Skip to content

Combined Dependabot PRs 2026-05-02#322

Open
code-search-bot wants to merge 6 commits intomainfrom
combined-dependabot-20260502-072942
Open

Combined Dependabot PRs 2026-05-02#322
code-search-bot wants to merge 6 commits intomainfrom
combined-dependabot-20260502-072942

Conversation

@code-search-bot
Copy link
Copy Markdown
Collaborator

@code-search-bot code-search-bot commented May 2, 2026

This PR combines 3 Dependabot PRs.

ℹ️ Details from merged PRs:

Details from Bump axum from 0.8.8 to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

  • added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
  • changed: Update minimum rust version to 1.80 (#3620)
  • fixed: Set connect endpoint on correct field in MethodRouter (#3656)
  • fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

Commits

Details from Bump reqwest from 0.13.2 to 0.13.3

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.
Commits

Details from Bump tokio from 1.51.1 to 1.52.1

Release notes

Sourced from tokio's releases.

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

  • runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

  • io: AioSource::register_borrowed for I/O safety support (#7992)
  • net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

  • runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
  • taskdump: add trace_with() for customized task dumps (#8025)
  • taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
  • fs: support io_uring in AsyncRead for File (#7907)

Changed

  • runtime: improve spawn_blocking scalability with sharded queue (#7757)
  • runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

  • runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

  • docs: fix typo in oneshot::Sender::send docs (#8026)
  • docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
  • net: add docs on ConnectionRefused errors with UDP sockets (#7870)

#7757: tokio-rs/tokio#7757 #7870: tokio-rs/tokio#7870 #7907: tokio-rs/tokio#7907 #7992: tokio-rs/tokio#7992 #8010: tokio-rs/tokio#8010 #8025: tokio-rs/tokio#8025 #8026: tokio-rs/tokio#8026 #8028: tokio-rs/tokio#8028 #8029: tokio-rs/tokio#8029

... (truncated)

Commits
  • 905c146 chore: prepare to release v1.52.1 (#8059)
  • 56aaa43 rt: revert #7757 to fix regression in spawn_blocking (#8057)
  • 57ff47a ci: update trybuild to expect output from rustc 1.95.0 (#8058)
  • 812de3e ci: bump taiki-e/cache-cargo-install-action from 1 to 3 (#8053)
  • ba82e73 ci: use Dependabot to keep github actions up to date (#8052)
  • 2e85f9d ci: replace cirrus-ci with freebsd-vm (#8041)
  • a7e1cd8 ci: update GitHub Actions workflows to use latest tool versions (#8047)
  • 5f7be0a chore: perpare 1.52.0 (#8045)
  • 36d12d2 taskdump: allow impl FnMut() in taskdumps instead of just fn() (#8040)
  • f943312 fs: support io-uring in AsyncRead for File (#7907)
  • Additional commits viewable in compare view

dependabot Bot and others added 6 commits May 2, 2026 05:02
@dependabot
Bump axum from 0.8.8 to 0.8.9
49da86d 
Bumps [axum](https://github.com/tokio-rs/axum) from 0.8.8 to 0.8.9.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](tokio-rs/axum@axum-v0.8.8...axum-v0.8.9)

---
updated-dependencies:
- dependency-name: axum
  dependency-version: 0.8.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump reqwest from 0.13.2 to 0.13.3
e2840ba 
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.13.2 to 0.13.3.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.13.2...v0.13.3)

---
updated-dependencies:
- dependency-name: reqwest
  dependency-version: 0.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump tokio from 1.51.1 to 1.52.1
20a0293 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.51.1 to 1.52.1.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.51.1...tokio-1.52.1)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.52.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@code-search-bot
Merge dependabot/cargo/axum-0.8.9 into combined-dependabot-20260502-0…
076cc95 
…72942
@code-search-bot
Merge dependabot/cargo/reqwest-0.13.3 into combined-dependabot-202605…
789030a 
…02-072942
@code-search-bot
Merge dependabot/cargo/tokio-1.52.1 into combined-dependabot-20260502…
9390afb 
…-072942
@code-search-bot code-search-bot requested a review from a team as a code owner May 2, 2026 07:29
Copilot AI review requested due to automatic review settings May 2, 2026 07:29
Copilot AI reviewed May 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR combines three Dependabot updates, refreshing core async/web dependencies used by the twirp crate and the workspace example while keeping the workspace lockfile in sync.

Changes:

  • Update tokio dependency requirement to ^1.52 in crates/twirp and example.
  • Update Cargo.lock to pick up axum 0.8.9, reqwest 0.13.3, and tokio 1.52.1.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File Description
example/Cargo.toml Bumps tokio version requirement for the workspace example binaries.
crates/twirp/Cargo.toml Bumps tokio version requirement for the published twirp crate.
Cargo.lock Updates resolved dependency versions/checksums for axum/reqwest/tokio.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@code-search-bot