Skip to content

chore(deps): bump the rust-dependencies group with 3 updates#1626

Merged
chaliy merged 2 commits into
mainfrom
dependabot/cargo/rust-dependencies-981071eb89
May 16, 2026
Merged

chore(deps): bump the rust-dependencies group with 3 updates#1626
chaliy merged 2 commits into
mainfrom
dependabot/cargo/rust-dependencies-981071eb89

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026

Bumps the rust-dependencies group with 3 updates: tokio, getrandom and toml.

Updates tokio from 1.52.1 to 1.52.3

Release notes

Sourced from tokio's releases.

Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

  • sync: fix underflow in mpsc channel len() (#8062)
  • sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
  • sync: require that an RwLock has max_readers != 0 (#8076)
  • sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

#8062: tokio-rs/tokio#8062 #8074: tokio-rs/tokio#8074 #8075: tokio-rs/tokio#8075 #8076: tokio-rs/tokio#8076

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Commits

Updates getrandom from 0.3.4 to 0.4.2

Changelog

Sourced from getrandom's changelog.

0.4.2 - 2026-03-03

Changed

  • Bump r-efi dependency to v6 #814

Fixed

  • Read errno only when it is set #810
  • Check the return value of ProcessPrng on Windows #811

#810: rust-random/getrandom#810 #811: rust-random/getrandom#811 #814: rust-random/getrandom#814

0.4.1 - 2026-02-03

Fixed

  • Documentation build on docs.rs #801

#801: rust-random/getrandom#801

0.4.0 - 2026-02-02

Added

  • RawOsError type alias #739
  • SysRng behind new feature sys_rng #751
  • WASIp3 support #779
  • extern_impl opt-in backend #786 #794
  • Motor OS support #797

Changed

  • Use Edition 2024 and MSRV 1.85 #749

#739: rust-random/getrandom#739 #749: rust-random/getrandom#749 #751: rust-random/getrandom#751 #779: rust-random/getrandom#779 #786: rust-random/getrandom#786 #794: rust-random/getrandom#794 #797: rust-random/getrandom#797

Commits

Updates toml from 0.8.23 to 1.1.2+spec-1.1.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 11, 2026
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented May 11, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs		 bashkit 2c78999 Commit Preview URL

Branch Preview URL		 May 16 2026, 10:49 PM

dependabot Bot and others added 2 commits May 16, 2026 17:31
@dependabot @chaliy
chore(deps): bump the rust-dependencies group with 3 updates
abbe2a9 
Bumps the rust-dependencies group with 3 updates: [tokio](https://github.com/tokio-rs/tokio), [getrandom](https://github.com/rust-random/getrandom) and [toml](https://github.com/toml-rs/toml).


Updates `tokio` from 1.52.1 to 1.52.3
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.52.1...tokio-1.52.3)

Updates `getrandom` from 0.3.4 to 0.4.2
- [Changelog](https://github.com/rust-random/getrandom/blob/master/CHANGELOG.md)
- [Commits](rust-random/getrandom@v0.3.4...v0.4.2)

Updates `toml` from 0.8.23 to 1.1.2+spec-1.1.0
- [Commits](toml-rs/toml@toml-v0.8.23...toml-v1.1.2)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.52.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: getrandom
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-dependencies
- dependency-name: toml
  dependency-version: 1.1.2+spec-1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: rust-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@chaliy
chore(deps): add vet metadata for rust dependency bump
2c78999
@chaliy chaliy force-pushed the dependabot/cargo/rust-dependencies-981071eb89 branch from 98036fc to 2c78999 Compare May 16, 2026 22:48
@chaliy chaliy merged commit e2d9433 into main May 16, 2026
34 checks passed
@chaliy chaliy deleted the dependabot/cargo/rust-dependencies-981071eb89 branch May 16, 2026 22:58
chaliy added a commit that referenced this pull request May 17, 2026
@chaliy
revert: undo cargo update — vetting blocked, defer to dependabot
11b7ae8 
Reverts the lockfile portion of 1fa272b. CI's `cargo vet --locked`
fails with 29 unvetted dependencies for the patch bumps, which require
trusted-party certification imports that this branch can't perform
from the sandbox. Patch bumps will land via dependabot's weekly group
PRs (e.g. #1626) which already handle vet certification.

The deny.toml cleanup from 1fa272b stays — both `advisory-not-detected`
ignores are legitimately stale and the change is unrelated to vetting.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chaliy