build(deps): bump the cargo group across 1 directory with 2 updates

[dependabot]

Bumps the cargo group with 2 updates in the / directory: bytes and russh.

Updates bytes from 1.11.0 to 1.11.1

Release notes

Sourced from bytes's releases.

Bytes v1.11.1

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

Changelog

Sourced from bytes's changelog.

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

Commits

• 417dccd Release bytes v1.11.1 (#820)
• d0293b0 Merge commit from fork
• See full diff in compare view

Updates russh from 0.48.2 to 0.57.0

Release notes

Sourced from russh's releases.

v0.57.0

Fixes

• fdf2925: fixed #625 - rand crate breakage (#628) (Eugene) #628
  • Note that this bumps the internal rand-core dependency. The stable rand-core dependency is still re-exported as russh::keys::ssh_key::rand_core.
• e265845: Make Config accessor methods for user/port/host public (#620) (Adam Chappell) #620

v0.56.0

Changes

• f1e1e1a: Add server side ping (#610) (Mark Bundschuh) #610

Fixes

• de9a452: fixed #337, fixed #597 - upgrade rsa crate to mitigate Marvin attack (#613) (Eugene) #613
• 70cce56: fixed #611 - prevent extension algos from being selected as a real kex (#612) (Eugene) #612
• 372f387: Fix comments handling of russh_config::parse_ssh_config. (#609) (tayu0110) #609
• bbaf489: Clean up of known_hosts_path() (#605) (Roger Knecht) #605

v0.55.0

Changes

• kex: add shared secret retrieval and kex_done callback (#604) #604 (stevenparkerco3)
• 08e1007: Bump Rust edition (#587) #587
• Implement NamedPipes-based stream (#472) #472 (Adrian Müller (DTT))
• 63f779c: Error on unsupported authentication method instead of panicking (#600) (lgmugnier) #600
• 1332a31: Update generic-array from 0.14 to 1.x (#586) (Kenny Root) #586
• 4bf0a0d: Implement better error messages for invalid configs during ssh connection setup. (#589) (Lucy) #589

Fixes

• upgrade libcrux-ml-kem since 0.0.3 was yanked (#606) #606 (Gaëtan) / (#608) (Kenny Root) #608
• 5b0c70f: Fix clippy lints to fix CI (#596) (Lucas Kent) #596
• 79e76af: Remove unneeded deps (#595) (Lucas Kent) #595
• 7acf9c5: Resolve warning: macro-expanded 'macro_export' macros from the current crate cannot be referred to by absolute paths (#592) (iamjpotts) #592

v0.54.6

Commits

• 140e482: Add ML-KEM post-quantum hybrid key exchange support (#585) (Kenny Root)

v0.54.5

Changes

• 6878bf1: A send_ping method for measuring latency (#576) (Môshe van der Sterre) #576
• adhere to ssh_config more strictly (#570) #570 (Philippe Laflamme)

Fixes

• strict kex sequence number check should only apply to initial exchange (#577) #577 (Kenny Root)
• add compile_error! when no crypto backend is enabled (#569) #569 (DCjanus)
• use sha256 as the default hashing algorithm when running agent tests (#573) #573 (Simon THOBY)
• handle empty ssh config files (#578) #578 (Philippe Laflamme)
• b6a446d: Update globset in russh-config to 0.4 (#568) (Pierce Bartine) #568

... (truncated)

Commits

• 8844db4 v0.57.0
• fdf2925 fixed #625 - rand crate breakage (#628)
• e265845 Make Config accessor methods for user/port/host public (#620)
• 176b198 add cubic vm to the adopter list (#617)
• dbdac54 v0.56.0
• de9a452 fixed #337, fixed #597 - upgrade rsa crate to mitigate Marvin attack (#613)
• 8044e57 add rogkne as a contributor for code (#616)
• bbaf489 Clean up of known_hosts_path() (#605)
• d3a3b7e add tayu0110 as a contributor for code (#615)
• 372f387 Fix comments handling of russh_config::parse_ssh_config. (#609)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[avelino]

LGTM