Bump the cargo group across 1 directory with 4 updates

[dependabot]

Bumps the cargo group with 4 updates in the / directory: clap, openssl, reqwest and tokio.

Updates clap from 4.5.38 to 4.5.39

Release notes

Sourced from clap's releases.

v4.5.39

[4.5.39] - 2025-05-27

Fixes

• (help) Show short flag aliases before long
• (help) Merge the short and long flag alias lists

Changelog

Sourced from clap's changelog.

[4.5.39] - 2025-05-27

Fixes

• (help) Show short flag aliases before long
• (help) Merge the short and long flag alias lists

Commits

• ed2360f chore: Release
• 196a14b docs: Update changelog
• cd622ab Merge pull request #5846 from ribru17/alias_fn_dedup
• 48ff72b fix(complete): Deduplicate bash subcmd cases
• b1b6f17 Merge pull request #5843 from epage/link
• 5900216 fix(derive): Update link for derive attributes
• fde45f9 chore: Release
• 45d5d7e docs: Update changelog
• 4b82b97 chore: Release
• a982adf docs: Update changelog
• Additional commits viewable in compare view

Updates openssl from 0.10.72 to 0.10.73

Release notes

Sourced from openssl's releases.

openssl-v0.10.73

What's Changed

• test against openssl 3.5.0 by @​alex in sfackler/rust-openssl#2392
• Support Libressl 4.1 by @​botovq in sfackler/rust-openssl#2398
• Release openssl-sys v0.9.108 by @​alex in sfackler/rust-openssl#2399
• Replace ctest2 with ctest by @​botovq in sfackler/rust-openssl#2403
• fixed building on the latest boringssl by @​alex in sfackler/rust-openssl#2414
• Release openssl v0.10.73 and openssl-sys v0.9.109 by @​alex in sfackler/rust-openssl#2415

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.72...openssl-v0.10.73

Commits

• e6209d4 Merge pull request #2415 from alex/bump-version
• 9ca6cfe Release openssl v0.10.73 and openssl-sys v0.9.109
• c42d49c Merge pull request #2414 from alex/boringssl-fix
• 5e24219 Attempt to fix with vcpkg
• 93f30ff fixed building on the latest boringssl
• eb88fb0 Merge pull request #2403 from botovq/ctest
• 79a304a Replace ctest2 with ctest
• 132418b Merge pull request #2399 from alex/release-sys
• f7a692b Release openssl-sys v0.9.108
• 2f9b496 Merge pull request #2398 from botovq/libressl-4.1
• Additional commits viewable in compare view

Updates reqwest from 0.12.15 to 0.12.19

Release notes

Sourced from reqwest's releases.

v0.12.19

What's Changed

• refactor: report custom reason phrase in error message by @​chanbengz in seanmonstar/reqwest#2697
• fix: only check scheme after Policy return follow by @​linyihai in seanmonstar/reqwest#2710
• ci: check cookies feature on wasm target by @​seanmonstar in seanmonstar/reqwest#2711
• fix(redirect): Using tower-http patch to fix invalid content-length header by @​linyihai in seanmonstar/reqwest#2709

Full Changelog: seanmonstar/reqwest@v0.12.18...v0.12.19

v0.12.18

What's Changed

• Fix compilation when socks enabled without TLS.

v0.12.17

What's Changed

• build: Fix compilation issues on macOS by @​0x676e67 in seanmonstar/reqwest#2696

v0.12.16

Highlights

• Add ClientBuilder::http3_congestion_bbr() to enable BBR congestion control.
• Add ClientBuilder::http3_send_grease() to configure whether to send use QUIC grease.
• Add ClientBuilder::http3_max_field_section_size() to configure the maximum response headers.
• Add ClientBuilder::tcp_keepalive_interval() to configure TCP probe interval.
• Add ClientBuilder::tcp_keepalive_retries() to configure TCP probe count.
• Add Proxy::headers() to add extra headers that should be sent to a proxy.
• Fix redirect::Policy::limit() which had an off-by-1 error, allowing 1 more redirect than specified.
• Fix HTTP/3 to support streaming request bodies.
• (wasm) Fix null bodies when calling Response::bytes_stream().

What's Changed

• Clarify that Response::content_length() is not derived from a Content-Length header in docs by @​babolivier in seanmonstar/reqwest#2588
• docs: link to char::REPLACEMENT_CHARACTER by @​marcospb19 in seanmonstar/reqwest#1880
• feat: add H3 client config support by @​smalls0098 in seanmonstar/reqwest#2609
• chore: update brotli to v7 by @​nyurik in seanmonstar/reqwest#2620
• Do not pull in an entirely different DEFLATE implementation just for tests by @​Shnatsel in seanmonstar/reqwest#2625
• chore: fix some typos in comment by @​xixishidibei in seanmonstar/reqwest#2628
• fix(wasm): handle null body in bytes_stream by @​alongubkin in seanmonstar/reqwest#2632
• ClientBuilder::interface on macOS/Solarish OSes by @​hawkw in seanmonstar/reqwest#2623
• ci: use ubuntu-latest in nightly job by @​seanmonstar in seanmonstar/reqwest#2646
• feat: BBR congestion control for http3 by @​threeninesixseven in seanmonstar/reqwest#2642
• feat: Add extentions for Request by @​Xuanwo in seanmonstar/reqwest#2647
• refactor: Store request timeout in request extensions instead by @​Xuanwo in seanmonstar/reqwest#2650
• chore: make ci pass by @​linyihai in seanmonstar/reqwest#2666
• update h3 dependencys by @​Ruben2424 in seanmonstar/reqwest#2670
• Document reqwest can make TLS and cookie requests with Wasm by @​nickbabcock in seanmonstar/reqwest#2661
• fix(redirect): make the number of redirects of policy matches its maximum limit. by @​linyihai in seanmonstar/reqwest#2664

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.12.19

• Fix redirect that changes the method to GET should remove payload headers.
• Fix redirect to only check the next scheme if the policy action is to follow.
• (wasm) Fix compilation error if cookies feature is enabled (by the way, it's a noop feature in wasm).

v0.12.18

• Fix compilation when socks enabled without TLS.

v0.12.17

• Fix compilation on macOS.

v0.12.16

• Add ClientBuilder::http3_congestion_bbr() to enable BBR congestion control.
• Add ClientBuilder::http3_send_grease() to configure whether to send use QUIC grease.
• Add ClientBuilder::http3_max_field_section_size() to configure the maximum response headers.
• Add ClientBuilder::tcp_keepalive_interval() to configure TCP probe interval.
• Add ClientBuilder::tcp_keepalive_retries() to configure TCP probe count.
• Add Proxy::headers() to add extra headers that should be sent to a proxy.
• Fix redirect::Policy::limit() which had an off-by-1 error, allowing 1 more redirect than specified.
• Fix HTTP/3 to support streaming request bodies.
• (wasm) Fix null bodies when calling Response::bytes_stream().

Commits

• 8cf142b v0.12.19
• 35b6c83 fix(redirect): Using tower-http patch to fix invalid content-length heade...
• a54c4cf disable util::add_cookie_header on wasm targets
• a7a2db1 ci: check cookies feature on wasm target
• 522638d fix: only check scheme after redirect Policy return follow (#2710)
• 2fde244 ci: apparently dependabot doesn't understand increase-if-necessary
• 35a6601 refactor: report custom reason phrase in error message (#2697)
• 5e03d04 chore(ci): make dependabot tell us of breaking changes we could upgrade to (#...
• 595c80b v0.12.18
• f279ad1 fix compilation if socks is enabled without tls
• Additional commits viewable in compare view

Updates tokio from 1.45.0 to 1.45.1

Release notes

Sourced from tokio's releases.

Tokio v1.45.1

1.45.1 (May 24th, 2025)

This fixes a regression on the wasm32-unknown-unknown target, where code that previously did not panic due to calls to Instant::now() started failing. This is due to the stabilization of the first time-based metric.

Fixed

• Disable time-based metrics on wasm32-unknown-unknown (#7322)

#7322: tokio-rs/tokio#7322

Commits

• 3768696 chore: prepare Tokio v1.45.1 (#7359)
• 421a7b0 rt: do not track time-based metrics on wasm32-unknown-unknown (#7322)
• b1bdb3c ci: update macros_type_mismatch for Rust 1.87.0 (#7339)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.50%. Comparing base (851a435) to head (4e9a5a6).
⚠️ Report is 16 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #146      +/-   ##
==========================================
- Coverage   97.53%   97.50%   -0.03%     
==========================================
  Files          14       14              
  Lines        3406     3406              
==========================================
- Hits         3322     3321       -1     
- Misses         84       85       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codspeed-hq]

CodSpeed Performance Report

Merging #146 will not alter performance

_{Comparing dependabot/cargo/cargo-2f67c96b9f (4e9a5a6) with main (49a7c8d)}

Summary

✅ 1 untouched benchmarks

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.