Skip to content

build(deps): bump the cargo group across 1 directory with 18 updates#1942

Merged
kixelated merged 2 commits into
mainfrom
dependabot/cargo/cargo-36fecec03a
Jun 29, 2026
Merged

build(deps): bump the cargo group across 1 directory with 18 updates#1942
kixelated merged 2 commits into
mainfrom
dependabot/cargo/cargo-36fecec03a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the cargo group with 18 updates in the / directory:

Package From To
web-async 0.1.3 0.1.4
web-transport-trait 0.3.5 0.3.6
bytes 1.11.1 1.12.0
regex 1.12.3 1.12.4
serde_with 3.20.0 3.21.0
smallvec 1.15.1 1.15.2
cbindgen 0.29.2 0.29.4
rustls 0.23.40 0.23.41
tower-http 0.6.11 0.7.0
uniffi 0.31.1 0.31.2
memchr 2.8.0 2.8.2
quinn 0.11.9 0.11.11
rustls-native-certs 0.8.3 0.8.4
socket2 0.6.3 0.6.4
time 0.3.47 0.3.51
chrono 0.4.44 0.4.45
str0m 0.19.0 0.20.0
uuid 1.23.1 1.23.3

Updates web-async from 0.1.3 to 0.1.4

Release notes

Sourced from web-async's releases.

web-async-v0.1.4

Added

  • (web-async) add portable time module (#38)
Commits
  • 62b7bf8 chore(web-codecs): release v0.3.10 (#40)
  • fa8b513 feat(web-async): add portable time module (#38)
  • 5251388 fix(web-codecs): VideoFrame::timestamp returns f64 in web-sys 0.3.100 (#39)
  • See full diff in compare view

Updates web-transport-trait from 0.3.5 to 0.3.6

Release notes

Sourced from web-transport-trait's releases.

web-transport-trait-v0.3.6

Added

  • (qmux) honor per-stream send priority (sendOrder) (#246)
Commits
  • ffc2a0c chore: release (#241)
  • 820f5f1 fix(quiche): don't tear down the connection when resetting a closed stream (#...
  • 7f16cdd test(py): remove unsupportable send-reset-on-exception test (#250)
  • 3f71a13 qmux: replace withoutProtocol with requireProtocol, default to lenient (0.1.2...
  • b864240 ci: drop python checks and claude review workflow (#249)
  • 53c40f8 feat(qmux): prioritized send scheduler + @​moq/web-socket-stream polyfill (#247)
  • 4092c5d feat(qmux): honor per-stream send priority (sendOrder) (#246)
  • df9d28a fix: make @​moq/web-transport importable under Node ESM (napi.cjs) (#245)
  • c1ea02f qmux: bump to 0.1.1 (JS and Rust) (#244)
  • cf87bcc qmux: (alpn, version) entries for cross-draft negotiation (#243)
  • Additional commits viewable in compare view

Updates bytes from 1.11.1 to 1.12.0

Release notes

Sourced from bytes's releases.

Bytes v1.12.0

1.12.0 (June 18th, 2026)

Added

  • Add BytesMut::extend_from_within() (#818)
  • Add BytesMut::try_unsplit() (#746)

Fixed

  • Fix panic in get_int if nbytes is zero (#806)

Changed

  • Pass vtable data by value (#826)
  • Exclude development scripts from published package (#810)

Documented

  • Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)
Changelog

Sourced from bytes's changelog.

1.12.0 (June 18th, 2026)

Added

  • Add BytesMut::extend_from_within() (#818)
  • Add BytesMut::try_unsplit() (#746)

Fixed

  • Fix panic in get_int if nbytes is zero (#806)

Changed

  • Pass vtable data by value (#826)
  • Exclude development scripts from published package (#810)

Documented

  • Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)
Commits

Updates regex from 1.12.3 to 1.12.4

Changelog

Sourced from regex's changelog.

1.12.4 (2025-06-09)

This release includes a performance optimization for compilation of regexes with very large character classes.

Improvements:

  • #1308: Avoid re-canonicalizing the entire interval set when pushing new class ranges.
Commits
  • 7b96fdc 1.12.4
  • 7b89cf0 deps: update to regex-syntax 0.8.11
  • 1401679 regex-syntax-0.8.11
  • d709000 changelog: 1.12.4
  • 9825c74 syntax: avoid re-canonicalizing the entire IntervalSet on push (#1308)
  • a7f2ff6 docs: clarify regex-lite word boundaries
  • 2c7b172 docs: clarify unsupported Anchored::Pattern searches
  • 839d16b regex-syntax-0.8.10
  • c4865a0 syntax: fix negation handling in HIR translation
  • d8761c0 cargo: also include benches
  • Additional commits viewable in compare view

Updates serde_with from 3.20.0 to 3.21.0

Release notes

Sourced from serde_with's releases.

serde_with v3.21.0

Security

  • GHSA-7gcf-g7xr-8hxj: KeyValueMap serialization panics on empty sequence or map entries Bad or attacker controlled values could cause a panic while allocating too large values. Fixed in #966 by setting a maximum allocation size during the creation of collections like Vec or sets.

    Thanks to @​7thParkk for reporting the issue.

Added

  • Add NoneAsZero adapter that maps Option<NonZero*> to a plain integer, encoding None as 0 by @​SAY-5 (#486)

Changed

  • Re-enable link-to-definition on docs.rs (#964)

Fixed

  • Fix some doc links to point to the correct types (#963)
  • Re-enable unused_qualifications and fix the resulting findings by @​lms0806 (#962)
Commits
  • 0f4ca67 Update changelog for 3.21.0 (#967)
  • 7654841 Update changelog for 3.21.0
  • c8a1d82 Protect all collection creations against capacity overflow by using `size_hin...
  • 6ad5fa5 Properly feature gate the vec_with_capacity_cautious function
  • ef7d141 Protect all collection creations against capacity overflow by using `size_hin...
  • a348da3 Add serde_as deserialize_as explain (#958)
  • 2e5bc20 Bump the github-actions group with 3 updates (#965)
  • 927a3d6 Bump the github-actions group with 3 updates
  • 62d14ec Enable link-to-definition on docs.rs again, after the upstream issue was reso...
  • 4584d94 Enable link-to-definition on docs.rs again, after the upstream issue was reso...
  • Additional commits viewable in compare view

Updates smallvec from 1.15.1 to 1.15.2

Release notes

Sourced from smallvec's releases.

v1.15.2

What's Changed

New Contributors

Full Changelog: servo/rust-smallvec@v1.15.1...v1.15.2

Commits
  • c469051 Bump version.
  • 9fe422b Fix Windows CI.
  • 51b965f Work around rustc 1.93 perf regression with MaybeUninit
  • 9da26a5 Fix use-after-free in DrainFilter::keep_rest for zero-capacity SmallVecs
  • 79184f1 Add Miri test for use-after-free in DrainFilter::keep_rest
  • f59fb36 Merge pull request #397 from GiGainfosystems/exclude_scripts
  • 28b6ed7 Exclude development script
  • See full diff in compare view

Updates cbindgen from 0.29.2 to 0.29.4

Release notes

Sourced from cbindgen's releases.

0.29.4

  • Support constant enums and arrays.

0.29.3

  • Expose the line_endings config option to use with the builder
  • Fix doc attribute parsing to properly handle block comments
  • Check for CMSE ABI's as well
  • ci: Add a meta job to block the merge queue on it.
  • Allow pub access to ReprType fields
  • In C23 mode, define sized enums as enums rather than typedefs.

0.29.2

  • Request serde's std feature to avoid issues with newer toml versions.

0.29.1

  • cf13c2b enum: Track dependencies properly in enumerations.
  • 307d1e9 constant: Handle cfg in associated constants.
  • 0902d02 Remove "display" feature from the toml crate
  • 9068410 Fix incorrect detection of duplicated constants
  • 451e768 docs: Correct after_include type in example config (fix)
  • aff68c6 cargo update
  • 09666f6 Update toml to 0.9

0.29.0

  • Support no-export annotation for statics and functions.
  • Fixed conditional fields of constexpr literal structs
  • Add rename rule for generated associated constant
  • Upgrade heck to 0.5
  • Add support for an optional nullable attribute
  • docs.md: Fix deprecated_with_note and deprecated_variant_with_note being spelled as 'notes'
  • Fix generic with "void" default
  • Fixed error generation of structures using the keyword as inside arrays
  • Added test for unsafe(no_mangle) attribute
  • Fixed handling of trait methods containing the unsafe attribute
  • Rename -Zparse-only

0.28.0

... (truncated)

Changelog

Sourced from cbindgen's changelog.

0.29.4

  * Support constant enums and arrays.

0.29.3

  * Expose the line_endings config option to use with the builder
  * Fix doc attribute parsing to properly handle block comments
  * Check for CMSE ABI's as well
  * ci: Add a meta job to block the merge queue on it.
  * Allow `pub` access to `ReprType` fields
  * In C23 mode, define sized enums as enums rather than typedefs.
Commits
  • b826cb8 Bump version.
  • 7b328f1 tests: Add some tests for constant enums.
  • 6c5bb1f ir: Add support for arrays.
  • 3b1305a ir: Allow constant literals with enum variants.
  • 4cf7500 ir: Use Path for ConstExprs.
  • b5f2a97 Bump version to 0.29.3 and update CHANGES doc
  • dfae10a tests: Fix tests with modern gcc.
  • b16c1d2 Use C++ fixed-type enumeration syntax under C23 (or higher) as well
  • b68b027 Allow pub access to ReprType fields
  • See full diff in compare view

Updates rustls from 0.23.40 to 0.23.41

Commits
  • 642a103 ci: drop Taplo job
  • 752c144 Drop nightly clippy tests
  • 8d8611a Fix new clippy::useless-borrows-in-formatting
  • ebf3297 Fix new clippy::manual_clear
  • 46808e7 ci: sync cargo-check-external-types nightly
  • 041a8d2 Cargo deny: allow RUSTSEC-2026-0173
  • 62e220e Take semver-compatible dependency updates
  • 3c14696 Upgrade to hickory-resolver 0.26
  • 848a2cc connect-tests: delete ech.rs
  • 5ce9cac Bump version to 0.23.41
  • Additional commits viewable in compare view

Updates tower-http from 0.6.11 to 0.7.0

Release notes

Sourced from tower-http's releases.

tower-http-0.7.0

Changes since 0.6.11

Added

  • csrf: add cross-site request forgery (CSRF) protection middleware, porting the cross-origin protection scheme introduced in Go 1.25 (#699)

    use tower::ServiceBuilder;
    use tower_http::csrf::CsrfLayer;
    // Rejects cross-origin state-changing requests using Sec-Fetch-Site,
    // an Origin allow-list, and an Origin/Host fallback. No per-request
    // token state required.
    let layer = CsrfLayer::new().add_trusted_origin("https://example.com")?;
    let service = ServiceBuilder::new().layer(layer).service_fn(handler);

  • timeout: add DeadlineBody for non-resetting body timeouts, applied via the new RequestBodyDeadlineLayer and ResponseBodyDeadlineLayer (#688)

    Unlike TimeoutBody, which resets its deadline on every frame, DeadlineBody caps the total time of a body transfer. A slow client trickling one byte at a time never trips an idle timeout but will trip a deadline.

    use std::time::Duration;
    use tower::ServiceBuilder;
    use tower_http::timeout::RequestBodyDeadlineLayer;
    // Abort the request body transfer after 30s total, regardless of how
    // frequently data arrives.
    let service = ServiceBuilder::new()
    .layer(RequestBodyDeadlineLayer::new(Duration::from_secs(30)))
    .service_fn(handler);

  • fs: add strong ETag support to ServeDir, including If-Match and If-None-Match precondition handling per RFC 9110. 304 Not Modified responses now carry the ETag and Last-Modified validators (#691)

  • fs: add a Backend trait to make ServeDir work with non-filesystem sources (e.g. embedded assets or object storage). The default TokioBackend preserves existing behavior. Use ServeDir::with_backend() to plug in custom implementations (#684)

    use tower_http::services::fs::ServeDir;
    // MyBackend implements tower_http::services::fs::Backend.
    // The default ServeDir::new() continues to use TokioBackend (local FS).
    let service = ServeDir::with_backend("assets", MyBackend::new());

  • fs: add html_as_default_extension option to ServeDir, appending .html when the request path has no extension (#519)

  • fs: add redirect_path_prefix option to ServeDir, prepending a prefix on trailing-slash redirects so the service can be mounted under a sub-path (#486)

  • validate-request: add ValidateRequestHeaderLayer::has_header_value() to reject requests when a header does not have an expected value (#360)

  • body: UnsyncBoxBody::new() constructor and From<ServeFileSystemResponseBody> conversion to avoid double-boxing when combining ServeDir responses with other body types (#537)

  • limit: implement Default for limit::ResponseBody when the wrapped body also implements Default (#679)

Changed

... (truncated)

Commits
  • b194fcf v0.7.0
  • af828a6 feat(follow_redirect)!: preserve request extensions across redirects (#706)
  • 8cb8d99 feat(ValidateRequestHeaderLayer): add has_header("...").with_value("...") fun...
  • 3b56d2d feat!: Add configurable Backend trait for ServeDir, bump MSRV 1.65 (#684)
  • 8508716 Add redirect_path_prefix option (#486)
  • 56327b2 Add Windows drive-prefix path regression test (#705)
  • 54c6db8 feat(compression)!: upgrade SizeAbove threshold from u16 to u64 (#704)
  • 68cd6d8 Add DeadlineBody for non-resetting body timeouts (#688)
  • fa8a98c feat(fs): add strong ETag support to ServeDir (#691)
  • 36d2205 fix: Make SetMultiple*Header Clone for !Clone http bodies (#703)
  • Additional commits viewable in compare view

Updates uniffi from 0.31.1 to 0.31.2

Changelog

Sourced from uniffi's changelog.

v0.31.2 (backend crates: v0.31.2) - (2026-06-16)

What's Fixed

  • Kotlin: Fixed JNA direct-mapped u8/u16 return values by widening the internal return carrier to Int, which avoids signedness mismatches during checksum validation and other direct-return paths on Android ARM32. (#2897)
  • Kotlin: Fix async functions that return an external/RustBuffer type
  • Swift: Fixed FfiConverterString silently stripping a leading U+FEFF byte order mark from Rust strings.
  • Swift: Prevent strict concurrency warning with callback interface tables

All changes in v0.31.2.

Commits
  • 05b45b1 chore: Release
  • 7a0eb62 chore: Release
  • d4d26c6 Adding changelog entries for 0.31.2
  • 9b81f26 Fix compile error message to point out missing CARGO_MANIFEST_DIR
  • f29bc2d Fix Kotlin JNA unsigned small integer direct returns
  • 9a11123 Fix Kotlin async external RustBuffer returns
  • 04f196a swift: nonisolated(unsafe) on callback vtablePtr
  • cef4501 Swift: preserve leading U+FEFF byte order mark in FfiConverterString
  • b4153d4 fix: sort uniffi_traits to ensure deterministic code generation
  • See full diff in compare view

Updates memchr from 2.8.0 to 2.8.2

Commits
  • a61ac1a 2.8.2
  • a08bf90 arch: fix undefined behavior in lower level (but public) APIs
  • b41293b rebar: update memchr to latest
  • 87467c9 impl: remove unnecessary clones in into_owned impls
  • ff7dca7 2.8.1
  • 016878a target: fix aarch64_be endianness bug
  • ee18717 docs: add AI policy for contributors
  • db1a77d build(deps): bump actions/checkout in the actions group (#212)
  • c8abbe1 Hash-pin all actions, drop persisted credentials (#210)
  • 24f5daa lint: fix clippy get_first
  • Additional commits viewable in compare view

Updates quinn from 0.11.9 to 0.11.11

Release notes

Sourced from quinn's releases.

quinn-proto 0.11.11

What's Changed

Commits
  • a7499b8 Bump versions for release
  • 7c1970f proto: yield error on too many gaps in assembler
  • fe5ac49 congestion: avoid double-reducing CUBIC fast convergence
  • c1e903b fix(quinn): handle overdue timers without polling the async timer
  • b3b20e1 quinn-udp: allow to use windows-sys 0.61
  • 6f03ca3 quinn-proto: drop Initials silently when saturated
  • 41c8527 quinn: fix ref count logic for ConnectionRef and EndpointRef
  • 73ea1dd Remove RecvStreams from blocked_readers on stop
  • cf16bfd Early return in RecvStream::drop()
  • af2e4e5 Fix the (pre-existing) rightward drift by inverting conditions
  • Additional commits viewable in compare view

Updates rustls-native-certs from 0.8.3 to 0.8.4

Release notes

Sourced from rustls-native-certs's releases.

0.8.4

What's Changed

Commits
  • 9d1f11e Bump version to 0.8.4
  • a008aa1 Take semver-compatible dependency versions
  • 26d43e3 Ignore empty entries in SSL_CERT_DIR
  • 4d4f4de build(deps): bump serial_test from 3.4.0 to 3.5.0 in the crates-io group
  • 8707835 Take semver-compatible dependency updates
  • f89af49 Apply suggestions from nightly clippy
  • 4ea7b7b build(deps): bump rustls from 0.23.38 to 0.23.39 in the crates-io group
  • fa48b0a Take semver-compatible dependency updates
  • 559fd3d build(deps): bump the crates-io group with 2 updates
  • 0346ae5 Take semver-compatible dependency updates
  • Additional commits viewable in compare view

Updates socket2 from 0.6.3 to 0.6.4

Changelog

Sourced from socket2's changelog.

0.6.4

Commits

Updates time from 0.3.47 to 0.3.51

Release notes

Sourced from time's releases.

v0.3.51

See the changelog for details.

v0.3.49

See the changelog for details.

v0.3.48

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.51 [2026-06-22]

Fixed

  • time compiles with macros enabled. This version is otherwise identical to v0.3.50.

0.3.50 [2026-06-22]

Added

  • Timestamp type

Fixed

  • [year] in a runtime-parsed version 3 format description when the large-dates feature is not enabled now succeeds. This previously failed due to a missing #[cfg].

Performance

  • Further gains when parsing with the non-deprecated parts of the RFC 2822 well-known format
  • Gains when formatting with the ISO 8601 well-known format
  • Date arithmetic is improved in common situations

0.3.49 [2026-06-13]

Fixed

  • Due to a long-standing bug in the Rust compiler, v0.3.48 caused a number of crates to stop compiling. A patch has been added that avoids triggering the bug.

0.3.48 [2026-06-12] [YANKED]

Security

  • The number of digits parsed by [subsecond digits:1+] is capped at 32 to avoid parsing unbounded user input. Digits after the 9th have no semantic meaning.
  • Explicitly specify #[repr] for Weekday. The value of the variants is relied upon in multiple locations for soundness. The practical effect of this change is nothing, as Rust has always mapped C-like enums to 0..N in memory.

Compatibility

  • Non-UTF-8 formatting and parsing is deprecated without replacement. It is recommended to only format and parse valid UTF-8.
  • format_description::parse is deprecated. It is recommended to use format_description::parse_borrowed::<3> or format_description::parse_owned::<3>.

Added

  • All types in the unit module have a generic parameter, though this is currently not used for

... (truncated)

Commits
  • 4ae4926 v0.3.51 release
  • 88eece3 v0.3.50 release
  • e1aa9ed Remove unused imports
  • 6f64473 Add regression test for issue 773
  • 9f8d7da Improve performance of ISO 8601 formatting
  • 356975c Share parsing components with different versions
  • 2850178 Improve RFC 2822 fast path
  • 1f6fa79 Add #[inline] to trivial method
  • 7e4fd30 Add fast path for Date arithmetic
  • a928f2d Avoid range error when not using large-dates
  • Additional commits viewable in compare view

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

Commits
  • 1703382 Prepare 0.4.45 release
  • 881f9ab tz_data: fix tzdata locations on Android
  • f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
  • c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
  • 120686c Bump codecov/codecov-action from 5 to 6
  • See full diff in compare view

Updates str0m from 0.19.0 to 0.20.0

Changelog

Sourced from str0m's changelog.

0.20.0

  • Update dimpl to 0.6.2 and sctp-proto to 0.9.1
  • Fix repeated rx lookup cleanup bug #965
  • Fix permissive vp8 depacketizer for invalid l=1,t=0 cases (breaking) #963
  • Add VP8 descriptor parsing and vp8_patch() to RtpWrite #963
  • write_rtp() now takes a RtpWrite builder (breaking) #963
  • Add abs-capture-time writer support and fixed receiver-side (breaking) #964
  • Add stereo to opus format params #955
  • Use Arc<[u8]> as input/output of media data (breaking) #959

is-0.9.1

  • Expose ICE candidate pair RTT in CandidatePairStats #962
Commits
  • dbf9fa0 str0m-proto 0.5.1, str0m-aws-lc-rs 0.4.1, str0m-rust-crypto 0.4.1, str0m-appl...
  • 5ed1a45 str0m 0.20.0
  • fbbbde3 Fix peer media stats counters
  • 36c1b8f fix bug to avoid repeated rx lookup cleanup
  • 89145d2 SDP doc
  • 60f091f RTP write API
  • d84d6e0 fix: abs-capture-time dropped on receiver
  • 0a64067 feat: add ICE candidate pair RTT stats to CandidatePairStats
  • 62d1ec5 Use Arc<[u8]> for RTP and media payloads
  • 8c09015 Fix typo
  • Additional commits viewable in compare view

Updates uuid from 1.23.1 to 1.23.3

Release notes

Sourced from uuid's releases.

v1.23.3

What's Changed

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3

v1.23.2

What's Changed

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

Commits
  • 20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
  • 62232ca prepare for 1.23.3 release
  • 2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
  • 2d034d4 fix some invalid indexers on error reporting
  • a8b9f14 update fuzz infra and run in CI
  • d119657 Merge pull request #883 from uuid-rs/cargo/v1.23.2
  • 0651cfc prepare for 1.23.2 release
  • e8dea0c Merge pull request #882 from uuid-rs/fix/error-msgs
  • bdc429a fix up serde messages
  • d4342e4 make indexes 0 based and fix up more error messages
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the cargo group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [web-async](https://github.com/kixelated/web-rs) | `0.1.3` | `0.1.4` |
| [web-transport-trait](https://github.com/moq-dev/web-transport) | `0.3.5` | `0.3.6` |
| [bytes](https://github.com/tokio-rs/bytes) | `1.11.1` | `1.12.0` |
| [regex](https://github.com/rust-lang/regex) | `1.12.3` | `1.12.4` |
| [serde_with](https://github.com/jonasbb/serde_with) | `3.20.0` | `3.21.0` |
| [smallvec](https://github.com/servo/rust-smallvec) | `1.15.1` | `1.15.2` |
| [cbindgen](https://github.com/mozilla/cbindgen) | `0.29.2` | `0.29.4` |
| [rustls](https://github.com/rustls/rustls) | `0.23.40` | `0.23.41` |
| [tower-http](https://github.com/tower-rs/tower-http) | `0.6.11` | `0.7.0` |
| [uniffi](https://github.com/mozilla/uniffi-rs) | `0.31.1` | `0.31.2` |
| [memchr](https://github.com/BurntSushi/memchr) | `2.8.0` | `2.8.2` |
| [quinn](https://github.com/quinn-rs/quinn) | `0.11.9` | `0.11.11` |
| [rustls-native-certs](https://github.com/rustls/rustls-native-certs) | `0.8.3` | `0.8.4` |
| [socket2](https://github.com/rust-lang/socket2) | `0.6.3` | `0.6.4` |
| [time](https://github.com/time-rs/time) | `0.3.47` | `0.3.51` |
| [chrono](https://github.com/chronotope/chrono) | `0.4.44` | `0.4.45` |
| [str0m](https://github.com/algesten/str0m) | `0.19.0` | `0.20.0` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.23.1` | `1.23.3` |



Updates `web-async` from 0.1.3 to 0.1.4
- [Release notes](https://github.com/kixelated/web-rs/releases)
- [Commits](kixelated/web-rs@web-async-v0.1.3...web-async-v0.1.4)

Updates `web-transport-trait` from 0.3.5 to 0.3.6
- [Release notes](https://github.com/moq-dev/web-transport/releases)
- [Changelog](https://github.com/moq-dev/web-transport/blob/main/release-plz.toml)
- [Commits](moq-dev/web-transport@web-transport-trait-v0.3.5...web-transport-trait-v0.3.6)

Updates `bytes` from 1.11.1 to 1.12.0
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.11.1...v1.12.0)

Updates `regex` from 1.12.3 to 1.12.4
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](rust-lang/regex@1.12.3...1.12.4)

Updates `serde_with` from 3.20.0 to 3.21.0
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](jonasbb/serde_with@v3.20.0...v3.21.0)

Updates `smallvec` from 1.15.1 to 1.15.2
- [Release notes](https://github.com/servo/rust-smallvec/releases)
- [Commits](servo/rust-smallvec@v1.15.1...v1.15.2)

Updates `cbindgen` from 0.29.2 to 0.29.4
- [Release notes](https://github.com/mozilla/cbindgen/releases)
- [Changelog](https://github.com/mozilla/cbindgen/blob/main/CHANGES)
- [Commits](mozilla/cbindgen@0.29.2...0.29.4)

Updates `rustls` from 0.23.40 to 0.23.41
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.40...v/0.23.41)

Updates `tower-http` from 0.6.11 to 0.7.0
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](tower-rs/tower-http@tower-http-0.6.11...tower-http-0.7.0)

Updates `uniffi` from 0.31.1 to 0.31.2
- [Changelog](https://github.com/mozilla/uniffi-rs/blob/main/CHANGELOG.md)
- [Commits](mozilla/uniffi-rs@v0.31.1...v0.31.2)

Updates `memchr` from 2.8.0 to 2.8.2
- [Commits](BurntSushi/memchr@2.8.0...2.8.2)

Updates `quinn` from 0.11.9 to 0.11.11
- [Release notes](https://github.com/quinn-rs/quinn/releases)
- [Commits](quinn-rs/quinn@quinn-0.11.9...quinn-0.11.11)

Updates `rustls-native-certs` from 0.8.3 to 0.8.4
- [Release notes](https://github.com/rustls/rustls-native-certs/releases)
- [Commits](rustls/rustls-native-certs@v/0.8.3...v/0.8.4)

Updates `socket2` from 0.6.3 to 0.6.4
- [Release notes](https://github.com/rust-lang/socket2/releases)
- [Changelog](https://github.com/rust-lang/socket2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/socket2/commits)

Updates `time` from 0.3.47 to 0.3.51
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](time-rs/time@v0.3.47...v0.3.51)

Updates `chrono` from 0.4.44 to 0.4.45
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](chronotope/chrono@v0.4.44...v0.4.45)

Updates `str0m` from 0.19.0 to 0.20.0
- [Changelog](https://github.com/algesten/str0m/blob/main/CHANGELOG.md)
- [Commits](algesten/str0m@0.19.0...0.20.0)

Updates `uuid` from 1.23.1 to 1.23.3
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](uuid-rs/uuid@v1.23.1...v1.23.3)

---
updated-dependencies:
- dependency-name: web-async
  dependency-version: 0.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: web-transport-trait
  dependency-version: 0.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: bytes
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: regex
  dependency-version: 1.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: serde_with
  dependency-version: 3.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: smallvec
  dependency-version: 1.15.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: cbindgen
  dependency-version: 0.29.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: rustls
  dependency-version: 0.23.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: tower-http
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: uniffi
  dependency-version: 0.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: memchr
  dependency-version: 2.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: quinn
  dependency-version: 0.11.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: rustls-native-certs
  dependency-version: 0.8.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: socket2
  dependency-version: 0.6.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: time
  dependency-version: 0.3.51
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: chrono
  dependency-version: 0.4.45
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: str0m
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: uuid
  dependency-version: 1.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jun 29, 2026
str0m 0.20 changed `MediaData::data` from `Vec<u8>` to `Arc<[u8]>`,
which has no `Into<bytes::Bytes>` impl. Use `Bytes::from_owner` to wrap
the `Arc` directly (zero-copy, shares str0m's allocation).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kixelated kixelated force-pushed the dependabot/cargo/cargo-36fecec03a branch from 7d6a3fe to b2a765a Compare June 29, 2026 18:47
@kixelated kixelated merged commit 1ea203d into main Jun 29, 2026
1 check passed
@kixelated kixelated deleted the dependabot/cargo/cargo-36fecec03a branch June 29, 2026 18:58
@moq-bot moq-bot Bot mentioned this pull request Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant