Bump the dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the dependencies group with 11 updates in the / directory:

Package	From	To
hyper	1.7.0	1.8.1
tokio	1.47.1	1.48.0
hyper-util	0.1.17	0.1.18
bytes	1.10.1	1.11.0
serde	1.0.226	1.0.228
aws-config	1.8.6	1.8.7
aws-sdk-secretsmanager	1.88.0	1.89.0
aws-smithy-types	1.3.2	1.3.4
serde_with	3.14.1	3.16.0
thiserror	2.0.16	2.0.17
rustls	0.23.32	0.23.35

Updates hyper from 1.7.0 to 1.8.1

Release notes

Sourced from hyper's releases.

v1.8.1

Bug Fixes

• http1: fix consuming extra CPU from previous change (#3977) (4492f31e)

Full Changelog: hyperium/hyper@v1.8.0...v1.8.1

v1.8.0

Highlights

Features

• rt: add Timer::now() method to allow overriding the instant returned (#3965) (5509ebe6)

Bug Fixes

• http1: fix rare missed write wakeup on connections (#3952) (2377b893)
• http2: fix internals of HTTP/2 CONNECT upgrades (#3967) (58e0e7dc, closes #3966)

Breaking Changes

While technically breaking, it's assumed you will not need to do anything or be affected.

• The HTTP/2 client connection no longer allows an executor that can not spawn itself.

  This was an oversight originally. The client connection will now include spawning a future that keeps a copy of the executor to spawn other futures. Thus, if it is !Send, it needs to spawn !Send futures. The likelihood of executors that match the previously allowed behavior should be very remote.

  There is also technically a semver break in here, which is that the Http2ClientConnExec trait no longer dyn-compatible, because it now expects to be Clone. This should not break usage of the conn builder, because it already separately had E: Clone bounds. If someone were using dyn Http2ClientConnExec, that will break. However, there is no purpose for doing so, and it is not usable otherwise, since the trait only exists to propagate bounds into hyper. Thus, the breakage should not affect anyone. (58e0e7dc)

What's Changed

• chore(ci): update to actions/checkout@v5 by @​tottoto in hyperium/hyper#3935
• refactor(ffi): specify "C" ABI explicitly in ffi_fn! macro by @​1911860538 in hyperium/hyper#3937
• Update documented default values for http1::Builder by @​Will-Low in hyperium/hyper#3938
• fix(client): port tests to in-memory socket by @​cratelyn in hyperium/hyper#3947
• feat: allow overriding the instant returned from Timer by @​arielb1 in hyperium/hyper#3965
• fix(http1): poll_loop writes when ready by @​lthiery in hyperium/hyper#3952
• test(ready_stream): replace tracing with printlns by @​seanmonstar in hyperium/hyper#3973

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.8.1 (2025-11-13)

Bug Fixes

• http1: fix consuming extra CPU from previous change (#3977) (4492f31e)

v1.8.0 (2025-11-11)

Bug Fixes

• http1: fix rare missed write wakeup on connections (#3952) (2377b893)
• http2: fix internals of HTTP/2 CONNECT upgrades (#3967) (58e0e7dc, closes #3966)

Features

• rt: add Timer::now() method to allow overriding the instant returned (#3965) (5509ebe6)

Breaking Changes

• The HTTP/2 client connection no longer allows an executor that can not spawn itself.

  This was an oversight originally. The client connection will now include spawning a future that keeps a copy of the executor to spawn other futures. Thus, if it is !Send, it needs to spawn !Send futures. The likelihood of executors that match the previously allowed behavior should be very remote.

  There is also technically a semver break in here, which is that the Http2ClientConnExec trait no longer dyn-compatible, because it now expects to be Clone. This should not break usage of the conn builder, because it already separately had E: Clone bounds. If someone were using dyn Http2ClientConnExec, that will break. However, there is no purpose for doing so, and it is not usable otherwise, since the trait only exists to propagate bounds into hyper. Thus, the breakage should not affect anyone. (58e0e7dc)

Commits

• 166c6ca v1.8.1
• 4492f31 fix(http1): fix consuming extra CPU from previous change (#3977)
• dbe6f25 v1.8.0
• 58e0e7d fix(http2): fix internals of HTTP/2 CONNECT upgrades (#3967)
• 0a37a8c test(ready_stream): replace tracing with printlns (#3973)
• 2377b89 fix(http1): fix rare missed write wakeup on connections (#3952)
• 5509ebe feat(rt): add Timer::now() method to allow overriding the instant returned ...
• f9f8f44 tests(client): port tests to in-memory socket (#3947)
• 5803a9c docs(server): update default values for http1::Builder (#3938)
• e1e1f2b refactor(ffi): specify "C" ABI explicitly in ffi_fn! macro (#3937)
• Additional commits viewable in compare view

Updates tokio from 1.47.1 to 1.48.0

Release notes

Sourced from tokio's releases.

Tokio v1.48.0

1.48.0 (October 14th, 2025)

The MSRV is increased to 1.71.

Added

• fs: add File::max_buf_size (#7594)
• io: export Chain of AsyncReadExt::chain (#7599)
• net: add SocketAddr::as_abstract_name (#7491)
• net: add TcpStream::quickack and TcpStream::set_quickack (#7490)
• net: implement AsRef<Self> for TcpStream and UnixStream (#7573)
• task: add LocalKey::try_get (#7666)
• task: implement Ord for task::Id (#7530)

Changed

• deps: bump windows-sys to version 0.61 (#7645)
• fs: preserve max_buf_size when cloning a File (#7593)
• macros: suppress clippy::unwrap_in_result in #[tokio::main] (#7651)
• net: remove PollEvented noise from Debug formats (#7675)
• process: upgrade Command::spawn_with to use FnOnce (#7511)
• sync: remove inner mutex in SetOnce (#7554)
• sync: use UnsafeCell::get_mut in Mutex::get_mut and RwLock::get_mut (#7569)
• time: reduce the generated code size of Timeout<T>::poll (#7535)

Fixed

• macros: fix hygiene issue in join! and try_join! (#7638)
• net: fix copy/paste errors in udp peek methods (#7604)
• process: fix error when runtime is shut down on nightly-2025-10-12 (#7672)
• runtime: use release ordering in wake_by_ref() even if already woken (#7622)
• sync: close the broadcast::Sender in broadcast::Sender::new() (#7629)
• sync: fix implementation of unused RwLock::try_* methods (#7587)

Unstable

• tokio: use cargo features instead of --cfg flags for taskdump and io_uring (#7655, #7621)
• fs: support io_uring in fs::write (#7567)
• fs: support io_uring with File::open() (#7617)
• fs: support io_uring with OpenOptions (#7321)
• macros: add local runtime flavor (#7375, #7597)

Documented

• io: clarify the zero capacity case of AsyncRead::poll_read (#7580)
• io: fix typos in the docs of AsyncFd readiness guards (#7583)
• net: clarify socket gets closed on drop (#7526)
• net: clarify the behavior of UCred::pid() on Cygwin (#7611)
• net: clarify the supported platform of set_reuseport() and reuseport() (#7628)

... (truncated)

Commits

• 556820f chore: prepare Tokio v1.48.0 (#7677)
• fd1659a chore: prepare tokio-macros v2.6.0 (#7676)
• 53e8aca ci: update nightly version to 2025-10-12 (#7670)
• 9e5527d process: fix error when runtime is shut down on nightly-2025-10-12 (#7672)
• 25a24de net: remove PollEvented noise from Debug formats (#7675)
• c1fa25f task: clarify the behavior of several spawn_local methods (#7669)
• e7e02fc fs: use FileOptions inside fs::File to support uring (#7617)
• f7a7f62 ci: remove cargo-deny Unicode-DFS-2016 license exception config (#7619)
• d1f1499 tokio: use cargo feature for taskdump support instead of cfg (#7655)
• ad6f618 runtime: clarify the behavior of Handle::block_on (#7665)
• Additional commits viewable in compare view

Updates hyper-util from 0.1.17 to 0.1.18

Release notes

Sourced from hyper-util's releases.

v0.1.18

Highlights

• Fix rt::TokioTimer to support Tokio's paused time.
• Fix client::proxy::match::Matcher to parse auth without passwords.

What's Changed

• chore(ci): add a github actions workflow to preview rustdocs of a PR by @​seanmonstar in hyperium/hyper-util#229
• chore(ci): fix rustdoc preview job by @​seanmonstar in hyperium/hyper-util#231
• chore(ci): fix rustdoc preview workflow typo by @​seanmonstar in hyperium/hyper-util#232
• docs: replace auto_doc_cfg by @​seanmonstar in hyperium/hyper-util#237
• perf(client): avoid redundant memory copies of Host header by @​0x676e67 in hyperium/hyper-util#235
• chore: bump windows-registry to 0.6 by @​Vaiz in hyperium/hyper-util#236
• fix: fix msrv on windows and macos target by @​tottoto in hyperium/hyper-util#239
• chore(ci): update to actions/checkout@v5 by @​tottoto in hyperium/hyper-util#240
• fix: allow proxy env URIs without password by @​karanabe in hyperium/hyper-util#241
• fix: support fake time by @​arielb1 in hyperium/hyper-util#238

New Contributors

• @​Vaiz made their first contribution in hyperium/hyper-util#236
• @​karanabe made their first contribution in hyperium/hyper-util#241
• @​arielb1 made their first contribution in hyperium/hyper-util#238

Thanks

• @​tottoto
• @​seanmonstar

Full Changelog: hyperium/hyper-util@v0.1.17...v0.1.18

Changelog

Sourced from hyper-util's changelog.

0.1.18 (2025-11-13)

• Fix rt::TokioTimer to support Tokio's paused time.
• Fix client::proxy::match::Matcher to parse auth without passwords.

Commits

• 203c956 v0.1.18
• d91ea8e fix(rt): support fake time in legacy client and TokioTimer (#238)
• dde14d3 fix(client): Proxy Matcher to handle proxy auth without password (#241)
• b9dc3d2 chore(ci): update to actions/checkout@v5 (#240)
• d4f5706 ci: fix msrv on windows and macos target (#239)
• 3c8dbe4 chore: bump windows-registry to 0.6 (#236)
• 72bbd22 perf(client): avoid redundant memory copies of Host header (#235)
• 1c8f7c6 docs: replace auto_doc_cfg (#237)
• 66afc93 chore(ci): use auto pr ref in rustdoc-preview workflow
• faf5ca2 chore(ci): fix rustdoc preview workflow typo (#232)
• Additional commits viewable in compare view

Updates bytes from 1.10.1 to 1.11.0

Release notes

Sourced from bytes's releases.

Bytes v1.11.0

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Changelog

Sourced from bytes's changelog.

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Commits

• a7952fb chore: prepare bytes v1.11.0 (#804)
• 60cbb77 fix: BytesMut only reuse if src has remaining (#803)
• 7ce330f Move drop_fn of from_owner into vtable (#801)
• 4b53a29 Tweak BytesMut::remaining_mut (#795)
• 016fdbd Reserve capacity in BytesMut::put (#794)
• ef7f257 Specialize BytesMut::put::<Bytes> (#793)
• 8b4f54d Ignore BytesMut::freeze doctest on wasm (#790)
• 16132ad Fix latest clippy warnings (#787)
• 3e44f88 Bump MSRV to 1.57 (#788)
• f29e939 Add some tests for Limit, BytesMut and Reader (#785)
• Additional commits viewable in compare view

Updates serde from 1.0.226 to 1.0.228

Release notes

Sourced from serde's releases.

v1.0.228

• Allow building documentation with RUSTDOCFLAGS='--cfg=docsrs' set for the whole dependency graph (#2995)

v1.0.227

• Documentation improvements (#2991)

Commits

• a866b33 Release 1.0.228
• 5adc9e8 Merge pull request #2995 from dtolnay/rustdocflags
• ab58178 Workaround for RUSTDOCFLAGS='--cfg=docsrs'
• 415d9fc Release 1.0.227
• 7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc
• 9d3410e Merge pull request #2992 from dtolnay/inplaceseed
• 2fb6748 Remove InPlaceSeed public re-export
• f8137c7 Inline serde_core into serde in docsrs mode
• b7dbf7e Merge pull request #2990 from dtolnay/integer128
• 7c83691 No longer macro_use integer128 module
• Additional commits viewable in compare view

Updates serde_derive from 1.0.226 to 1.0.228

Release notes

Sourced from serde_derive's releases.

v1.0.228

• Allow building documentation with RUSTDOCFLAGS='--cfg=docsrs' set for the whole dependency graph (#2995)

v1.0.227

• Documentation improvements (#2991)

Commits

• a866b33 Release 1.0.228
• 5adc9e8 Merge pull request #2995 from dtolnay/rustdocflags
• ab58178 Workaround for RUSTDOCFLAGS='--cfg=docsrs'
• 415d9fc Release 1.0.227
• 7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc
• 9d3410e Merge pull request #2992 from dtolnay/inplaceseed
• 2fb6748 Remove InPlaceSeed public re-export
• f8137c7 Inline serde_core into serde in docsrs mode
• b7dbf7e Merge pull request #2990 from dtolnay/integer128
• 7c83691 No longer macro_use integer128 module
• Additional commits viewable in compare view

Updates aws-config from 1.8.6 to 1.8.7

Commits

• See full diff in compare view

Updates aws-sdk-secretsmanager from 1.88.0 to 1.89.0

Commits

• See full diff in compare view

Updates aws-sdk-sts from 1.86.0 to 1.87.0

Commits

• See full diff in compare view

Updates aws-smithy-types from 1.3.2 to 1.3.4

Commits

• See full diff in compare view

Updates serde_with from 3.14.1 to 3.16.0

Release notes

Sourced from serde_with's releases.

serde_with v3.16.0

Added

• Added support for smallvec v1 under the smallvec_1 feature flag by @​isharma228 (#895)
• Add JsonSchemaAs implementation for json::JsonString by @​yogevm15 (#901)

serde_with v3.15.1

Fixed

• Fix building of the documentation by updating references to use serde_core.

serde_with v3.15.0

Added

• Added error inspection to VecSkipError and MapSkipError by @​michelhe (#878) This allows interacting with the previously hidden error, for example for logging. Checkout the newly added example to both types.

• Allow documenting the types generated by serde_conv!. The serde_conv! macro now acceps outer attributes before the optional visibility modifier. This allow adding doc comments in the shape of #[doc = "..."] or any other attributes, such as lint modifiers.

  serde_conv!(
      #[doc = "Serialize bools as string"]
      #[allow(dead_code)]
      pub BoolAsString,
      bool,
      |x: &bool| ::std::string::ToString::to_string(x),
      |x: ::std::string::String| x.parse()
  );

• Add support for hashbrown v0.16 (#877)

  This extends the existing support for hashbrown v0.14 and v0.15 to the newly released version.

Changed

• Bump MSRV to 1.76, since that is required for toml dev-dependency.

Commits

• 066b9d4 Bump version to 3.16.0 (#903)
• 961a0b9 Bump version to 3.16.0
• ac1f5d0 Add support for smallvec v1 (#895)
• c83c4fc Sort the crate features and remove alloc feature
• af734ff Add support for smallvec v1
• ec0ffa3 Add JsonSchemaAs implementation for json::JsonString (#901)
• b0c119c Add JsonSchemaAs implementation for json::JsonString
• d5ccc10 Bump version to v3.15.1 (#898)
• 341fbc1 Bump version to v3.15.1
• 18ca8f2 Update the documentation to refer to serde_core instead of serde (#897)
• Additional commits viewable in compare view

Updates thiserror from 2.0.16 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

• Use differently named __private module per patch release (#434)

Commits

• 72ae716 Release 2.0.17
• 599fdce Merge pull request #434 from dtolnay/private
• 9ec05f6 Use differently named __private module per patch release
• d2c492b Raise minimum tested compiler to rust 1.76
• fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
• 819fe29 Update ui test suite to nightly-2025-09-12
• 259f48c Enforce trybuild >= 1.0.108
• 470e6a6 Update ui test suite to nightly-2025-08-24
• 544e191 Update actions/checkout@v4 -> v5
• cbc1eba Delete duplicate cap-lints flag from build script
• See full diff in compare view

Updates rustls from 0.23.32 to 0.23.35

Commits

• 7768cd2 Bump version to 0.23.35
• 6ed925e Address nightly clippy::derivable_impls lints
• 645095f Pass through attributes for enum_builder!
• 90e28d6 fix: only add ocsp in ConfigBuilder::with_single_cert_with_ocsp if
• 4cee226 Cargo: rustls v0.23.33 -> v0.23.34
• 278391e Remove use of doc_auto_cfg
• 31ca6af Avoid use of docsrs cfg
• b4597ca Prepare 0.23.33
• 667a71d Reset KeyUpdate counter on AppData
• 48b2fd9 Support encryption for QUIC multipath
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.88%. Comparing base (8554c56) to head (ebd15ea).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #149   +/-   ##
=======================================
  Coverage   91.88%   91.88%           
=======================================
  Files          14       14           
  Lines        2404     2404           
  Branches     2404     2404           
=======================================
  Hits         2209     2209           
  Misses        147      147           
  Partials       48       48           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.