Bump the "backend" group with 1 update across multiple ecosystems

[dependabot]

Bumps the backend group with 10 updates:

Package	From	To
askama	0.15.4	0.15.6
cached	0.56.0	0.59.0
clap	4.5.60	4.6.0
hmac	0.12.1	0.13.0
octocrab	0.49.5	0.49.7
sha2	0.10.9	0.11.0
tokio-postgres	0.7.16	0.7.17
tracing-subscriber	0.3.22	0.3.23
uuid	1.21.0	1.23.0
hyper	1.8.1	1.9.0

Updates askama from 0.15.4 to 0.15.6

Release notes

Sourced from askama's releases.

v0.15.6

What's Changed

• Correctly handle non-ident item in block error by @​GuillaumeGomez in askama-rs/askama#717
• Remove unnecessary .clone() by @​jplatte in askama-rs/askama#716
• Remove unused lifetime parameter on SyntaxAndCache by @​jplatte in askama-rs/askama#714
• Upgrade winnow to 1.0 by @​jplatte in askama-rs/askama#715

Full Changelog: askama-rs/askama@v0.15.5...v0.15.6

v0.15.5

What's Changed

• parser: reject non-ASCII characters in byte literals by @​Kijewski in askama-rs/askama#694
• parser: reject syntaxes that could cause catastrophic backtracking by @​Kijewski in askama-rs/askama#695
• Fix jinja macro arguments handling by @​GuillaumeGomez in askama-rs/askama#709
• Fix build determinism and macro path management by @​GuillaumeGomez and @​cgundy in askama-rs/askama#710

Full Changelog: askama-rs/askama@v0.15.4...v0.15.5

Commits

• 4260d0d Merge pull request #719 from GuillaumeGomez/update-crate-version
• 1471702 Update crate version to 0.15.6
• fb6f3fb Merge pull request #718 from GuillaumeGomez/improve-ui-tests
• 4f36391 Merge pull request #717 from GuillaumeGomez/fix-non-ident-block
• 1b4350b Update trybuild version to 1.0.116 to enforce diagnostics width
• 2ad677c Correctly handle non-ident item in block error
• 5e12585 Merge pull request #714 from jplatte/jplatte/lt-refactor
• 0ebfd0f Merge pull request #716 from jplatte/jplatte/clippy
• 3c0f1b0 Merge pull request #715 from jplatte/jplatte/winnow1
• acc29f3 Remove unnecessary .clone()
• Additional commits viewable in compare view

Updates cached from 0.56.0 to 0.59.0

Changelog

Sourced from cached's changelog.

[0.59.0 / [cached_proc_macro[0.27.0]]]

Added

Changed

• Fix examples/wasm build: add time_stores feature to the cached dependency (required when using default-features = false with TimedCache)

Removed

[0.58.0]

Added

• Add redis_async_cache feature for Redis client-side caching support via the RESP3 protocol

Changed

• Update redis to 1.0

Removed

[0.57.0 / [cached_proc_macro[0.26.0]]]

Added

• Add parking_lot dependency

Changed

• Switch to parking_lot's Mutex and RwLock in all macros.
• Remove unwrap() calls from lock operations.

Removed

Commits

• See full diff in compare view

Updates clap from 4.5.60 to 4.6.0

Changelog

Sourced from clap's changelog.

[4.6.0] - 2026-03-12

Compatibility

• Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

• Update dependencies

Commits

• 9ab6dee chore: Release
• 374a30d docs: Update changelog
• d0c8aab Merge pull request #6306 from epage/update
• 686ce2f chore: Upgrade compatible
• 8203238 Merge pull request #6305 from epage/msrv
• c774a89 docs: Reduce main's in doctests
• 73534f6 chore: Upgrade to 2025 edition
• dfe05a9 chore: Bump MSRV to 1.85
• 8b41d0b chore: Release
• 518220f docs: Update changelog
• Additional commits viewable in compare view

Updates hmac from 0.12.1 to 0.13.0

Commits

• 0236c8e hmac v0.13.0 (#263)
• b895e50 Migrate tests to the new blobby format (#264)
• 3d1440b Workspace-level lint configuration (#261)
• 11d4f36 hmac: use release versions of dev-dependencies (#260)
• c40b82b hmac: bump sha2 dev-dependency to v0.11 (#259)
• 1fa0781 Cut rc.5 prereleases (#258)
• a008265 hmac v0.13.0-rc.6 (#256)
• da485cd Use (Reset)MacTraits (#254)
• 2c51e3b hmac: derive Clone instead of relying on (Reset)MacTraits (#253)
• 669d805 Relax Clone bounds (#250)
• Additional commits viewable in compare view

Updates octocrab from 0.49.5 to 0.49.7

Release notes

Sourced from octocrab's releases.

v0.49.7

Added

• add missing waiting status to Status enum (#862)

Fixed

• (repos) create a repo variable doesn't take the name in the path (#865)

Other

• Extend get_content to allow requesting raw_files (#866)
• [retry/rate-limits] Add rate limit handling into the retry config (#869)
• Allow retry policy to run on GET requests (#867)

v0.49.6

Added

• (activity/starring) add list_repos_starred_by_user (#861)
• added undocumented events (#858)
• repository variables handler (#857)

Other

• Remove Lines Of Code badge from README
• Add Event::CopilotWorkStarted (#854)
• actualized Commit for GET /search/commits (#851)

Changelog

Sourced from octocrab's changelog.

0.49.7 - 2026-03-29

Added

• add missing waiting status to Status enum (#862)

Fixed

• (repos) create a repo variable doesn't take the name in the path (#865)

Other

• Extend get_content to allow requesting raw_files (#866)
• [retry/rate-limits] Add rate limit handling into the retry config (#869)
• Allow retry policy to run on GET requests (#867)

0.49.6 - 2026-03-23

Added

• (activity/starring) add list_repos_starred_by_user (#861)
• added undocumented events (#858)
• repository variables handler (#857)

Other

• Remove Lines Of Code badge from README
• Add Event::CopilotWorkStarted (#854)
• actualized Commit for GET /search/commits (#851)

Commits

• ad64898 chore: release v0.49.7 (#863)
• 127c44a fix(repos): create a repo variable doesn't take the name in the path (#865)
• d7eb503 Extend get_content to allow requesting raw_files (#866)
• de5f4a2 [retry/rate-limits] Add rate limit handling into the retry config (#869)
• 52deb8a Allow retry policy to run on GET requests (#867)
• af820e7 feat: add missing waiting status to Status enum (#862)
• 908472c chore: release v0.49.6 (#852)
• d33aeb3 feat(activity/starring): add list_repos_starred_by_user (#861)
• f33fbcf Remove Lines Of Code badge from README
• c5527e1 feat: added undocumented events (#858)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates tokio-postgres from 0.7.16 to 0.7.17

Release notes

Sourced from tokio-postgres's releases.

tokio-postgres v0.7.17

Added

• Added Client::execute_typed method.
• Added Client::query_typed_one and Client::query_typed_opt methods.
• Added GenericClient::execute_typed, GenericClient::query_typed_one, and GenericClient::query_typed_opt methods.
• Added Transaction::execute_typed, Transaction::query_typed_one, and Transaction::query_typed_opt methods.
• Added support for bit-vec 0.9 via the with-bit-vec-0_9 feature.

Changed

• Upgraded rand to 0.10.
• Upgraded to Rust edition 2024, minimum Rust version 1.85.

Commits

• 35a85bd Release tokio-postgres v0.7.17
• 64674ba Release postgres-types v0.2.13
• 40b760d Release postgres-derive v0.4.8
• 6c92298 Release postgres-protocol v0.6.11
• e088d7d style(clippy): fix clippy::useless_conversion
• 19897e8 build(deps): upgrade semver compatible Rust dependencies
• 2584926 build(deps): upgrade RustCrypto dependencies
• 10a7724 chore: add bit-vec v0.9 support
• 2853157 fix: cargo fmt --all
• c8f8993 feat: add rustfmt.toml for opiniated formatting
• Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.22 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

• Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

Commits

• 54ede4d chore: prepare tracing-subscriber 0.3.23 (#3490)
• 37558d5 subscriber: allow ansi sanitization to be disabled (#3484)
• efc690f core: add missing const (#3449)
• 0c32367 core: Use const initializers instead of once_cell
• 9feb241 docs: add arcswap reload crate to related (#3442)
• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• See full diff in compare view

Updates uuid from 1.21.0 to 1.23.0

Release notes

Sourced from uuid's releases.

v1.23.0

What's Changed

• feat: add support for 'hyphenated' format in the serde module by @​FrenchDilettante in uuid-rs/uuid#865
• Fix a number of bugs in time-related code by @​KodrAus in uuid-rs/uuid#872
• Reword invalid char error message by @​KodrAus in uuid-rs/uuid#873
• Impl cleanups by @​KodrAus in uuid-rs/uuid#874
• Use LazyLock to synchronize v1/v6 context initialization by @​KodrAus in uuid-rs/uuid#875
• Prepare for 1.23.0 release by @​KodrAus in uuid-rs/uuid#876

New Contributors

• @​FrenchDilettante made their first contribution in uuid-rs/uuid#865

Special thanks

@​meng-xu-cs raised a series of bugs against the timestamp logic in uuid using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better uuid library for everyone. Thanks!

Deprecations

This release includes the following deprecations:

• Context: Renamed to ContextV1
• Timestamp::from_gregorian: Renamed to Timestamp::from_gregorian_time

Change to Version::Max

Version::Max's u8 representation has changed from 0xff to 0x0f to match the value returned by Uuid::get_version_num.

Change to Uuid::get_version for the max UUID

Uuid::get_version will only return Some(Version::Max) if the UUID is actually the max UUID (all bytes are 0xff). Previously it would return Some if only the version field was 0x0f. This change matches the behaviour of the nil UUID, which only returns Some(Version::Nil) if the UUID is the nil UUID (all bytes are 0x00).

Full Changelog: uuid-rs/uuid@v1.22.0...v1.23.0

v1.22.0

What's Changed

• Default to rand 0.10 by @​haxtibal in uuid-rs/uuid#863
• Prepare for 1.22.0 release by @​KodrAus in uuid-rs/uuid#864

New Contributors

• @​haxtibal made their first contribution in uuid-rs/uuid#863

Full Changelog: uuid-rs/uuid@v1.21.0...v1.22.0

Commits

• 00ab922 Merge pull request #876 from uuid-rs/cargo/v1.23.0
• 726ba45 prepare for 1.23.0 release
• 996dade Merge pull request #875 from uuid-rs/fix/context-ordering
• e140479 simplify a use stmt
• 8ed9142 reorganize and document more v7 context internals
• e09a322 use LazyLock to synchronize v1/v6 context initialization
• 0f260cc Merge pull request #874 from uuid-rs/chore/impl-cleanups
• 1419e91 clean up and refactor main lib tests
• ceeaf4b ensure we don't overflow on counters less than 12
• 63bc8f5 Merge pull request #873 from uuid-rs/fix/error-msg
• Additional commits viewable in compare view

Updates hyper from 1.8.1 to 1.9.0

Release notes

Sourced from hyper's releases.

v1.9.0

Features

• client:
  • expose HTTP/2 current max stream count (#4026) (d51cb715)
  • add HTTP/2 max_local_error_reset_streams option (#4021) (57787459)
• error: add 'Error::is_parse_version_h2' method (393c77c7)
• http1: add UpgradeableConnection::into_parts (e21205cf)

Bug Fixes

• ffi: validate null pointers before dereferencing in request/response functions (#4038 (28e73ccd)
• http1:
  • allow keep-alive for chunked requests with trailers (#4043) (7211ec25, closes #4044)
  • use case-insensitive matching for trailer fields (#4011) (3b344cac, closes #4010)
  • use httparse config for Servers (#4002) (bcb8ec57, closes #3923)
• http2:
  • cancel sending client request body on response future drop (#4042) (5b17a69e, closes #4040)
  • non-utf8 char in Connection header may cause panic when calling to_str (#4019) (c36ca8a5)

Refactors and chores

• docs(error): add more information about is_incomplete_message by @​seanmonstar in hyperium/hyper#3978
• Run cargo-audit in CI to check for known vulnerabilities in dependencies. by @​f0rki in hyperium/hyper#3246
• refactor(http1): simplify match of Token parse error by @​seanmonstar in hyperium/hyper#3981
• refactor(http1): use saturating_sub instead of manual impl by @​seanmonstar in hyperium/hyper#3983
• refactor(http1): replace many args of Chunked::step with struct by @​seanmonstar in hyperium/hyper#3982
• docs: fix comment in put_slice() by @​coryan in hyperium/hyper#3986
• test(lib): fix unused warnings due to feature gating test imports by @​seanmonstar in hyperium/hyper#3997
• docs: improve Read trait and ReadBufCursor documentation by @​majiayu000 in hyperium/hyper#4000
• fix: use h1 parser config when parsing server req by @​0xPoe in hyperium/hyper#4002
• test(server): fix flaky disable_keep_alive_mid_request by @​seanmonstar in hyperium/hyper#4009
• chore(ci): update to actions/checkout@v6 by @​tottoto in hyperium/hyper#4005
• chore(ci): update to cargo-check-external-types 0.4.0 by @​tottoto in hyperium/hyper#4006
• update copyright year to 2026 by @​jasmyhigh in hyperium/hyper#4007
• refactor: avoid unwrap examples by @​0xPoe in hyperium/hyper#4001
• fix(http1): use case-insensitive matching for trailer fields by @​HueCodes in hyperium/hyper#4011
• chore: convert bug report template to GitHub form by @​njg7194 in hyperium/hyper#4015
• chore(ci): force toml mode in yq selecting msrv by @​seanmonstar in hyperium/hyper#4020
• fix: non-utf8 char may cause panic when calling to_str by @​cuiweixie in hyperium/hyper#4019
• feat(http2/client): add max_local_error_reset_streams option by @​ffuugoo in hyperium/hyper#4021
• chore: drop pin-utils dependency by @​tottoto in hyperium/hyper#4023
• [minor] doc: Fix HTTP/2 max concurrent stream link by @​dentiny in hyperium/hyper#4037
• fix(ffi): validate null pointers before dereferencing in request/resp… by @​DhruvaD1 in hyperium/hyper#4038
• h2: expose current max stream count by @​howardjohn in hyperium/hyper#4026
• fix(http1): allow keep-alive for chunked requests with trailers by @​wi-adam in hyperium/hyper#4043
• fix(http2): cancel pipe_task and send RST_STREAM on response future drop by @​mmishra100 in hyperium/hyper#4042
• Add APIs to allow switching an HTTP1 connection to HTTP2 if H2 preface is seen by @​pborzenkov in hyperium/hyper#3996

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.9.0 (2026-03-31)

Bug Fixes

• ffi: validate null pointers before dereferencing in request/response functions (#4038 (28e73ccd)
• http1:
  • allow keep-alive for chunked requests with trailers (#4043) (7211ec25, closes #4044)
  • use case-insensitive matching for trailer fields (#4011) (3b344cac, closes #4010)
  • use httparse config for Servers (#4002) (bcb8ec57, closes #3923)
• http2:
  • cancel sending client request body on response future drop (#4042) (5b17a69e, closes #4040)
  • non-utf8 char in Connection header may cause panic when calling to_str (#4019) (c36ca8a5)

Features

• client:
  • expose HTTP/2 current max stream count (#4026) (d51cb715)
  • add HTTP/2 max_local_error_reset_streams option (#4021) (57787459)
• error: add 'Error::is_parse_version_h2' method (393c77c7)
• http1: add UpgradeableConnection::into_parts (e21205cf)

Commits

• 0d6c7d5 v1.9.0
• e21205c feat(http1): add UpgradeableConnection::into_parts
• 393c77c feat(error): add 'Error::is_parse_version_h2' method
• 5b17a69 fix(http2): cancel sending client request body on response future drop (#4042)
• 7211ec2 fix(http1): allow keep-alive for chunked requests with trailers (#4043)
• d51cb71 feat(client): expose HTTP/2 current max stream count (#4026)
• 28e73cc fix(ffi): validate null pointers before dereferencing in request/response fun...
• e13e783 docs(client): fix HTTP/2 max concurrent stream link to spec (#4037)
• 8ba9008 chore(dependencies): drop pin-utils dependency (#4023)
• 5778745 feat(client): add HTTP/2 max_local_error_reset_streams option (#4021)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions