deps(rust): bump the rust-all group across 1 directory with 19 updates

[dependabot]

Bumps the rust-all group with 19 updates in the / directory:

Package	From	To
tokio	1.51.1	1.52.2
thiserror	1.0.69	2.0.18
clap	4.6.0	4.6.1
libc	0.2.184	0.2.186
base64	0.21.7	0.22.1
syslog	6.1.1	7.0.0
gethostname	0.4.3	1.1.0
getrandom	0.3.4	0.4.2
sha1	0.10.6	0.11.0
sha2	0.10.9	0.11.0
hmac	0.12.1	0.13.0
data-encoding	2.10.0	2.11.0
uuid	1.23.0	1.23.1
ml-dsa	0.1.0-rc.8	0.1.0-rc.9
directories	5.0.1	6.0.0
dirs	5.0.1	6.0.0
open	5.3.3	5.3.4
rpassword	7.4.0	7.5.2
tss-esapi	7.6.0	7.7.0

Updates tokio from 1.51.1 to 1.52.2

Release notes

Sourced from tokio's releases.

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

• runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

Changed

• runtime: improve spawn_blocking scalability with sharded queue (#7757)
• runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

• runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

• docs: fix typo in oneshot::Sender::send docs (#8026)
• docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
• net: add docs on ConnectionRefused errors with UDP sockets (#7870)

... (truncated)

Commits

• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• f82bcf3 Merge 'tokio-1.51.2' into 'tokio-1.52.x' (#8114)
• 7db9bc4 test: revert "remove churn() task from lifo_stealable" (#8114)
• 64834ec chore: prepare Tokio v1.51.2 (#8113)
• 967f571 runtime: revert "steal tasks from the LIFO slot" (#8100)
• 9271e3e Merge tokio-1.51.x (for #8101) into tokio-1.52.x (#8106)
• cd1823f Revert "Pin stable to 1.94 for tokio-1.51.x" (#8106)
• a97cf12 Merge tokio-1.47.x (commit 670a907c55c7) into tokio-1.51.x (#8105)
• bde3f20 Pin stable to 1.94 for tokio-1.51.x (#8105)
• 670a907 ci: fix CI on tokio-1.47.x (#8101)
• Additional commits viewable in compare view

Updates thiserror from 1.0.69 to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

• Make compatible with project-level needless_lifetimes = "forbid" (#443, thanks @​LucaCappelletti94)

2.0.17

• Use differently named __private module per patch release (#434)

2.0.16

• Add to "no-std" crates.io category (#429)

2.0.15

• Prevent Error::provide API becoming unavailable from a future new compiler lint (#427)

2.0.14

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#426)

2.0.13

• Documentation improvements

2.0.12

• Prevent elidable_lifetime_names pedantic clippy lint in generated impl (#413)

2.0.11

• Add feature gate to tests that use std (#409, #410, thanks @​Maytha8)

2.0.10

• Support errors containing a generic type parameter's associated type in a field (#408)

2.0.9

• Work around missing_inline_in_public_items clippy restriction being triggered in macro-generated code (#404)

2.0.8

• Improve support for macro-generated derive(Error) call sites (#399)

2.0.7

• Work around conflict with #[deny(clippy::allow_attributes)] (#397, thanks @​zertosh)

2.0.6

• Suppress deprecation warning on generated From impls (#396)

2.0.5

• Prevent deprecation warning on generated impl for deprecated type (#394)

2.0.4

• Eliminate needless_lifetimes clippy lint in generated From impls (#391, thanks @​matt-phylum)

2.0.3

• Support the same Path field being repeated in both Debug and Display representation in error message (#383)
• Improve error message when a format trait used in error message is not implemented by some field (#384)

2.0.2

... (truncated)

Commits

• dc0f6a2 Release 2.0.18
• 0275292 Touch up PR 443
• 3c33bc6 Merge pull request #443 from LucaCappelletti94/master
• 995939c Reproduce issue 442
• 21653d1 Made clippy lifetime allows conditional
• 45e5388 Update actions/upload-artifact@v5 -> v6
• 386aac1 Update actions/upload-artifact@v4 -> v5
• ec50561 Update actions/checkout@v5 -> v6
• 247eab5 Update name of empty_enum clippy lint
• 91b181f Raise required compiler to Rust 1.68
• Additional commits viewable in compare view

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates libc from 0.2.184 to 0.2.186

Release notes

Sourced from libc's releases.

0.2.186

Added

• Apple: Add KEVENT_FLAG_* constants (#5070)
• Linux: Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE (#5060)

Changed

• CI: Migrate FreeBSD CI from Cirrus CI to GitHub Actions (#5058)

0.2.185

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Changelog

Sourced from libc's changelog.

0.2.186 - 2026-04-24

Added

• Apple: Add KEVENT_FLAG_* constants (#5070)
• Linux: Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE (#5060)

Changed

• CI: Migrate FreeBSD CI from Cirrus CI to GitHub Actions (#5058)

0.2.185 - 2026-04-13

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Commits

• 42620ff [0.2] libc: Release 0.2.186
• 9db2eaa apple: add KEVENT_FLAG_* constants
• 3840939 Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE for linux
• f697deb chore: migrate from Cirrus CI to GHA
• 71d5bfc libc: Release 0.2.185
• 1027d1c Revert "ci: Pin nightly to 2026-04-01"
• 0e9c6e5 redox: Add semaphore functions
• 24ef457 feat: add back support for gnu windows x86 in ci
• aa75caf horizon: Change POLL constants from c_short to c_int
• b7eda5a hexagon: add missing constants and fix types for linux-musl
• Additional commits viewable in compare view

Updates base64 from 0.21.7 to 0.22.1

Changelog

Sourced from base64's changelog.

0.22.1

• Correct the symbols used for the predefined alphabet::BIN_HEX.

0.22.0

• DecodeSliceError::OutputSliceTooSmall is now conservative rather than precise. That is, the error will only occur if the decoded output cannot fit, meaning that Engine::decode_slice can now be used with exactly-sized output slices. As part of this, Engine::internal_decode now returns DecodeSliceError instead of DecodeError, but that is not expected to affect any external callers.
• DecodeError::InvalidLength now refers specifically to the number of valid symbols being invalid (i.e. len % 4 == 1), rather than just the number of input bytes. This avoids confusing scenarios when based on interpretation you could make a case for either InvalidLength or InvalidByte being appropriate.
• Decoding is somewhat faster (5-10%)

Commits

• e144006 v0.22.1
• 64cca59 Merge pull request #271 from JobanSD/patch-1
• 838355e Correct BinHex 4.0 alphabet according to specifications
• bf15ccf Merge pull request #270 from marshallpierce/mp/clippy
• fc6aabe Appease clippy
• 9a518a2 Merge pull request #267 from bdura/patch-1
• d96c80f Merge branch 'marshallpierce:master' into patch-1
• 5d70ba7 Merge pull request #269 from marshallpierce/mp/decode-precisely
• efb6c00 Release notes
• 2b91084 Add some tests to boost coverage
• Additional commits viewable in compare view

Updates syslog from 6.1.1 to 7.0.0

Commits

• 55c578d 7.0.0
• 264a7df lint
• 11ac1bf support different types for UDP address arguments
• 080cc90 Fix flaky tests
• 2f528da add tests
• effdbc6 remove old build and coverage status
• 8d47004 fix build status
• 4764a70 README and copyright updates
• 4d5513f Merge pull request #88 from Geal/setup-coverage
• 9e03a8b set up code coverage
• Additional commits viewable in compare view

Updates gethostname from 0.4.3 to 1.1.0

Updates getrandom from 0.3.4 to 0.4.2

Changelog

Sourced from getrandom's changelog.

0.4.2 - 2026-03-03

Changed

• Bump r-efi dependency to v6 #814

Fixed

• Read errno only when it is set #810
• Check the return value of ProcessPrng on Windows #811

#810: rust-random/getrandom#810 #811: rust-random/getrandom#811 #814: rust-random/getrandom#814

0.4.1 - 2026-02-03

Fixed

• Documentation build on docs.rs #801

#801: rust-random/getrandom#801

0.4.0 - 2026-02-02

Added

• RawOsError type alias #739
• SysRng behind new feature sys_rng #751
• WASIp3 support #779
• extern_impl opt-in backend #786 #794
• Motor OS support #797

Changed

• Use Edition 2024 and MSRV 1.85 #749

#739: rust-random/getrandom#739 #749: rust-random/getrandom#749 #751: rust-random/getrandom#751 #779: rust-random/getrandom#779 #786: rust-random/getrandom#786 #794: rust-random/getrandom#794 #797: rust-random/getrandom#797

Commits

• 4d82673 Release v0.4.2 (#821)
• 158fdd4 build(deps): bump the all-deps group with 3 updates (#818)
• 5b0adcc changelog: fix Motor OS PR link (#816)
• f19d321 changelog: move version links to relevant sections (#815)
• b83c779 Avoid accessing errno on unexpected return values. (#810)
• 3d1b151 Update r-efi to v6 (#814)
• 73c17f7 windows: check return value of ProcessPrng (#811)
• 7589557 Update Cargo.lock (#809)
• 6dfd5cb Unify lazy types (#804)
• 5e6b022 Update Cargo.lock (#806)
• Additional commits viewable in compare view

Updates sha1 from 0.10.6 to 0.11.0

Commits

• 2f00175 Release sha1 v0.11.0 (#810)
• 07d370c sha1: refactor backends selection (#808)
• 7c7cb76 Fix md5 project link in README (#809)
• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates hmac from 0.12.1 to 0.13.0

Commits

• 0236c8e hmac v0.13.0 (#263)
• b895e50 Migrate tests to the new blobby format (#264)
• 3d1440b Workspace-level lint configuration (#261)
• 11d4f36 hmac: use release versions of dev-dependencies (#260)
• c40b82b hmac: bump sha2 dev-dependency to v0.11 (#259)
• 1fa0781 Cut rc.5 prereleases (#258)
• a008265 hmac v0.13.0-rc.6 (#256)
• da485cd Use (Reset)MacTraits (#254)
• 2c51e3b hmac: derive Clone instead of relying on (Reset)MacTraits (#253)
• 669d805 Relax Clone bounds (#250)
• Additional commits viewable in compare view

Updates data-encoding from 2.10.0 to 2.11.0

Commits

• b4d20e0 Release 2.11.0 (#155)
• d354bb2 Add interpretation function from byte to character (#154)
• See full diff in compare view

Updates uuid from 1.23.0 to 1.23.1

Release notes

Sourced from uuid's releases.

v1.23.1

What's Changed

• Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
• fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
• Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

• @​guybedford made their first contribution in uuid-rs/uuid#877
• @​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

Commits

• ca0c85f Merge pull request #879 from uuid-rs/cargo/v1.23.1
• b4db015 prepare for 1.23.1 release
• 771069d Merge pull request #878 from aznashwan/fix-from-gregorian-deprecation-note
• 80994a2 fix: Timestamp::from_gregorian deprecation note
• 90c5be8 Merge pull request #877 from guybedford/remove-wasm-bindgen-msrv
• 8b8c4f4 Remove deprecated feature from wasm-bindgen dependency
• See full diff in compare view

Updates ml-dsa from 0.1.0-rc.8 to 0.1.0-rc.9

Commits

• 58bae19 Cut new prereleases (#1319)
• 2eadc3c ml-dsa: bump module-lattice to v0.2.2 (#1318)
• 452633d ecdsa: bump elliptic-curve to v0.14.0-rc.32 (#1317)
• 86c035a Bump pkcs8 dependency to v0.11 (#1316)
• f873b8e build(deps): bump hybrid-array from 0.4.10 to 0.4.11 (#1314)
• d8b1875 Bump pkcs8 to v0.11.0-rc.12 (#1312)
• 00e6eed build(deps): bump typenum from 1.19.0 to 1.20.0 (#1306)
• f93d502 ml-dsa: fix unreachable_pub lint by making Eta pub (#1311)
• 0efe0f8 ecdsa: use absolute 128-bit floor for bits2field (#1310)
• f467f70 ecdsa v0.17.0-rc.17 (#1304)
• Additional commits viewable in compare view

Updates directories from 5.0.1 to 6.0.0

Commits

• See full diff in compare view

Updates dirs from 5.0.1 to 6.0.0

Commits

• See full diff in compare view

Updates open from 5.3.3 to 5.3.4

Release notes

Sourced from open's releases.

v5.3.4

Bug Fixes

• align with_detached() implementation with with() On macOS, /usr/bin/open is natively detached. This commit changes with_detached to use the same logic as with() .avoid double detachment to prevent silent failure

Commit Statistics

• 6 commits contributed to the release.
• 1 commit was understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Thanks Clippy

Clippy helped 1 time to make code idiomatic.

Commit Details

• Uncategorized
  • Merge pull request #119 from benzeneringlq/fix-macos-detach-silent-failure (7db5738)
  • Align with_detached() implementation with with() (8e122d4)
  • Merge pull request #117 from ChrisDenton/absolute (20ea175)
  • Thanks clippy (on Windows) (7faae87)
  • Enable clippy deny on CI, with all features, but allow incompatible MRSV there (1ab9c47)
  • Use absolute instead of canonicalize (5604cee)

Changelog

Sourced from open's changelog.

5.3.4 (2026-04-19)

Bug Fixes

• align with_detached() implementation with with() On macOS, /usr/bin/open is natively detached. This commit changes with_detached to use the same logic as with() .avoid double detachment to prevent silent failure

Commit Statistics

• 6 commits contributed to the release.
• 1 commit was understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Thanks Clippy

Clippy helped 1 time to make code idiomatic.

Commit Details

• Uncategorized
  • Merge pull request #119 from benzeneringlq/fix-macos-detach-silent-failure (7db5738)
  • Align with_detached() implementation with with() (8e122d4)
  • Merge pull request #117 from ChrisDenton/absolute (20ea175)
  • Thanks clippy (on Windows) (7faae87)
  • Enable clippy deny on CI, with all features, but allow incompatible MRSV there (1ab9c47)
  • Use absolute instead of canonicalize (5604cee)

Commits

• 7bd519c Release open v5.3.4
• 7db5738 Merge pull request #119 from benzeneringlq/fix-macos-detach-silent-failure
• 8e122d4 fix(macos): align with_detached() implementation with with()
• 20ea175 Merge pull request #117 from ChrisDenton/absolute
• 7faae87 Thanks clippy (on Windows)
• 1ab9c47 Enable clippy deny on CI, with all features, but allow incompatible MRSV there
• 5604cee Use absolute instead of canonicalize
• See full diff in compare view

Updates rpassword from 7.4.0 to 7.5.2

Release notes

Sourced from rpassword's releases.

v7.5.2

Fixes a Unicode parsing bug which could lead to unwarranted panic (conradkleinespel/rpassword@6c19a1e).

Backwards compatible. No breaking change.

v7.5.1

This release fixes a cross-platform compilation issue that appeared in v.7.5.0 (conradkleinespel/rpassword@60ee071).

Thanks @​aharpervc for bringing this to my attention in conradkleinespel/rpassword#126.

Backwards compatible. No breaking change.

v7.5.0

This release comes with lots of stuff. It should be fully backward compatible.

New features

• Support for masking or partially masking a password as it's being typed. Thank you, @​chipsenkbeil, for your contribution.
• New API. The documentation has been vastly improved to support this, see https://docs.rs/rpassword/. To sum up, you can now call read_password_with_config(config) and there is a ConfigBuilder that allows you to configure how passwords should be read. This makes the library much more flexible and means new options will be added without breaking existing code.

Fixes

• Fix for CVE-2025-64170 which affects rpassword on versions v7.4.0 and below. Thank you, @​squell and @​DevLaTron, for reporting this.
• Better support for multibyte characters and more reliable handling of control characters and terminal escape sequences. Thank you again, @​chipsenkbeil, for your contribution.

Deprecations

• _from_bufread functions have been deprecated. You are encouraged to migrate to _with_config functions. See UPGRADE.md as well as the documentation which has examples that you can most likely drop into your code without other changes.

Misc

• Update of the windows-sys dependency.
• Update Rust edition from 2018 to 2024.
• Better cross-platform testing, through more unit tests and a CI that runs Linux, Windows and Wasm.

Feedback is very much welcome.

Commits

• e176edc bump to 7.5.2
• 6c19a1e make reading utf8 chars more reliable
• 1ecf07d bump to 7.5.1
• 60ee071 remove errno clean up, not cross-platform
• 2d9873e release v7.5.0
• e67e3b4 removes commented out code
• fdde958 remove .idea from .gitignore
• d531c59 allow reading from any Read and writing to any Write
• 205dfb2 differentiate Input and Output targets
• 6aa333a make PasswordFeedback internal though ConfigBuilder
• Additional commits viewable in compare view

Updates tss-esapi from 7.6.0 to 7.7.0

Release notes

Sourced from tss-esapi's releases.

tss-esapi v7.7.0

What's Changed

• Bump bindgen to 0.72.1 (fix LLVM 22 compatibility) by @​sarroutbi in parallaxsecond/rust-tss-esapi#634
• Bump v7 by @​ionut-arm in parallaxsecond/rust-tss-esapi#637

New Contributors

• @​sarroutbi made their first contribution in parallaxsecond/rust-tss-esapi#634

Full Changelog: parallaxsecond/rust-tss-esapi@tss-esapi-7.6.0...tss-esapi-7.7.0

Commits

• 27d5063 Merge pull request #637 from ionut-arm/bump-v7
• 7b48ab8 Bump the two crates
• ec38d9d Bump dependencies
• 9f00756 Fix docs on MSRV
• d895933 Merge pull request #634 from sarroutbi/fix/bump-bindgen-for-llvm22
• 4c6e93a Remove run-ci-locally.sh
• 21325bd Resolve all clippy lints for latest rustc
• d95d157 Use MSRV env variable in ci.yml
• 4359a87 fix: bump valgrind CI to rustc 1.85.0
• ab6e74e bump MSRV to 1.85.0 and fix clippy lints
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[prodnull]

Closing — group bump introduces multiple Rust major-version API changes (hmac 0.12→0.13 Hmac::new_from_slice removed, plus 8 other crate majors). Splitting per-crate is the right approach. Will revisit individually.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml