• See full diff in compare view

Updates chrono from 0.4.42 to 0.4.43

Release notes

Sourced from chrono's releases.

0.4.43

What's Changed

• Install extra components for lint workflow by @​djc in chronotope/chrono#1741
• Upgrade windows-bindgen to 0.64 by @​djc in chronotope/chrono#1742
• Improve windows-bindgen setup by @​djc in chronotope/chrono#1744
• Drop stabilized feature doc_auto_cfg by @​djc in chronotope/chrono#1745
• Faster RFC 3339 parsing by @​djc in chronotope/chrono#1748
• Update windows-bindgen requirement from 0.64 to 0.65 by @​dependabot[bot] in chronotope/chrono#1751
• add NaiveDate::abs_diff by @​Kinrany in chronotope/chrono#1752
• Add feature gated defmt support. by @​pebender in chronotope/chrono#1747
• Drop deny lints, eager Debug impls are a mixed blessing by @​djc in chronotope/chrono#1753
• chore: minor improvement for docs by @​spuradage in chronotope/chrono#1756
• Added doctest for the NaiveDate years_since function by @​LucasBou in chronotope/chrono#1755
• Prepare 0.4.43 by @​djc in chronotope/chrono#1765
• Update copyright year to 2026 in LICENSE.txt by @​taozui472 in chronotope/chrono#1767

Commits

• 45caaa9 Update copyright year to 2026 in LICENSE.txt
• 1c0b8f0 Bump version to 0.4.43
• a03e43b Upgrade windows-bindgen to 0.66
• 4fedaba Ignore bincode advisory
• f4b7bbd Bump actions/checkout from 5 to 6
• db12973 Added doctest for the NaiveDate years_since function (#1755)
• 34b5f49 chore: minor improvement for docs
• 8c82711 Bump actions/setup-node from 5 to 6
• ea1f11b Drop deny lints, eager Debug impls are a mixed blessing
• 35f9f2d Add feature gated defmt support.
• Additional commits viewable in compare view

Updates octocrab from 0.49.4 to 0.49.5

Release notes

Sourced from octocrab's releases.

v0.49.5

Fixed

• resolve docs.rs build failure (#848)

Changelog

Sourced from octocrab's changelog.

0.49.5 - 2025-12-30

Fixed

• resolve docs.rs build failure (#848)

Commits

• d4fde40 chore: release v0.49.5 (#849)
• 81da9b1 fix: resolve docs.rs build failure (#848)
• See full diff in compare view

Updates thiserror from 2.0.17 to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

• Make compatible with project-level needless_lifetimes = "forbid" (#443, thanks @​LucaCappelletti94)

Commits

• dc0f6a2 Release 2.0.18
• 0275292 Touch up PR 443
• 3c33bc6 Merge pull request #443 from LucaCappelletti94/master
• 995939c Reproduce issue 442
• 21653d1 Made clippy lifetime allows conditional
• 45e5388 Update actions/upload-artifact@v5 -> v6
• 386aac1 Update actions/upload-artifact@v4 -> v5
• ec50561 Update actions/checkout@v5 -> v6
• 247eab5 Update name of empty_enum clippy lint
• 91b181f Raise required compiler to Rust 1.68
• Additional commits viewable in compare view

Updates reqwest from 0.12.28 to 0.13.1

Release notes

Sourced from reqwest's releases.

v0.13.1

What's Changed

• http3: depend on quinn/rustls-aws-lc-rs to avoid ring dependency by @​djc in seanmonstar/reqwest#2917
• fix rustls on android by @​seanmonstar in seanmonstar/reqwest#2918

Full Changelog: seanmonstar/reqwest@v0.13.0...v0.13.1

v0.13.0

Breaking changes

• rustls is now the default TLS backend, instead of native-tls.
• rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
• rustls-tls has been renamed to rustls.
• rustls roots features removed, rustls-platform-verifier is used by default.
  • To use different roots, call tls_certs_only(your_roots).
• native-tls now includes ALPN. To disable, use native-tls-no-alpn.
• query and form are now crate features, disabled by default.
• Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
• Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
  • For example, prefer tls_backend_rustls() over use_rustls_tls().

Pull Requests in General

• start 0.13 dev by @​seanmonstar in seanmonstar/reqwest#2894
• Make serde optional by introducing query, form features, and re-working WASM header parsing by @​CathalMullan in seanmonstar/reqwest#2858
• replace ClientBuilder::dns_resolver with dns_resolver2 by @​seanmonstar in seanmonstar/reqwest#2898
• feat: make Rustls the default TLS provider by @​calavera in seanmonstar/reqwest#2897
• feat: consolidate TLS options with rustls-platform-verifier by @​seanmonstar in seanmonstar/reqwest#2891
• remove long-deprecated methods: trust-dns and non-wasm-cors by @​seanmonstar in seanmonstar/reqwest#2899
• rename rustls-tls feature to just rustls by @​seanmonstar in seanmonstar/reqwest#2900
• remove deprecated features trust-dns and macos-system-configuration by @​seanmonstar in seanmonstar/reqwest#2901
• chore: separate rustls and rustls-no-provider features by @​seanmonstar in seanmonstar/reqwest#2903
• rustls: allow windows to use extra roots by @​seanmonstar in seanmonstar/reqwest#2904
• v0.13.0-rc.1 by @​seanmonstar in seanmonstar/reqwest#2905
• Enable ALPN by default in native-tls by @​ducaale in seanmonstar/reqwest#2907
• v0.13.0 by @​seanmonstar in seanmonstar/reqwest#2915

New Contributors

• @​CathalMullan made their first contribution in seanmonstar/reqwest#2858

Full Changelog: seanmonstar/reqwest@v0.12.28...v0.13.0

v0.13.0-rc.1

👀 Discussion here if you give it try, thanks!

Main breaking changes

• rustls is now default instead of native-tls
• rustls provider defaults to aws-lc instead of ring (rustls-no-provider exists if you want to enable a different one)
• rustls-tls renamed to rustls
• rustls roots features removed, platform-verifier is used instead

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.1

• Fixes compiling with rustls on Android targets.

v0.13.0

• Breaking changes:
  • rustls is now the default TLS backend, instead of native-tls.
  • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
  • rustls-tls has been renamed to rustls.
  • rustls roots features removed, rustls-platform-verifier is used by default.
    • To use different roots, call tls_certs_only(your_roots).
  • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
  • query and form are now crate features, disabled by default.
  • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
• Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
  • For example, prefer tls_backend_rustls() over use_rustls_tls().

Commits

• 10fb98c v0.13.1
• 438098a chore: refer to h2 as dep:h2 (#2919)
• 43aac91 chore(ci): bump actions/checkout from 5 to 6 (#2864)
• 175f5b2 fix rustls on android (#2918)
• 1afe88e Depend on quinn/rustls-aws-lc-rs to avoid ring dependency (#2917)
• 62a80af v0.13.0
• e8d89f4 enable ALPN by default in native-tls (#2907)
• 9a9daa7 v0.13.0-rc.1
• d518e45 rustls: allow windows to use extra roots (#2904)
• 934bc84 chore: separate rustls and rustls-no-provider features (#2903)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

PR author is in the excluded authors list.

[AriajSarkar]

⚠️ Review: Breaking Change Alert

This PR includes a major version upgrade for reqwest (0.12 → 0.13) which has significant breaking changes:

Key Breaking Changes in reqwest 0.13:

1. Default TLS backend changed: rustls is now default instead of native-tls
2. New build dependencies: Requires CMake and C compiler for aws-lc-sys
3. Feature changes: query and form are now feature-gated (disabled by default)
4. Removed dependencies: hyper-tls, native-tls, tokio-native-tls
5. Added dependencies: aws-lc-rs, quinn (HTTP/3), rustls-platform-verifier

Recommended Actions Before Merging:

1. ✅ Verify the project only uses the json feature (which is still available)
2. 🔨 Update Dockerfile to ensure CMake is installed for aws-lc-sys compilation
3. 🧪 Run cargo build and cargo test locally to validate
4. 📋 Check if the Docker build works in CI

Dockerfile Update Suggestion:

RUN apt-get update && apt-get install -y cmake

The other 5 dependencies (serde_json, uuid, chrono, octocrab, thiserror) are minor/patch updates and are safe.

[AriajSarkar]

On Hold - Awaiting crabgraph TLS CryptoProvider Support

This PR updates rustls to a version that requires an explicit TLS CryptoProvider (
ing or �ws-lc-rs).

We're planning to add rustls CryptoProvider support to crabgraph instead of depending on external crypto backends.

Next steps:

1. Implement
   ustls::crypto::CryptoProvider in crabgraph
2. Update crabgraph dependency in this repo
3. This PR can then be merged

Leaving this PR open for future reference.