deps(rust): bump the rust-dependencies group across 1 directory with 12 updates

[dependabot]

Bumps the rust-dependencies group with 12 updates in the / directory:

Package	From	To
tokio	1.49.0	1.50.0
rmcp	0.17.0	1.3.0
tracing-subscriber	0.3.22	0.3.23
clap	4.5.60	4.6.0
scraper	0.25.0	0.26.0
html5ever	0.36.1	0.39.0
uuid	1.21.0	1.23.0
sysinfo	0.38.2	0.38.4
hmac	0.12.1	0.13.0
sha2	0.10.9	0.11.0
proptest	1.10.0	1.11.0
wasm-bindgen-test	0.3.64	0.3.65

Updates tokio from 1.49.0 to 1.50.0

Release notes

Sourced from tokio's releases.

Tokio v1.50.0

1.50.0 (Mar 3rd, 2026)

Added

• net: add TcpStream::set_zero_linger (#7837)
• rt: add is_rt_shutdown_err (#7771)

Changed

• io: add optimizer hint that memchr returns in-bounds pointer (#7792)
• io: implement vectored writes for write_buf (#7871)
• runtime: panic when event_interval is set to 0 (#7838)
• runtime: shorten default thread name to fit in Linux limit (#7880)
• signal: remember the result of SetConsoleCtrlHandler (#7833)
• signal: specialize windows Registry (#7885)

Fixed

• io: always cleanup AsyncFd registration list on deregister (#7773)
• macros: remove (most) local use declarations in tokio::select! (#7929)
• net: fix GET_BUF_SIZE constant for target_os = "android" (#7889)
• runtime: avoid redundant unpark in current_thread scheduler (#7834)
• runtime: don't park in current_thread if before_park defers waker (#7835)
• io: fix write readiness on ESP32 on short writes (#7872)
• runtime: wake deferred tasks before entering block_in_place (#7879)
• sync: drop rx waker when oneshot receiver is dropped (#7886)
• runtime: fix double increment of num_idle_threads on shutdown (#7910, #7918, #7922)

Unstable

• fs: check for io-uring opcode support (#7815)
• runtime: avoid lock acquisition after uring init (#7850)

Documented

• docs: update outdated unstable features section (#7839)
• io: clarify the behavior of AsyncWriteExt::shutdown() (#7908)
• io: explain how to flush stdout/stderr (#7904)
• io: fix incorrect and confusing AsyncWrite documentation (#7875)
• rt: clarify the documentation of Runtime::spawn (#7803)
• rt: fix missing quotation in docs (#7925)
• runtime: correct the default thread name in docs (#7896)
• runtime: fix event_interval doc (#7932)
• sync: clarify RwLock fairness documentation (#7919)
• sync: clarify that recv returns None once closed and no more messages (#7920)
• task: clarify when to use spawn_blocking vs dedicated threads (#7923)
• task: doc that task drops before JoinHandle completion (#7825)
• signal: guarantee that listeners never return None (#7869)
• task: fix task module feature flags in docs (#7891)

... (truncated)

Commits

• 0273e45 chore: prepare Tokio v1.50.0 (#7934)
• e3ee4e5 chore: prepare tokio-macros v2.6.1 (#7943)
• 8c980ea io: add write_all_vectored to tokio-util (#7768)
• e35fd6d ci: fix patch during clippy step (#7935)
• 03fe44c runtime: fix event_interval doc (#7932)
• d18e5df io: fix race in Mock::poll_write (#7882)
• f21f269 runtime: fix race condition during the blocking pool shutdown (#7922)
• d81e8f0 macros: remove (most) local use declarations in tokio::select! (#7929)
• 25e7f26 rt: fix missing quotation in docs (#7925)
• e1a91ef util: fix typo in docs (#7926)
• Additional commits viewable in compare view

Updates rmcp from 0.17.0 to 1.3.0

Release notes

Sourced from rmcp's releases.

rmcp-macros-v1.3.0

Added

• add local feature for !Send tool handler support (#740)

Other

• fix all clippy warnings across workspace (#746)

rmcp-v1.3.0

Added

• (transport) add Unix domain socket client for streamable HTTP (#749)
• (auth) implement SEP-2207 OIDC-flavored refresh token guidance (#676)
• add configuration for transparent session re-init (#760)
• add local feature for !Send tool handler support (#740)

Fixed

• prevent CallToolResult and GetTaskPayloadResult from shadowing CustomResult in untagged enums (#771)
• drain in-flight responses on stdin EOF (#759)
• remove default type param from StreamableHttpService (#758)
• use cfg-gated Send+Sync supertraits to avoid semver break (#757)
• (rmcp) surface JSON-RPC error bodies on HTTP 4xx responses (#748)
• default CallToolResult content to empty vec on missing field (#752)
• (auth) redact secrets in Debug output for StoredCredentials and StoredAuthorizationState (#744)

Other

• fix all clippy warnings across workspace (#746)

rmcp-macros-v1.2.0

Fixed

• (rmcp-macros) use re-exported serde_json path in task_handler (#735)

rmcp-v1.2.0

Added

• add missing constructors for non-exhaustive model types (#739)
• include granted scopes in OAuth refresh token request (#731)

Fixed

• handle ping requests sent before initialize handshake (#745)
• allow deserializing notifications without params field (#729)

Other

• (deps) update jsonwebtoken requirement from 9 to 10 (#737)

... (truncated)

Commits

• ac749e3 chore: release v1.3.0 (#747)
• 0b36a84 feat: add "theme" to Icon (#766)
• 6a3b32d chore: add #[non_exhaustive] to remaining public structs (#768)
• ee1c63c feat(transport): add Unix domain socket client for streamable HTTP (#749)
• a32a9c8 feat(auth): implement SEP-2207 OIDC-flavored refresh token guidance (#676)
• baf22d3 chore: run all tests in ci without "local" feature (#761)
• f89e412 chore(deps): update tokio-tungstenite requirement from 0.28.0 to 0.29.0 (#773)
• c8c0c0c fix: prevent CallToolResult and GetTaskPayloadResult from shadowing CustomRes...
• 30cdc38 chore: remove the rig example (#763)
• 3ea8c3c feat: add configuration for transparent session re-init (#760)
• Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.22 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

• Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

Commits

• 54ede4d chore: prepare tracing-subscriber 0.3.23 (#3490)
• 37558d5 subscriber: allow ansi sanitization to be disabled (#3484)
• efc690f core: add missing const (#3449)
• 0c32367 core: Use const initializers instead of once_cell
• 9feb241 docs: add arcswap reload crate to related (#3442)
• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• See full diff in compare view

Updates clap from 4.5.60 to 4.6.0

Changelog

Sourced from clap's changelog.

[4.6.0] - 2026-03-12

Compatibility

• Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

• Update dependencies

Commits

• 9ab6dee chore: Release
• 374a30d docs: Update changelog
• d0c8aab Merge pull request #6306 from epage/update
• 686ce2f chore: Upgrade compatible
• 8203238 Merge pull request #6305 from epage/msrv
• c774a89 docs: Reduce main's in doctests
• 73534f6 chore: Upgrade to 2025 edition
• dfe05a9 chore: Bump MSRV to 1.85
• 8b41d0b chore: Release
• 518220f docs: Update changelog
• Additional commits viewable in compare view

Updates scraper from 0.25.0 to 0.26.0

Release notes

Sourced from scraper's releases.

v0.26.0

What's Changed

• fix dom manipulation example by @​JayceFayne in rust-scraper/scraper#292
• Bump selectors from 0.33.0 to 0.35.0 by @​dependabot[bot] in rust-scraper/scraper#298
• Bump indexmap from 2.12.1 to 2.13.0 by @​dependabot[bot] in rust-scraper/scraper#294
• Upgrade ego-tree to 0.11.0 and html5ever to 0.37.1 by @​cfvescovo in rust-scraper/scraper#300
• Bump html5ever from 0.37.1 to 0.38.0 by @​mohe2015 in rust-scraper/scraper#303
• Bump selectors from 0.35.0 to 0.36.0 by @​dependabot[bot] in rust-scraper/scraper#307
• Bump html5ever from 0.38.0 to 0.39.0 by @​dependabot[bot] in rust-scraper/scraper#308
• Version 0.26.0 by @​adamreichold in rust-scraper/scraper#306

New Contributors

• @​JayceFayne made their first contribution in rust-scraper/scraper#292

Full Changelog: rust-scraper/scraper@v0.25.0...v0.26.0

Commits

• 170cdd3 Merge pull request #306 from rust-scraper/bump
• bca1839 Bump html5ever from 0.38.0 to 0.39.0
• d07444e Bump selectors from 0.35.0 to 0.36.0 (#307)
• 637a8d3 Version 0.26.0
• f3132d9 Bump html5ever from 0.37.1 to 0.38.0
• ff2ea51 cargo fmt
• 7d14577 Edition 2024
• 60cd9e7 Merge pull request #300 from rust-scraper/upgrade-ego-tree-html5ever
• ba8f3fc Upgrade ego-tree to 0.11.0 and html5ever to 0.37.1
• a2cfbe4 Bump indexmap from 2.12.1 to 2.13.0
• Additional commits viewable in compare view

Updates html5ever from 0.36.1 to 0.39.0

Commits

• See full diff in compare view

Updates uuid from 1.21.0 to 1.23.0

Release notes

Sourced from uuid's releases.

v1.23.0

What's Changed

• feat: add support for 'hyphenated' format in the serde module by @​FrenchDilettante in uuid-rs/uuid#865
• Fix a number of bugs in time-related code by @​KodrAus in uuid-rs/uuid#872
• Reword invalid char error message by @​KodrAus in uuid-rs/uuid#873
• Impl cleanups by @​KodrAus in uuid-rs/uuid#874
• Use LazyLock to synchronize v1/v6 context initialization by @​KodrAus in uuid-rs/uuid#875
• Prepare for 1.23.0 release by @​KodrAus in uuid-rs/uuid#876

New Contributors

• @​FrenchDilettante made their first contribution in uuid-rs/uuid#865

Special thanks

@​meng-xu-cs raised a series of bugs against the timestamp logic in uuid using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better uuid library for everyone. Thanks!

Deprecations

This release includes the following deprecations:

• Context: Renamed to ContextV1
• Timestamp::from_gregorian: Renamed to Timestamp::from_gregorian_time

Change to Version::Max

Version::Max's u8 representation has changed from 0xff to 0x0f to match the value returned by Uuid::get_version_num.

Change to Uuid::get_version for the max UUID

Uuid::get_version will only return Some(Version::Max) if the UUID is actually the max UUID (all bytes are 0xff). Previously it would return Some if only the version field was 0x0f. This change matches the behaviour of the nil UUID, which only returns Some(Version::Nil) if the UUID is the nil UUID (all bytes are 0x00).

Full Changelog: uuid-rs/uuid@v1.22.0...v1.23.0

v1.22.0

What's Changed

• Default to rand 0.10 by @​haxtibal in uuid-rs/uuid#863
• Prepare for 1.22.0 release by @​KodrAus in uuid-rs/uuid#864

New Contributors

• @​haxtibal made their first contribution in uuid-rs/uuid#863

Full Changelog: uuid-rs/uuid@v1.21.0...v1.22.0

Commits

• 00ab922 Merge pull request #876 from uuid-rs/cargo/v1.23.0
• 726ba45 prepare for 1.23.0 release
• 996dade Merge pull request #875 from uuid-rs/fix/context-ordering
• e140479 simplify a use stmt
• 8ed9142 reorganize and document more v7 context internals
• e09a322 use LazyLock to synchronize v1/v6 context initialization
• 0f260cc Merge pull request #874 from uuid-rs/chore/impl-cleanups
• 1419e91 clean up and refactor main lib tests
• ceeaf4b ensure we don't overflow on counters less than 12
• 63bc8f5 Merge pull request #873 from uuid-rs/fix/error-msg
• Additional commits viewable in compare view

Updates sysinfo from 0.38.2 to 0.38.4

Changelog

Sourced from sysinfo's changelog.

0.38.4

• macOS: Unpin objc2-* crates version.
• Linux: Fix computation of disk size.

0.38.3

• macOS: Improve accuracy of System::available_memory and System::used_memory.
• Documentation: add missing unit for CPU::frequency returned value.

Commits

• 97c194d Merge pull request #1642 from GuillaumeGomez/update
• 91b92f1 Update crate version to 0.38.4
• 8e8f76c Update CHANGELOG for 0.38.4
• 9e6f37c Merge pull request #1641 from madsmtm/macos-no-pin-deps
• 73d545c Fix warnings introduced in new objc2-* versions
• 5cc4bcb Don't pin objc2-* crates
• 5d4c63b Merge pull request #1640 from patjakdev/patjakdev/fix-1639
• a8ee05c Use fragment size instead of block size for disk stats
• 61257e4 Merge pull request #1635 from GuillaumeGomez/update
• 3cf4b65 Update crate version to 0.38.3
• Additional commits viewable in compare view

Updates hmac from 0.12.1 to 0.13.0

Commits

• 0236c8e hmac v0.13.0 (#263)
• b895e50 Migrate tests to the new blobby format (#264)
• 3d1440b Workspace-level lint configuration (#261)
• 11d4f36 hmac: use release versions of dev-dependencies (#260)
• c40b82b hmac: bump sha2 dev-dependency to v0.11 (#259)
• 1fa0781 Cut rc.5 prereleases (#258)
• a008265 hmac v0.13.0-rc.6 (#256)
• da485cd Use (Reset)MacTraits (#254)
• 2c51e3b hmac: derive Clone instead of relying on (Reset)MacTraits (#253)
• 669d805 Relax Clone bounds (#250)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates proptest from 1.10.0 to 1.11.0

Commits

• 7f1367f Merge pull request #641 from proptest-rs/release-1.11
• a63bf7e proptest-state-machine v0.8.0
• d86e9ff add changelog for #640
• 7940313 proptest v1.11.0
• 3ec998c fix #638 changelog
• 8ceb00c Merge pull request #639 from lukoktonos/bits128
• 9c8df1a Merge pull request #638 from folkertdev/f16-support
• ca9d8e1 changelog #638
• a39869f imply f16 feat by unstable
• 85c5ca0 Merge pull request #637 from folkertdev/min-max-assoc-constants
• Additional commits viewable in compare view

Updates wasm-bindgen-test from 0.3.64 to 0.3.65

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.