Bump the minor-and-patch group across 1 directory with 10 updates

[dependabot]

Bumps the minor-and-patch group with 10 updates in the / directory:

Package	From	To
buttplug	9.0.8	9.0.9
chrono	0.4.41	0.4.42
clap	4.5.40	4.5.47
reqwest	0.12.21	0.12.23
semver	1.0.26	1.0.27
serde	1.0.219	1.0.223
tokio	1.45.1	1.47.1
toml	0.8.23	0.9.5
tracing-subscriber	0.3.19	0.3.20
warp	0.3.7	0.4.2

Updates buttplug from 9.0.8 to 9.0.9

Commits

• 4c97952 doc: Update version/CHANGELOG for 9.0.9
• cfac028 feat: Add support for a number of config only devices
• afb2ed8 feat: Adding support for the wifi capable version Keon
• See full diff in compare view

Updates chrono from 0.4.41 to 0.4.42

Release notes

Sourced from chrono's releases.

0.4.42

What's Changed

• Add fuzzer for DateTime::parse_from_str by @​tyler92 in chronotope/chrono#1700
• Fix wrong amount of micro/milliseconds by @​nmlt in chronotope/chrono#1703
• Add warning about MappedLocalTime and wasm by @​lutzky in chronotope/chrono#1702
• Fix incorrect parsing of fixed-length second fractions by @​chris-leach in chronotope/chrono#1705
• Fix cfgs for wasm32-linux support by @​arjunr2 in chronotope/chrono#1707
• Fix OpenHarmony's tzdata parsing by @​ldm0 in chronotope/chrono#1679
• Convert NaiveDate to/from days since unix epoch by @​findepi in chronotope/chrono#1715
• Add ?Sized bound to related methods of DelayedFormat::write_to by @​Huliiiiii in chronotope/chrono#1721
• Add from_timestamp_secs method to DateTime by @​jasonaowen in chronotope/chrono#1719
• Migrate to core::error::Error by @​benbrittain in chronotope/chrono#1704
• Upgrade to windows-bindgen 0.63 by @​djc in chronotope/chrono#1730
• strftime: simplify error handling by @​djc in chronotope/chrono#1731

Commits

• f3fd15f Bump version to 0.4.42
• 5cf5603 strftime: add regression test case
• a623170 strftime: simplify error handling
• 36fbfb1 strftime: move specifier handling out of match to reduce rightward drift
• 7f413c3 strftime: yield None early
• 9d5dfe1 strftime: outline constants
• e5f6be7 strftime: move error() method below caller
• d516c27 strftime: merge impl blocks
• 0ee2172 strftime: re-order items to keep impls together
• 757a8b0 Upgrade to windows-bindgen 0.63
• Additional commits viewable in compare view

Updates clap from 4.5.40 to 4.5.47

Release notes

Sourced from clap's releases.

v4.5.47

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

v4.5.46

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

v4.5.45

[4.5.45] - 2025-08-12

Fixes

• (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

v4.5.44

[4.5.44] - 2025-08-11

Features

• Add Command::mut_subcommands

v4.5.43

[4.5.43] - 2025-08-06

Fixes

• (help) In long help, list Possible Values before defaults, rather than after, for a more consistent look

v4.5.42

[4.5.42] - 2025-07-30

Fixes

• Include subcommand visible long aliases in --help

Changelog

Sourced from clap's changelog.

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

[4.5.46] - 2025-08-26

Features

• Expose StyledStr::push_str

[4.5.45] - 2025-08-12

Fixes

• (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

[4.5.44] - 2025-08-11

Features

• Add Command::mut_subcommands

[4.5.43] - 2025-08-06

Fixes

• (help) In long help, list Possible Values before defaults, rather than after, for a more consistent look

[4.5.42] - 2025-07-30

Fixes

• Include subcommand visible long aliases in --help

[4.5.41] - 2025-07-09

Features

• Add Styles::context and Styles::context_value to customize the styling of [default: value] like notes in the --help

Commits

• f046ca6 chore: Release
• 436949d docs: Update changelog
• 1ddab84 Merge pull request #5954 from epage/tests
• 8a66dbf test(complete): Add more native cases
• 76465cf test(complete): Make things more consistent
• 232cedb test(complete): Remove redundant index
• 02244a6 Merge pull request #5949 from krobelus/option-name-completions-after-positionals
• 2e13847 fix(complete): Missing options in multi-val arg
• 74388d7 test(complete): Multi-valued, unbounded positional
• 5b3d45f refactor(complete): Extract function for options
• Additional commits viewable in compare view

Updates reqwest from 0.12.21 to 0.12.23

Release notes

Sourced from reqwest's releases.

v0.12.23

tl;dr

• 🇺🇩🇸 Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• 🔁 Add ClientBuilder::retries(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
• Add http3_* options to blocking::ClientBuilder.
• Fix default TCP timeout values to enabled and faster.
• Fix SOCKS proxies to default to port 1080
• (wasm) Add cache methods to RequestBuilder.

What's Changed

• Minimize package size by @​weiznich in seanmonstar/reqwest#2759
• chore(dev-dependencies): bump brotli by @​seanmonstar in seanmonstar/reqwest#2760
• upgrade hickory-dns to 0.25 by @​seanmonstar in seanmonstar/reqwest#2761
• Re-expose http3 options in blocking::clientBuilder by @​ducaale in seanmonstar/reqwest#2770
• fix(proxy): restore default port 1080 for SOCKS proxies without explicit port by @​0x676e67 in seanmonstar/reqwest#2771
• ci: use msrv-aware cargo in msrv job by @​seanmonstar in seanmonstar/reqwest#2779
• feat: add request cache option for wasm by @​Spxg in seanmonstar/reqwest#2775
• style(client): use std::task::ready! macro to simplify Poll branch match by @​0x676e67 in seanmonstar/reqwest#2781
• fix: add default tcp keepalive and user_timeout values by @​seanmonstar in seanmonstar/reqwest#2780
• feat: add unix_socket() option to client builder by @​seanmonstar in seanmonstar/reqwest#2624
• Add retry policies by @​seanmonstar in seanmonstar/reqwest#2763
• refactor: loosen retry for_host parameter bounds by @​Enduriel in seanmonstar/reqwest#2792
• feat: add dns_resolver2 that is more ergonomic and flexible by @​seanmonstar in seanmonstar/reqwest#2793
• Prepare v0.12.23 by @​seanmonstar in seanmonstar/reqwest#2795

New Contributors

• @​weiznich made their first contribution in seanmonstar/reqwest#2759
• @​Spxg made their first contribution in seanmonstar/reqwest#2775
• @​Enduriel made their first contribution in seanmonstar/reqwest#2792

Full Changelog: seanmonstar/reqwest@v0.12.22...v0.12.23

v0.12.22

tl;dr

• Fix socks proxies when resolving IPv6 destinations.

What's Changed

• fix(socks): bracket IPv6 addresses when formatting destination host by @​0x676e67 in seanmonstar/reqwest#2753
• Prepare v0.12.22 by @​seanmonstar in seanmonstar/reqwest#2754

Full Changelog: seanmonstar/reqwest@v0.12.21...v0.12.22

Changelog

Sourced from reqwest's changelog.

v0.12.23

• Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• Add ClientBuilder::retry(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
• Add http3_* options to blocking::ClientBuilder.
• Fix default TCP timeout values to enabled and faster.
• Fix SOCKS proxies to default to port 1080
• (wasm) Add cache methods to RequestBuilder.

v0.12.22

• Fix socks proxies when resolving IPv6 destinations.

Commits

• ae7375b v0.12.23
• 9aacdc1 feat: add dns_resolver2 that is more ergonomic and flexible (#2793)
• 221be11 refactor: loosen retry for_host parameter bounds (#2792)
• acd1b05 feat: add reqwest::retry policies (#2763)
• 54b6022 feat: add ClientBuilder::unix_socket() option (#2624)
• 6358cef fix: add default tcp keepalive and user_timeout values (#2780)
• 21226a5 style(client): use std::task::ready! macro to simplify Poll branch matching...
• 82086e7 feat: add request cache options for wasm (#2775)
• 2a0f7a3 ci: use msrv-aware cargo in msrv job (#2779)
• f186803 fix(proxy): restore default port 1080 for SOCKS proxies without explicit port...
• Additional commits viewable in compare view

Updates semver from 1.0.26 to 1.0.27

Release notes

Sourced from semver's releases.

1.0.27

• Switch serde dependency to serde_core (#333)

Commits

• 6ed8561 Release 1.0.27
• 6967bba Add serde version constraint
• 84d3057 Exclude build.rs from crates.io package
• b09aac9 Merge pull request #343 from dtolnay/up
• 49b8570 Delete backport module
• 9b04afe Merge pull request #342 from dtolnay/up
• 83a8e91 Delete no_nonzero_bitscan configuration
• e606a17 Merge pull request #341 from dtolnay/up
• ebe7cf1 Delete no_unsafe_op_in_unsafe_fn_lint configuration
• a381bff Merge pull request #340 from dtolnay/up
• Additional commits viewable in compare view

Updates serde from 1.0.219 to 1.0.223

Release notes

Sourced from serde's releases.

v1.0.223

• Fix serde_core documentation links (#2978)

v1.0.222

• Make serialize_with attribute produce code that works if respanned to 2024 edition (#2950, thanks @​aytey)

v1.0.221

• Documentation improvements (#2973)
• Deprecate serde_if_integer128! macro (#2975)

v1.0.220

• Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: https://docs.rs/serde_core (#2608, thanks @​osiewicz)

Commits

• 6c316d7 Release 1.0.223
• a4ac0c2 Merge pull request #2978 from dtolnay/htmlrooturl
• ed76364 Change serde_core's html_root_url to docs.rs/serde_core
• 57e21a1 Release 1.0.222
• bb58726 Merge pull request #2950 from aytey/fix_lifetime_issue_2024
• 3f69251 Delete unneeded field of MapDeserializer
• fd4decf Merge pull request #2976 from dtolnay/content
• 00b1b6b Move Content's Deserialize impl from serde_core to serde
• cf141aa Move Content's Clone impl from serde_core to serde
• ff3aee4 Release 1.0.221
• Additional commits viewable in compare view

Updates tokio from 1.45.1 to 1.47.1

Release notes

Sourced from tokio's releases.

Tokio v1.47.1

1.47.1 (August 1st, 2025)

Fixed

• process: fix panic from spurious pidfd wakeup (#7494)
• sync: fix broken link of Python asyncio.Event in SetOnce docs (#7485)

#7485: tokio-rs/tokio#7485 #7494: tokio-rs/tokio#7494

Tokio v1.47.0

1.47.0 (July 25th, 2025)

This release adds poll_proceed and cooperative to the coop module for cooperative scheduling, adds SetOnce to the sync module which provides similar functionality to [std::sync::OnceLock], and adds a new method sync::Notify::notified_owned() which returns an OwnedNotified without a lifetime parameter.

Added

• coop: add cooperative and poll_proceed (#7405)
• sync: add SetOnce (#7418)
• sync: add sync::Notify::notified_owned() (#7465)

Changed

• deps: upgrade windows-sys 0.52 → 0.59 (#7117)
• deps: update to socket2 v0.6 (#7443)
• sync: improve AtomicWaker::wake performance (#7450)

Documented

• metrics: fix listed feature requirements for some metrics (#7449)
• runtime: improve safety comments of Readiness<'_> (#7415)

#7405: tokio-rs/tokio#7405 #7415: tokio-rs/tokio#7415 #7418: tokio-rs/tokio#7418 #7449: tokio-rs/tokio#7449 #7450: tokio-rs/tokio#7450 #7465: tokio-rs/tokio#7465

Tokio v1.46.1

1.46.1 (July 4th, 2025)

This release fixes incorrect spawn locations in runtime task hooks for tasks spawned using tokio::spawn rather than Runtime::spawn. This issue only effected the spawn location in TaskMeta::spawned_at, and did not effect task locations in Tracing events.

... (truncated)

Commits

• be8ee45 chore: prepare Tokio v1.47.1 (#7504)
• d9b1916 Merge 'tokio-1.43.2' into 'tokio-1.47.x' (#7503)
• db8edc6 chore: prepare Tokio v1.43.2 (#7502)
• 4730984 readme: add 1.47 as LTS release (#7497)
• 1979615 process: fix panic from spurious pidfd wakeup (#7494)
• f669a60 ci: add lockfile for LTS branch
• ce41896 sync: fix broken link of Python asyncio.Event in SetOnce docs (#7485)
• c8ab78a changelog: fix incorrect PR number for 1.47.0 (#7484)
• 3911cb8 chore: prepare Tokio v1.47.0 (#7482)
• d545aa2 sync: add sync::Notify::notified_owned() (#7465)
• Additional commits viewable in compare view

Updates toml from 0.8.23 to 0.9.5

Commits

• bd21148 chore: Release
• ff1cb9a docs: Update changelog
• 39dd8b6 fix(parser): Improve bad quote error messages (#1014)
• 137338e chore(deps): Update Rust crate serde_json to v1.0.142 (#1022)
• 2126e6a chore: Release
• fa2100a docs: Update changelog
• 0c75bbd feat(toml): Expose DeInteger/DeFloat as_str/radix (#1021)
• e3d64df feat(toml): Expose DeFloat::as_str
• ffdd211 feat(toml): Expose DeInteger::as_str/radix
• 9e7adcc docs(readme): Fix links to crates (#1020)
• Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.19 to 0.3.20

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.20

Security Fix: ANSI Escape Sequence Injection (CVE-TBD)

Impact

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:

• Manipulate terminal title bars
• Clear screens or modify terminal display
• Potentially mislead users through terminal manipulation

In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.

Solution

Version 0.3.20 fixes this vulnerability by escaping ANSI control characters in when writing events to destinations that may be printed to the terminal.

Affected Versions

All versions of tracing-subscriber prior to 0.3.20 are affected by this vulnerability.

Recommendations

Immediate Action Required: We recommend upgrading to tracing-subscriber 0.3.20 immediately, especially if your application:

• Logs user-provided input (form data, HTTP headers, query parameters, etc.)
• Runs in environments where terminal output is displayed to users

Migration

This is a patch release with no breaking API changes. Simply update your Cargo.toml:

[dependencies]
tracing-subscriber = "0.3.20"

Acknowledgments

We would like to thank zefr0x who responsibly reported the issue at security@tokio.rs.

If you believe you have found a security vulnerability in any tokio-rs project, please email us at security@tokio.rs.

Commits

• 4c52ca5 fmt: fix ANSI escape sequence injection vulnerability (#3368)
• f71cebe subscriber: impl Clone for EnvFilter (#3360)
• 3a1f571 Fix CI (#3361)
• e63ef57 chore: prepare tracing-attributes 0.1.30 (#3316)
• 6e59a13 attributes: fix tracing::instrument regression around shadowing (#3311)
• e4df761 tracing: update core to 0.1.34 and attributes to 0.1.29 (#3305)
• 643f392 chore: prepare tracing-attributes 0.1.29 (#3304)
• d08e7a6 chore: prepare tracing-core 0.1.34 (#3302)
• 6e70c57 tracing-subscriber: count numbers of enters in Timings (#2944)
• c01d4fd fix docs and enable CI on main branch (#3295)
• Additional commits viewable in compare view

Updates warp from 0.3.7 to 0.4.2

Release notes

Sourced from warp's releases.

v0.4.1

Fixes:

• Fix Server::graceful() bounds incorrect requiring the filter to be a future.
• Enable tokio/net when the server feature is enabled.
• Render cfgs in the docs.

Full Changelog: seanmonstar/warp@v0.4.0...v0.4.1

v0.4.0

Changes:

• Upgrade to hyper, http, and http-body to v1.
• Remove multipart and websocket features from being enabled by default.
• Put warp::serve() behind a server feature, not enabled by default.
• Put warp::test behind a test feature, not enabled by default.
• Remove tls feature and types.
• Remove warp::addr filters.

Full Changelog: seanmonstar/warp@v0.3.7...v0.4.0

Changelog

Sourced from warp's changelog.

v0.4.2 (August 19, 2025)

• Features:
  • Add support for passing UnixListener to incoming(listener).
• Fixes:
  • Reduce some dependencies when server is not enabled.

v0.4.1 (August 6, 2025)

• Fixes:
  • Fix Server::graceful() bounds incorrect requiring the filter to be a future.
  • Enable tokio/net when the server feature is enabled.
  • Render cfgs in the docs.

v0.4.0 (August 5, 2025)

• Changes:
  • Upgrade to hyper, http, and http-body to v1.
  • Remove multipart and websocket features from being enabled by default.
  • Put warp::serve() behind a server feature, not enabled by default.
  • Put warp::test behind a test feature, not enabled by default.
  • Remove tls feature and types.
  • Remove warp::addr filters.

Commits

• c29f293 v0.4.2
• 3867d41 feat: implement Accept for tokio::net::UnixListener (#1135)
• d120a0e deps: make futures-channel optional dependency (#1134)
• 3641ea7 deps: make hyper optional dependency (#1133)
• f4d8e08 ci: update to actions/checkout v4 (#1131)
• 4f3f653 Bump http-body-util min version to 0.1.2 (#1129)
• e5001e2 Move to minimum working hyper util (#1128)
• eea3a28 v0.4.1
• 53bc811 docs: ensure Server methods have docs (#1125)
• 8673081 fix: server.graceful() had wrong trait bounds
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.