chore(deps): bump the cargo-deps group across 1 directory with 23 updates

[dependabot]

Bumps the cargo-deps group with 23 updates in the /src-tauri directory:

Package	From	To
dirs	5.0.1	6.0.0
toml	0.8.23	0.9.12+spec-1.1.0
toml_edit	0.22.27	0.25.4+spec-1.1.0
brotli	7.0.0	8.0.2
tokio	1.50.0	1.51.0
axum	0.7.9	0.8.8
tower	0.4.13	0.5.3
tower-http	0.5.2	0.6.8
hyper	1.8.1	1.9.0
webpki-roots	0.26.11	1.0.6
rquickjs	0.8.1	0.11.0
zip	2.4.2	4.6.1
auto-launch	0.5.0	0.6.0
once_cell	1.21.3	1.21.4
rusqlite	0.31.0	0.39.0
indexmap	2.13.0	2.13.1
rust_decimal	1.40.0	1.41.0
uuid	1.22.0	1.23.0
sha2	0.10.9	0.11.0
json5	0.4.1	1.3.1
winreg	0.52.0	0.55.0
objc2	0.5.2	0.6.4
objc2-app-kit	0.2.2	0.3.2

Updates dirs from 5.0.1 to 6.0.0

Commits

• See full diff in compare view

Updates toml from 0.8.23 to 0.9.12+spec-1.1.0

Commits

• a26defd chore: Release
• 6c45f8e docs: Update changelog
• e3c7aa7 chore: Release
• 2dabe11 docs: Update changelog
• fb98198 fix(parser): Don't panic on bad hex characters (#1097)
• 85761c4 fix(parser): Avoid panic
• 5edb477 fix(parser): Don't panic on bad hex characters
• cac04af test(parser): Show another assert case
• d96417a fix(parser): Consistently assume spaces mean strings
• 88b657f test(parser): Show assert case
• Additional commits viewable in compare view

Updates toml_edit from 0.22.27 to 0.25.4+spec-1.1.0

Commits

• 64c9e65 chore: Release
• 8328135 docs: Update changelog
• 2f8c907 fix(parser): Error on table extension case (#1116)
• 643e7ff fix(parser): Make inline tables like document (#1115)
• 7165463 fix(parser): Add append error traces
• ea951a2 fix(parser): Make inline tables like document
• d4a12e3 refactor(parser): Align between document/inline-table
• c8e183e fix(parser): Error on table extension case
• 73e5623 test(parse): Add cases for bad appends
• 996aedc chore(deps): Update pre-commit hook crate-ci/typos to v1.44.0 (#1110)
• Additional commits viewable in compare view

Updates brotli from 7.0.0 to 8.0.2

Commits

• 769efcb Bump version to 8.0.2
• 7596139 Merge pull request #230 from nhan-calif/master
• 2420e5f Fix memory leak in BrotliEncoderDestroyInstance ffi-api
• a017e2d upgrading to 8.0.1 for ffi
• c7649be Merge pull request #225 from Brooooooklyn/master
• 35a2d78 Fix ffi-api compile
• 8483d51 bump version to indicate lz77 compat change
• b07e202 Remove exe permissions
• c159bdd update readme
• 27968a5 remove deprecated features; reactivate nostd
• Additional commits viewable in compare view

Updates tokio from 1.50.0 to 1.51.0

Release notes

Sourced from tokio's releases.

Tokio v1.51.0

1.51.0 (April 3rd, 2026)

Added

• net: implement get_peer_cred on Hurd (#7989)
• runtime: add tokio::runtime::worker_index() (#7921)
• runtime: add runtime name (#7924)
• runtime: stabilize LocalRuntime (#7557)
• wasm: add wasm32-wasip2 networking support (#7933)

Changed

• runtime: steal tasks from the LIFO slot (#7431)

Fixed

• docs: do not show "Available on non-loom only." doc label (#7977)
• macros: improve overall macro hygiene (#7997)
• sync: fix notify_waiters priority in Notify (#7996)
• sync: fix panic in Chan::recv_many when called with non-empty vector on closed channel (#7991)

#7431: tokio-rs/tokio#7431 #7557: tokio-rs/tokio#7557 #7921: tokio-rs/tokio#7921 #7924: tokio-rs/tokio#7924 #7933: tokio-rs/tokio#7933 #7977: tokio-rs/tokio#7977 #7989: tokio-rs/tokio#7989 #7991: tokio-rs/tokio#7991 #7996: tokio-rs/tokio#7996 #7997: tokio-rs/tokio#7997

Commits

• 0af06b7 chore: prepare Tokio v1.51.0 (#8005)
• 01a7f1d chore: prepare tokio-macros v2.7.0 (#8004)
• eeb55c7 runtime: steal tasks from the LIFO slot (#7431)
• 1fc450a runtime: stabilize LocalRuntime (#7557)
• 324218f Merge tag 'tokio-1.47.4' (#8003)
• aa65d0d chore: prepare Tokio v1.47.4 (#8002)
• bf18ed4 sync: fix panic in Chan::recv_many when called with non-empty vector on clo...
• 43134f1 wasm: add wasm32-wasip2 networking support (#7933)
• b4c3246 macros: improve overall macro hygiene (#7997)
• 7947fa4 rt: add runtime name (#7924)
• Additional commits viewable in compare view

Updates axum from 0.7.9 to 0.8.8

Release notes

Sourced from axum's releases.

axum v0.8.8

• Clarify documentation for Router::route_layer (#3567)

#3567: tokio-rs/axum#3567

axum v0.8.7

• Relax implicit Send / Sync bounds on RouterAsService, RouterIntoService (#3555)
• Make it easier to visually scan for default features (#3550)
• Fix some documentation typos

#3550: tokio-rs/axum#3550 #3555: tokio-rs/axum#3555

axum v0.8.5

• fixed: Reject JSON request bodies with trailing characters after the JSON document (#3453)
• added: Implement OptionalFromRequest for Multipart (#3220)
• added: Getter methods Location::{status_code, location}
• added: Support for writing arbitrary binary data into server-sent events (#3425)]
• added: middleware::ResponseAxumBodyLayer for mapping response body to axum::body::Body (#3469)
• added: impl FusedStream for WebSocket (#3443)
• changed: The sse module and Sse type no longer depend on the tokio feature (#3154)
• changed: If the location given to one of Redirects constructors is not a valid header value, instead of panicking on construction, the IntoResponse impl now returns an HTTP 500, just like Json does when serialization fails (#3377)
• changed: Update minimum rust version to 1.78 (#3412)

#3154: tokio-rs/axum#3154 #3220: tokio-rs/axum#3220 #3377: tokio-rs/axum#3377 #3412: tokio-rs/axum#3412 #3425: tokio-rs/axum#3425 #3443: tokio-rs/axum#3443 #3453: tokio-rs/axum#3453 #3469: tokio-rs/axum#3469

axum v0.8.4

• added: Router::reset_fallback (#3320)
• added: WebSocketUpgrade::selected_protocol (#3248)
• fixed: Panic location for overlapping method routes (#3319)
• fixed: Don't leak a tokio task when using serve without graceful shutdown (#3129)

#3319: tokio-rs/axum#3319 #3320: tokio-rs/axum#3320 #3248: tokio-rs/axum#3248 #3129: tokio-rs/axum#3129

axum v0.8.3

• added: Implement From<Bytes> for Message (#3273)
• added: Implement OptionalFromRequest for Json (#3142)
• added: Implement OptionalFromRequest for Extension (#3157)
• added: Allow setting the read buffer capacity of WebSocketUpgrade (#3178)

... (truncated)

Commits

• d07863f Release axum v0.8.8 and axum-extra v0.12.3
• 287c674 axum-extra: Make typed-routing feature enable routing feature (#3514)
• f5804aa SecondElementIs: Correct a small inconsistency (#3559)
• f51f3ba axum-extra: Add trailing newline to pretty JSON response (#3526)
• 816407a Fix integer underflow in try_range_response for empty files (#3566)
• 78656eb docs: Clarify route_layer does not apply middleware to the fallback handler...
• 4404f27 Release axum v0.8.7 and axum-extra v0.12.2
• 8f1545a Fix typo in extractors guide (#3554)
• 4fc3faa Relax implicit Send / Sync bounds (#3555)
• a05920c Make it easier to visually scan for default features (#3550)
• Additional commits viewable in compare view

Updates tower from 0.4.13 to 0.5.3

Release notes

Sourced from tower's releases.

tower 0.5.3

Added

• builder: Add ServiceBuilder::boxed_clone_sync() helper (#804)

Fixed

• retry: Check that supplied jitter is not NaN (#843)

#804: tower-rs/tower#804 #843: tower-rs/tower#843

tower 0.5.2

Added

• util: Add BoxCloneSyncService which is a Clone + Send + Sync boxed Service (#777)
• util: Add BoxCloneSyncServiceLayer which is a Clone + Send + Sync boxed Layer (#802)

tower 0.5.1

• Fix minimum version of tower-layer dependency (#787)

#787: tower-rs/tower#787

tower 0.5.0

Fixed

• util: BoxService is now Sync (#702)

Changed

• util: Removed deprecated ServiceExt::ready_and method and ReadyAnd future (#652)
• retry: Breaking Change retry::Policy::retry now accepts &mut Req and &mut Res instead of the previous mutable versions. This increases the flexibility of the retry policy. To update, update your method signature to include mut for both parameters. (#584)
• retry: Breaking Change Change Policy to accept &mut self (#681)
• retry: Add generic backoff utilities (#685)
• retry: Add Budget trait. This allows end-users to implement their own budget and bucket implementations. (#703)
• reconnect: Breaking Change Remove unused generic parameter from Reconnect::new (#755)
• ready-cache: Allow iteration over ready services (#700)
• discover: Implement Clone for Change (#701)
• util: Add a BoxCloneServiceLayer (#708)
• rng: use a simpler random 2-sampler (#716)
• filter: Derive Clone for AsyncFilterLayer (#731)
• general: Update IndexMap (#741)
• MSRV: Increase MSRV to 1.63.0 (#741)

#702: tower-rs/tower#702 #652: tower-rs/tower#652 #584: tower-rs/tower#584 #681: tower-rs/tower#681

... (truncated)

Commits

• 4b0a6b0 tower v0.5.3
• 2c8524a tower v0.5.3
• 50fa4b6 ci: upgrade deny check to v2 (#847)
• 73febcd fix: Check that jitter is not NaN instead of finiteness (#843)
• 719ec03 chore: Disable unused futures feature (#838)
• 1992ebd chore(util): remove redundant ready! wrapping in poll implementations (#844)
• 21e01e9 docs: Resolve document warning (#841)
• d1b55be docs: Remove doc_auto_cfg config (#840)
• 9d876c0 ci: Update to actions/checkout v5 (#839)
• a1c277b docs: correct rng pre-requisite comment (#835)
• Additional commits viewable in compare view

Updates tower-http from 0.5.2 to 0.6.8

Release notes

Sourced from tower-http's releases.

tower-http-0.6.8

Fixed

• Disable multiple_members in Gzip decoder, since HTTP context only uses one member. (#621)

#621: tower-rs/tower-http#621

What's Changed

• Disable multiple_members option for gzip decoder by @​ducaale in tower-rs/tower-http#621
• ci: Pin tracing in MSRV job by @​ducaale in tower-rs/tower-http#622
• ci: Switch cargo-public-api-crates to cargo-check-external-types by @​tottoto in tower-rs/tower-http#613
• Remove deprecated annotations and Refactor From implementations by @​sinder38 in tower-rs/tower-http#608
• v0.6.8 by @​seanmonstar in tower-rs/tower-http#624

New Contributors

• @​sinder38 made their first contribution in tower-rs/tower-http#608

Full Changelog: tower-rs/tower-http@tower-http-0.6.7...tower-http-0.6.8

tower-http-0.6.7

Added

• TimeoutLayer::with_status_code(status) to define the status code returned when timeout is reached. (#599)

Deprecated

• auth::require_authorization is too basic for real-world. (#591)
• TimeoutLayer::new() should be replaced with TimeoutLayer::with_status_code(). (Previously was StatusCode::REQUEST_TIMEOUT) (#599)

Fixed

• on_eos is now called even for successful responses. (#580)
• ServeDir: call fallback when filename is invalid (#586)
• decompression will not fail when body is empty (#618)

#580: tower-rs/tower-http#580 #586: tower-rs/tower-http#586 #591: tower-rs/tower-http#591 #599: tower-rs/tower-http#599 #618: tower-rs/tower-http#618

New Contributors

• @​mladedav made their first contribution in tower-rs/tower-http#580
• @​aryaveersr made their first contribution in tower-rs/tower-http#586
• @​soerenmeier made their first contribution in tower-rs/tower-http#588

... (truncated)

Commits

• 33166c8 v0.6.8
• 6680160 Fix deprecated lints (#608)
• 81b8231 ci: Switch cargo-public-api-crates to cargo-check-external-types (#613)
• 1fb0144 ci: pin tracing in msrv job (#622)
• 1fe4c09 fix(decompression): disable multiple_members option for gzip decoder (#621)
• 3bf1ba7 v0.6.7
• 723ca9a fix(decompression): Suppress EOF errors caused by decompressing empty body (#...
• 8ab9f82 chore(ci): use newer cargo-public-api-crates job (#619)
• 7cfdf76 doc: Replace doc_auto_cfg with doc_cfg (#609)
• 50beeaf Add support for custom status code in TimeoutLayer (#599)
• Additional commits viewable in compare view

Updates hyper from 1.8.1 to 1.9.0

Release notes

Sourced from hyper's releases.

v1.9.0

Features

• client:
  • expose HTTP/2 current max stream count (#4026) (d51cb715)
  • add HTTP/2 max_local_error_reset_streams option (#4021) (57787459)
• error: add 'Error::is_parse_version_h2' method (393c77c7)
• http1: add UpgradeableConnection::into_parts (e21205cf)

Bug Fixes

• ffi: validate null pointers before dereferencing in request/response functions (#4038 (28e73ccd)
• http1:
  • allow keep-alive for chunked requests with trailers (#4043) (7211ec25, closes #4044)
  • use case-insensitive matching for trailer fields (#4011) (3b344cac, closes #4010)
  • use httparse config for Servers (#4002) (bcb8ec57, closes #3923)
• http2:
  • cancel sending client request body on response future drop (#4042) (5b17a69e, closes #4040)
  • non-utf8 char in Connection header may cause panic when calling to_str (#4019) (c36ca8a5)

Refactors and chores

• docs(error): add more information about is_incomplete_message by @​seanmonstar in hyperium/hyper#3978
• Run cargo-audit in CI to check for known vulnerabilities in dependencies. by @​f0rki in hyperium/hyper#3246
• refactor(http1): simplify match of Token parse error by @​seanmonstar in hyperium/hyper#3981
• refactor(http1): use saturating_sub instead of manual impl by @​seanmonstar in hyperium/hyper#3983
• refactor(http1): replace many args of Chunked::step with struct by @​seanmonstar in hyperium/hyper#3982
• docs: fix comment in put_slice() by @​coryan in hyperium/hyper#3986
• test(lib): fix unused warnings due to feature gating test imports by @​seanmonstar in hyperium/hyper#3997
• docs: improve Read trait and ReadBufCursor documentation by @​majiayu000 in hyperium/hyper#4000
• fix: use h1 parser config when parsing server req by @​0xPoe in hyperium/hyper#4002
• test(server): fix flaky disable_keep_alive_mid_request by @​seanmonstar in hyperium/hyper#4009
• chore(ci): update to actions/checkout@v6 by @​tottoto in hyperium/hyper#4005
• chore(ci): update to cargo-check-external-types 0.4.0 by @​tottoto in hyperium/hyper#4006
• update copyright year to 2026 by @​jasmyhigh in hyperium/hyper#4007
• refactor: avoid unwrap examples by @​0xPoe in hyperium/hyper#4001
• fix(http1): use case-insensitive matching for trailer fields by @​HueCodes in hyperium/hyper#4011
• chore: convert bug report template to GitHub form by @​njg7194 in hyperium/hyper#4015
• chore(ci): force toml mode in yq selecting msrv by @​seanmonstar in hyperium/hyper#4020
• fix: non-utf8 char may cause panic when calling to_str by @​cuiweixie in hyperium/hyper#4019
• feat(http2/client): add max_local_error_reset_streams option by @​ffuugoo in hyperium/hyper#4021
• chore: drop pin-utils dependency by @​tottoto in hyperium/hyper#4023
• [minor] doc: Fix HTTP/2 max concurrent stream link by @​dentiny in hyperium/hyper#4037
• fix(ffi): validate null pointers before dereferencing in request/resp… by @​DhruvaD1 in hyperium/hyper#4038
• h2: expose current max stream count by @​howardjohn in hyperium/hyper#4026
• fix(http1): allow keep-alive for chunked requests with trailers by @​wi-adam in hyperium/hyper#4043
• fix(http2): cancel pipe_task and send RST_STREAM on response future drop by @​mmishra100 in hyperium/hyper#4042
• Add APIs to allow switching an HTTP1 connection to HTTP2 if H2 preface is seen by @​pborzenkov in hyperium/hyper#3996

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.9.0 (2026-03-31)

Bug Fixes

• ffi: validate null pointers before dereferencing in request/response functions (#4038 (28e73ccd)
• http1:
  • allow keep-alive for chunked requests with trailers (#4043) (7211ec25, closes #4044)
  • use case-insensitive matching for trailer fields (#4011) (3b344cac, closes #4010)
  • use httparse config for Servers (#4002) (bcb8ec57, closes #3923)
• http2:
  • cancel sending client request body on response future drop (#4042) (5b17a69e, closes #4040)
  • non-utf8 char in Connection header may cause panic when calling to_str (#4019) (c36ca8a5)

Features

• client:
  • expose HTTP/2 current max stream count (#4026) (d51cb715)
  • add HTTP/2 max_local_error_reset_streams option (#4021) (57787459)
• error: add 'Error::is_parse_version_h2' method (393c77c7)
• http1: add UpgradeableConnection::into_parts (e21205cf)

Commits

• 0d6c7d5 v1.9.0
• e21205c feat(http1): add UpgradeableConnection::into_parts
• 393c77c feat(error): add 'Error::is_parse_version_h2' method
• 5b17a69 fix(http2): cancel sending client request body on response future drop (#4042)
• 7211ec2 fix(http1): allow keep-alive for chunked requests with trailers (#4043)
• d51cb71 feat(client): expose HTTP/2 current max stream count (#4026)
• 28e73cc fix(ffi): validate null pointers before dereferencing in request/response fun...
• e13e783 docs(client): fix HTTP/2 max concurrent stream link to spec (#4037)
• 8ba9008 chore(dependencies): drop pin-utils dependency (#4023)
• 5778745 feat(client): add HTTP/2 max_local_error_reset_streams option (#4021)
• Additional commits viewable in compare view

Updates webpki-roots from 0.26.11 to 1.0.6

Release notes

Sourced from webpki-roots's releases.

1.0.6

"e-Szigno TLS Root CA 2023" added, see https://bugzilla.mozilla.org/show_bug.cgi?id=1873057

What's Changed

• Update dependencies by @​djc in rustls/webpki-roots#111
• Trigger CI workflow on merge groups by @​djc in rustls/webpki-roots#113
• webpki-roots: 1.0.6 by @​ctz in rustls/webpki-roots#115

Full Changelog: rustls/webpki-roots@v/1.0.5...v/1.0.6

1.0.5

Removes the following trust anchors which have passed their distrust-after-last-issuance dates:

• Entrust Root Certification Authority - EC1
• Entrust Root Certification Authority - G2
• Entrust Root Certification Authority
• AffirmTrust Commercial
• AffirmTrust Networking
• AffirmTrust Premium
• AffirmTrust Premium ECC

What's Changed

• ccadb: add CertificateMetadata::test_website_revoked field by @​djc in rustls/webpki-roots#110
• webpki-root[s|-certs]: 1.0.4 -> 1.0.5 by @​cpu in rustls/webpki-roots#112

Full Changelog: rustls/webpki-roots@v/1.0.4...v/1.0.5

1.0.4

CommScope removal

https://bugzilla.mozilla.org/show_bug.cgi?id=1994866 tracks the voluntary removal of:

• CommScope Public Trust ECC Root-01
• CommScope Public Trust ECC Root-02
• CommScope Public Trust RSA Root-01
• CommScope Public Trust RSA Root-02

What's Changed

• 1.0.4: track removal of CommScope by @​ctz in rustls/webpki-roots#109

Full Changelog: rustls/webpki-roots@v/1.0.3...v/1.0.4

1.0.3

Addition of "OISTE Server Root RSA G1" & "OISTE Server Root ECC G1": https://bugzilla.mozilla.org/show_bug.cgi?id=1988913.

What's Changed

• 1.0.3: track October 2025 additions by @​ctz in rustls/webpki-roots#108

... (truncated)

Commits

• c97def9 webpki-roots: 1.0.6 (#115)
• d30d248 Trigger CI workflow on merge groups
• 2a4b845 Take semver-compatible dependency updates
• 17c2013 Bump webpki-ccadb version to 0.2.1
• 3883a16 Upgrade to x509-parser 0.18
• 6bfc62d Upgrade reqwest to 0.13
• a1f3433 webpki-root[s|-certs]: 1.0.4 -> 1.0.5
• 1daa071 ccadb: bump version to 0.2.0
• 194014d ccadb: add CertificateMetadata::test_website_revoked field
• 3807af8 ccadb: make CertificateMetadata non-exhaustive
• Additional commits viewable in compare view

Updates rquickjs from 0.8.1 to 0.11.0

Changelog

Sourced from rquickjs's changelog.

[0.11.0] - 2025-12-16

Added

• Added Proxy object ##570
• Allow setting filename as an eval option ##536
• Add Iterable allow JS to iterate over Rust iterator ##564
• Add JsIterator to iterate over Javascript Iterator ##564
• Add more trait implementations like AsRef for CString ##558

Changed

• Bump MSRV to 1.85 ##531
• Update quickjs-ng to #be664ca ##566

Fixed

• Fix wasm32 build #548

[0.10.0] - 2025-10-24

Added

• Allow rquickjs-core to build with no_std ##455
• Add PromiseHook bindings ##453
• Add Module::write options to enable features like JS_WRITE_OBJ_STRIP_SOURCE and JS_WRITE_OBJ_STRIP_DEBUG ##443 and ##518
• Allow building with sanitizer ##425
• Add set_host_promise_rejection_tracker to AsyncRuntime ##452
• Add linux arm64 support to sys crate ##445
• Implement Trace for Atom ##517
• Add disable-assertions feature to disable runtime assertions in quickjs ##535
• Add JS_TAG_SHORT_BIG_INT tag to support short BigInt ##458 and ##519

Changed

• Bump MSRV to 1.82 ##531
• Update to 2024 edition ##473
• Export DriveFuture ##491
• Switch to dlopen2 for native module loading ##513

Fixed

• Fix base objects intrinsic not being enabled in async context ##442
• Fix namespace resolution for JsLifetime in derive macro ##429
• Fix ownership of ctx pointers to be more ergonomic and fix cleanup bugs ##433
• Fix rename option in qjs attribute ##428
• Strip llvm suffix for *-pc-windows-gnullvm target ##506

[0.9.0] - 2025-01-29

... (truncated)

Commits

• c99675e Merge pull request #580 from DelSkayn/ef-bump
• dd7065e Merge branch 'master' into ef-bump
• f5b8884 Merge pull request #577 from DelSkayn/dependabot/github_actions/actions/downl...
• 42a1fae Merge pull request #582 from DelSkayn/dependabot/submodules/sys/quickjs-d405777
• d6e0bc9 Merge branch 'master' into ef-bump
• 435722c Bump sys/quickjs from fa9472d to d405777
• 111951b Merge pull request #579 from DelSkayn/dependabot/github_actions/actions/uploa...
• 2d9ecea Merge pull request #578 from DelSkayn/dependabot/github_actions/peter-evans/c...
• 6772e66 Bump version
• 7ef9dd4 Merge pull request #576 from DelSkayn/update-bindings
• Additional commits viewable in compare view

Updates zip from 2.4.2 to 4.6.1

Release notes

Sourced from zip's releases.

v4.6.1

🐛 Bug Fixes

• Fixes an issue introduced by the swap from lzma-rs to liblzma (#407)

v4.6.0

...

Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.