build(deps): bump the minor-and-patch group across 1 directory with 14 updates

[dependabot]

Bumps the minor-and-patch group with 14 updates in the / directory:

Package	From	To
axum	0.8.8	0.8.9
tokio	1.50.0	1.52.2
uuid	1.23.0	1.23.1
utoipa	5.4.0	5.5.0
rand	0.9.2	0.9.4
redis	1.1.0	1.2.1
rustls	0.23.37	0.23.40
lettre	0.11.20	0.11.21
socketioxide	0.18.2	0.18.3
clap	4.6.0	4.6.1
aws-types	1.3.14	1.3.15
russh-sftp	2.1.1	2.1.2
hudsucker	0.24.0	0.24.1
serde_with	3.18.0	3.19.0

Updates axum from 0.8.8 to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

• added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
• changed: Update minimum rust version to 1.80 (#3620)
• fixed: Set connect endpoint on correct field in MethodRouter (#3656)
• fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

Commits

• c59208c revert axum-core changelog changes
• 99068f5 Revert "Fix IntoResponse for tuples overriding error response codes (#3603)"
• 23d7098 Revert "axum-core 0.5.6"
• e8a39ad axum-macros 0.5.1
• 6e9a249 axum-extra 0.12.6
• 0ec9041 axum 0.8.9
• c3fcebb axum-core 0.5.6
• a8790fc update release notes
• 26ba7bb docs: consolidate state management docs in crate root (#3683)
• 9fc59ef Update to tokio-tungstenite 0.29 (#3689)
• Additional commits viewable in compare view

Updates tokio from 1.50.0 to 1.52.2

Release notes

Sourced from tokio's releases.

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

• runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

Changed

• runtime: improve spawn_blocking scalability with sharded queue (#7757)
• runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

• runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

• docs: fix typo in oneshot::Sender::send docs (#8026)
• docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
• net: add docs on ConnectionRefused errors with UDP sockets (#7870)

... (truncated)

Commits

• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• f82bcf3 Merge 'tokio-1.51.2' into 'tokio-1.52.x' (#8114)
• 7db9bc4 test: revert "remove churn() task from lifo_stealable" (#8114)
• 64834ec chore: prepare Tokio v1.51.2 (#8113)
• 967f571 runtime: revert "steal tasks from the LIFO slot" (#8100)
• 9271e3e Merge tokio-1.51.x (for #8101) into tokio-1.52.x (#8106)
• cd1823f Revert "Pin stable to 1.94 for tokio-1.51.x" (#8106)
• a97cf12 Merge tokio-1.47.x (commit 670a907c55c7) into tokio-1.51.x (#8105)
• bde3f20 Pin stable to 1.94 for tokio-1.51.x (#8105)
• 670a907 ci: fix CI on tokio-1.47.x (#8101)
• Additional commits viewable in compare view

Updates uuid from 1.23.0 to 1.23.1

Release notes

Sourced from uuid's releases.

v1.23.1

What's Changed

• Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
• fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
• Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

• @​guybedford made their first contribution in uuid-rs/uuid#877
• @​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

Commits

• ca0c85f Merge pull request #879 from uuid-rs/cargo/v1.23.1
• b4db015 prepare for 1.23.1 release
• 771069d Merge pull request #878 from aznashwan/fix-from-gregorian-deprecation-note
• 80994a2 fix: Timestamp::from_gregorian deprecation note
• 90c5be8 Merge pull request #877 from guybedford/remove-wasm-bindgen-msrv
• 8b8c4f4 Remove deprecated feature from wasm-bindgen dependency
• See full diff in compare view

Updates utoipa from 5.4.0 to 5.5.0

Release notes

Sourced from utoipa's releases.

utoipa-5.5.0

What's New 💎 🆕 🎉

• (2492086) Update next release @​juhaku
• (eb520dc) ignore really ignores! (#1500) @​omid
• (7d0d0be) Add support for jiff::Timestamp (#1416) @​paolobarbolini
• (cdff007) Fix typos (#1497) @​jayvdb

Full change log

utoipa-gen-5.5.0

What's New 💎 🆕 🎉

• (2492086) Update next release @​juhaku
• (eb520dc) ignore really ignores! (#1500) @​omid
• (8e6e6ee) Support servers in path macro (#1293) @​infiniteregrets
• (7d0d0be) Add support for jiff::Timestamp (#1416) @​paolobarbolini
• (b07397d) Add serde to the helper attributes for ToSchema (#1472) @​zackyancey
• (8d006bc) Fix: Refactor to avoid clippy::needless_for_each warning in derive(OpenApi) (#1423) @​raimannma
• (cdff007) Fix typos (#1497) @​jayvdb

Full change log

Commits

• 2492086 Update next release
• eb520dc ignore really ignores! (#1500)
• 9cd3ce9 Chore migrate to justfile (#1542)
• 8e6e6ee Support servers in path macro (#1293)
• 7d0d0be Add support for jiff::Timestamp (#1416)
• b07397d Add serde to the helper attributes for ToSchema (#1472)
• 8d006bc Fix: Refactor to avoid clippy::needless_for_each warning in derive(OpenApi) (...
• cdff007 Fix typos (#1497)
• See full diff in compare view

Updates rand from 0.9.2 to 0.9.4

Changelog

Sourced from rand's changelog.

[0.9.4] — 2026-04-13

Fixes

• Fix doc build (#1766)

#1766: rust-random/rand#1766

[0.9.3] — 2026-04-11

This release back-ports a fix from v0.10. See also #1763.

Changes

• Deprecate feature log (#1764)
• Replace usages of doc_auto_cfg (#1764)

#1763: rust-random/rand#1763

Commits

• ba4c4c6 Prepare v0.9.4: fix doc build (#1766)
• 4b8b686 Document new error-handling behaviour for ReseedingRng
• 6c25c6d Prepare v0.9.4: fix doc build
• 1aeee9f Prepare v0.9.3: deprecate feature log (#1764)
• 98473ee Prepare rand 0.9.2 (#1648)
• 031a1f5 examples/print-next.rs (#1647)
• 6cb75ee Make UniformUsize serializable (#1646)
• 0c955c5 Add some tests for BlockRng, BlockRng64 and Xoshiro RNGs (#1639)
• 204084a Fix: Remove accidental editor swap file (#1636)
• 86262ac Deprecate rand::rngs::mock module and StepRng (#1634)
• Additional commits viewable in compare view

Updates redis from 1.1.0 to 1.2.1

Release notes

Sourced from redis's releases.

redis-1.2.1

Changes & Bug fixes

• commands: Stop double-take-ing for mset (#2043 by @​somechris)
• json: Stop double-wrapping commands in RedisResult (#2042 by @​somechris)
• ValueType: Add missing possible types (#2030 by @​somechris)
• Stream idempotent producers (at-most-once guarantee) (#2032 by @​StefanPalashev)
• Improve streaming auth error handling (#2021 by @​alexcole)
• feat: add Slot type and functions to create Slot / Route with key (#2047 by @​anatawa12)
• Fix async connection handling to avoid TCP deadlocks (#2070 by @​PDXKimani)

CI improvements

• ci: Bump Redis/Valkey versions (#2035 by @​somechris)
• ci: Clarify how databases get selected (#2040 by @​somechris)
• README: Declare "supported" versions (#2034 by @​somechris)
• Add EntraID integration tests for OSS cluster API (#2050 by @​StefanPalashev)
• fix new nightly lint & fmt (#2052 by @​nihohit)
• log sentinel test startup failures. (#2062 by @​nihohit)

redis-1.2.0

What's Changed

• feat: support custom TcpSettings on sentinel client by @​hugobpx in redis-rs/redis-rs#2016
• Attempt to Fix CI by @​nihohit in redis-rs/redis-rs#2017
• Add lazy instantiation to the connection manager. by @​nihohit in redis-rs/redis-rs#2022
• Bump async-io from 2.4.0 to 2.6.0 by @​dependabot[bot] in redis-rs/redis-rs#2029
• Bump env_logger from 0.11.8 to 0.11.10 by @​dependabot[bot] in redis-rs/redis-rs#2027
• Bump itoa from 1.0.17 to 1.0.18 by @​dependabot[bot] in redis-rs/redis-rs#2026
• Bump async-trait from 0.1.88 to 0.1.89 by @​dependabot[bot] in redis-rs/redis-rs#2025
• Bump tokio-util from 0.7.17 to 0.7.18 by @​dependabot[bot] in redis-rs/redis-rs#2023
• Add strategies for routing reads to cluster replicas by @​PDXKimani in redis-rs/redis-rs#1985
• Bump anyhow from 1.0.100 to 1.0.102 by @​dependabot[bot] in redis-rs/redis-rs#2024
• README: Add stanza about AI contributions by @​somechris in redis-rs/redis-rs#2033
• Don't compile tokio runtime when using smol by @​cstyles in redis-rs/redis-rs#2036

New Contributors

• @​cstyles made their first contribution in redis-rs/redis-rs#2036

Full Changelog: redis-rs/redis-rs@redis-1.1.0...redis-1.2.0

Commits

• a6608fd Prepare new version (#2074)
• 7e063ff Fix async connection handling to avoid TCP deadlocks (#2070)
• 7adf964 Bump hashbrown from 0.16.1 to 0.17.0 (#2068)
• 78693ac Bump tokio from 1.49.0 to 1.50.0 (#2067)
• 5ed93d6 Bump quickcheck from 1.0.3 to 1.1.0 (#2066)
• 1cbb4f6 Bump arc-swap from 1.8.2 to 1.9.1 (#2065)
• a141fff Bump rust_decimal from 1.39.0 to 1.41.0 (#2064)
• a113ee7 Bump quote from 1.0.44 to 1.0.45 (#2063)
• ef68835 log sentinel test startup failures. (#2062)
• cddd795 feat: add Slot type and functions to create Slot / Route with key (#2047)
• Additional commits viewable in compare view

Updates rustls from 0.23.37 to 0.23.40

Commits

• b44c09f Prepare 0.23.40
• e7a555f Prefer Ord::max to core::cmp
• c0005be ech: base inner name padding on actual extension
• 4e49529 ech: test inner name padding
• 3e06ef1 ech: add both name and "gross" padding
• c574ffd ech: avoid short-lived allocation for padding
• 8bf935c ech: pop comment from match arm
• 9088004 ech: expand maximum_name_length to usize ASAP
• a612901 Default require_ems based on CryptoProvider FIPS status
• 0541605 Cargo: version 0.23.38 -> 0.23.39
• Additional commits viewable in compare view

Updates lettre from 0.11.20 to 0.11.21

Release notes

Sourced from lettre's releases.

v0.11.21

Features

• Add rustls-no-provider support (#1134)
• Add message_iter to AsyncConnection and Connection (#1116)

Changelog

Sourced from lettre's changelog.

v0.11.21 (2026-04-04)

Features

• Add rustls-no-provider support (#1134)
• Add message_iter to AsyncConnection and Connection (#1116)

#1116: lettre/lettre#1116 #1134: lettre/lettre#1134

Commits

• 1ab3a65 Prepare v0.11.21
• 396a242 feat: add rustls-no-provider support
• 3722083 feat(transport-smtp): add message_iter to AsyncConnection and Connection
• See full diff in compare view

Updates socketioxide from 0.18.2 to 0.18.3

Release notes

Sourced from socketioxide's releases.

socketioxide-v0.18.3

Changelog

• fix: race condition when emitting with acknowledgement.
• feat: expose global configured ack timeout to adapter implementations

What's Changed

• chore(deps): bump futures-core from 0.3.31 to 0.3.32 by @​dependabot[bot] in Totodore/socketioxide#672
• chore(deps): bump futures-util from 0.3.31 to 0.3.32 by @​dependabot[bot] in Totodore/socketioxide#673
• chore(deps): bump redis from 1.0.3 to 1.0.4 by @​dependabot[bot] in Totodore/socketioxide#674
• chore(deps): bump tokio from 1.49.0 to 1.50.0 by @​dependabot[bot] in Totodore/socketioxide#676
• chore(deps): bump redis from 1.0.4 to 1.0.5 by @​dependabot[bot] in Totodore/socketioxide#677
• chore(deps): bump quinn-proto from 0.11.13 to 0.11.14 in /examples by @​dependabot[bot] in Totodore/socketioxide#678
• chore(deps): bump salvo from 0.88.1 to 0.89.3 in /examples by @​dependabot[bot] in Totodore/socketioxide#682
• chore(deps): bump tokio-tungstenite from 0.28.0 to 0.29.0 by @​dependabot[bot] in Totodore/socketioxide#680
• chore(deps): bump rustls-webpki from 0.103.4 to 0.103.10 by @​dependabot[bot] in Totodore/socketioxide#684
• chore(deps): bump rustls-webpki from 0.103.8 to 0.103.10 in /examples by @​dependabot[bot] in Totodore/socketioxide#685
• chore(deps): bump redis from 1.0.5 to 1.1.0 by @​dependabot[bot] in Totodore/socketioxide#686
• chore(deps): bump unicode-segmentation from 1.12.0 to 1.13.2 by @​dependabot[bot] in Totodore/socketioxide#688
• chore(deps): bump hyper from 1.8.1 to 1.9.0 by @​dependabot[bot] in Totodore/socketioxide#691
• chore(clippy): improve clippy lints by @​Totodore in Totodore/socketioxide#690
• chore(deps): bump example deps by @​Totodore in Totodore/socketioxide#692
• fix(ci): add socketioxide-mongodb to feature flag tests by @​Totodore in Totodore/socketioxide#693
• feat(ci): dependabot for gh actions by @​Totodore in Totodore/socketioxide#694
• chore(deps): bump actions/setup-node from 4 to 6 by @​dependabot[bot] in Totodore/socketioxide#695
• chore(deps): bump actions/cache from 4 to 5 by @​dependabot[bot] in Totodore/socketioxide#699
• chore(deps): bump github/codeql-action from 3 to 4 by @​dependabot[bot] in Totodore/socketioxide#698
• chore(deps): bump actions/upload-artifact from 4 to 7 by @​dependabot[bot] in Totodore/socketioxide#697
• chore(deps): bump actions/checkout from 4 to 6 by @​dependabot[bot] in Totodore/socketioxide#696
• chore(deps): bump hoverkraft-tech/compose-action from 2.0.2 to 2.5.0 by @​dependabot[bot] in Totodore/socketioxide#705
• chore(deps): bump tokio from 1.50.0 to 1.51.1 by @​dependabot[bot] in Totodore/socketioxide#704
• chore(deps): bump matchit from 0.9.1 to 0.9.2 by @​dependabot[bot] in Totodore/socketioxide#703
• chore(deps): bump redis from 1.1.0 to 1.2.0 by @​dependabot[bot] in Totodore/socketioxide#702
• fix(socketio): emit with ack race cond by @​Totodore in Totodore/socketioxide#708
• fix(clippy): remove global missing docs lint by @​Totodore in Totodore/socketioxide#707
• fix(ci): breaking change on mode parameter for the codspeed action by @​Totodore in Totodore/socketioxide#706
• fix(socketio): concurrent acknowledgement timeouts by @​Totodore in Totodore/socketioxide#709

Full Changelog: Totodore/socketioxide@socketioxide-v0.18.2...socketioxide-v0.18.3

Commits

• e250da1 fix(socketio): concurrent acknowledgement timeouts (#709)
• 190b0a3 fix(ci): breaking change on mode parameter for the codspeed action (#706)
• 34db210 fix(clippy): remove global missing docs lint (#707)
• dd9d7fb fix(socketio): emit with ack race cond (#708)
• 9fd9181 chore(deps): bump redis from 1.1.0 to 1.2.0 (#702)
• edd0ab8 chore(deps): bump matchit from 0.9.1 to 0.9.2 (#703)
• 44caced chore(deps): bump tokio from 1.50.0 to 1.51.1 (#704)
• eb1a18a chore(deps): bump hoverkraft-tech/compose-action from 2.0.2 to 2.5.0 (#705)
• cc21d87 chore(deps): bump actions/checkout from 4 to 6 (#696)
• 15f4948 chore(deps): bump actions/upload-artifact from 4 to 7 (#697)
• Additional commits viewable in compare view

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates aws-types from 1.3.14 to 1.3.15

Commits

• See full diff in compare view

Updates russh-sftp from 2.1.1 to 2.1.2

Commits

• See full diff in compare view

Updates hudsucker from 0.24.0 to 0.24.1

Release notes

Sourced from hudsucker's releases.

v0.24.1

• Additional From<T> impls for Body
  • From<Box<[u8]>>
  • From<Vec<u8>>
  • From<Bytes>
• Avoid Bytes when reading from upgraded connection
• Capture errors as named attributes in traces
• Update rand

Commits

• 6bfc337 chore: bump version
• a7da03b Merge pull request #178 from omjadas/dependabot/github_actions/Swatinem/rust-...
• 08ec299 chore(deps): bump Swatinem/rust-cache from 2.8.2 to 2.9.1
• 4bb77dd Merge pull request #172 from omjadas/dependabot/cargo/rand-0.10.0
• 50aee0c chore(deps): update rand requirement from 0.9.0 to 0.10.0
• b8e6220 chore: don't emit events for shutdown/unexpected eof when serving stream
• e38c068 chore: capture errors as named attributes
• 1bed8cf perf: avoid Bytes when reading from upgraded connection
• 56684ce feat: additional From impls for Body
• 27617ef Merge pull request #167 from omjadas/dependabot/github_actions/Swatinem/rust-...
• Additional commits viewable in compare view

Updates serde_with from 3.18.0 to 3.19.0

Release notes

Sourced from serde_with's releases.

serde_with v3.19.0

Added

• Add support for hashbrown v0.17 (#940)

  This extends the existing support for hashbrown to the newly released version.

Commits

• b4cbda0 Bump version to 3.19.0. (#942)
• 727de67 Bump version to 3.19.0.
• 2d4f83d Add support for hashbrown 0.17.0 (#941)
• 79262f4 Add support for hashbrown 0.17.0
• 6e286a3 Bump the github-actions group with 2 updates (#937)
• 1bdf8a2 Bump the github-actions group with 2 updates
• 1e9f316 Bump rust-lang/crates-io-auth-action from 1.0.3 to 1.0.4 in the github-action...
• f7aaca9 Bump rust-lang/crates-io-auth-action in the github-actions group
• 652dc89 Autofix GitHub Actions issue found by zizmor (#934)
• d884e01 Update pre-commit configuration (#933)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[deepsource-io]

DeepSource Code Review

We reviewed changes in 1b7d9dd...9733dba on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade

Security   Reliability   Complexity   Hygiene

Code Review Summary

Analyzer	Status	Updated (UTC)	Details
JavaScript		May 4, 2026 9:49p.m.	Review ↗
Docker		May 4, 2026 9:49p.m.	Review ↗
Rust		May 4, 2026 9:49p.m.	Review ↗
Shell		May 4, 2026 9:49p.m.	Review ↗

---

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.