chore(deps): bump the patch-updates group across 1 directory with 8 updates

[dependabot]

Bumps the patch-updates group with 8 updates in the / directory:

Package	From	To
axum	0.8.8	0.8.9
tower-http	0.6.8	0.6.10
uuid	1.23.0	1.23.1
jiff	0.2.23	0.2.24
rustls	0.23.38	0.23.40
mdns-sd	0.19.0	0.19.1
clap	4.6.0	4.6.1
quick-xml	0.39.2	0.39.4

Updates axum from 0.8.8 to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

• added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
• changed: Update minimum rust version to 1.80 (#3620)
• fixed: Set connect endpoint on correct field in MethodRouter (#3656)
• fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

Commits

• c59208c revert axum-core changelog changes
• 99068f5 Revert "Fix IntoResponse for tuples overriding error response codes (#3603)"
• 23d7098 Revert "axum-core 0.5.6"
• e8a39ad axum-macros 0.5.1
• 6e9a249 axum-extra 0.12.6
• 0ec9041 axum 0.8.9
• c3fcebb axum-core 0.5.6
• a8790fc update release notes
• 26ba7bb docs: consolidate state management docs in crate root (#3683)
• 9fc59ef Update to tokio-tungstenite 0.29 (#3689)
• Additional commits viewable in compare view

Updates tower-http from 0.6.8 to 0.6.10

Release notes

Sourced from tower-http's releases.

tower-http-0.6.10

Added

• follow-redirect: expose Attempt::method() and Attempt::previous_method() so redirect policies can react to method changes across redirects (e.g. POST to GET on 301/303) (#559)

Fixed

• Restore tokio and async-compression as no-op features. These will be removed next breaking release (#667)

#559: tower-rs/tower-http#559 #667: tower-rs/tower-http#667

What's Changed

• fix: restore tokio and async-compression as no-op features by @​jlizen in tower-rs/tower-http#667
• fix gate-ing of atomic64 in tests by @​alexanderkjall in tower-rs/tower-http#607
• follow_redirect: expose previous and next request methods by @​lucab in tower-rs/tower-http#559
• chore: release tower-http 0.6.10 by @​jlizen in tower-rs/tower-http#669

New Contributors

• @​lucab made their first contribution in tower-rs/tower-http#559

Full Changelog: tower-rs/tower-http@tower-http-0.6.9...tower-http-0.6.10

tower-http-0.6.9

Added:

• on-early-drop: middleware that detects when a response future or response body is dropped before completion (#636)

  Two events get hooks: the response future being dropped before the inner service produces a response, and the response body being dropped before reaching end-of-stream.

  Install custom callbacks with OnEarlyDropLayer::builder():

  use http::Request;
  use tower_http::on_early_drop::{OnBodyDropFn, OnEarlyDropLayer};
  let layer = OnEarlyDropLayer::builder()
  .on_future_drop(|req: &Request<()>| {
  let uri = req.uri().clone();
  move || eprintln!("future dropped for {}", uri)
  })
  .on_body_drop(OnBodyDropFn::new(|req: &Request<()>| {

... (truncated)

Commits

• 4532fc2 v0.6.10
• 8508cb2 follow_redirect: expose previous and next request methods (#559)
• 890f66a fix gate-ing of atomic64 in tests (#607)
• 578c2b2 fix: restore tokio and async-compression as no-op features (#667)
• eab7cbf v0.6.9
• 9c64770 feat(on-early-drop): Add middleware for client early drop detection (#636)
• 67786ff ci: Remove unnecessary protoc setup (#665)
• e442e2b examples: Use axum::body::to_bytes (#650)
• 218fe6b Make AsyncReadBody::with_capacity public (#415)
• ffd4d7c trace: adds back call to classify_eos on trailers (#483)
• Additional commits viewable in compare view

Updates uuid from 1.23.0 to 1.23.1

Release notes

Sourced from uuid's releases.

v1.23.1

What's Changed

• Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
• fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
• Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

• @​guybedford made their first contribution in uuid-rs/uuid#877
• @​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

Commits

• ca0c85f Merge pull request #879 from uuid-rs/cargo/v1.23.1
• b4db015 prepare for 1.23.1 release
• 771069d Merge pull request #878 from aznashwan/fix-from-gregorian-deprecation-note
• 80994a2 fix: Timestamp::from_gregorian deprecation note
• 90c5be8 Merge pull request #877 from guybedford/remove-wasm-bindgen-msrv
• 8b8c4f4 Remove deprecated feature from wasm-bindgen dependency
• See full diff in compare view

Updates jiff from 0.2.23 to 0.2.24

Changelog

Sourced from jiff's changelog.

0.2.24 (2026-04-23)

This release primarily adds a new memory_usage routine for reporting heap allocation sizes for the TimeZone and Zoned types. This release also acknowledges and updates the timeline expectations for a Jiff 1.0 release in README.md.

Enhancements:

• #520: Add memory_usage to the TimeZone and Zoned types.
• #535: Improve comment in Span::checked_add example.

Bug fixes:

• #541: Update Jiff 1.0 timeline.

Commits

• 2cc55b2 0.2.24
• c6542f1 changelog: 0.2.24
• ec3c2ec api: add TimeZone::memory_usage and Zoned::memory_usage
• bc752b6 docs: improve comment in Span::checked_add example
• f6c8a55 readme: update 1.0 timeline
• 97314c1 docs: fix typo
• bad71d8 docs: typo
• See full diff in compare view

Updates rustls from 0.23.38 to 0.23.40

Commits

• b44c09f Prepare 0.23.40
• e7a555f Prefer Ord::max to core::cmp
• c0005be ech: base inner name padding on actual extension
• 4e49529 ech: test inner name padding
• 3e06ef1 ech: add both name and "gross" padding
• c574ffd ech: avoid short-lived allocation for padding
• 8bf935c ech: pop comment from match arm
• 9088004 ech: expand maximum_name_length to usize ASAP
• a612901 Default require_ems based on CryptoProvider FIPS status
• 0541605 Cargo: version 0.23.38 -> 0.23.39
• Additional commits viewable in compare view

Updates mdns-sd from 0.19.0 to 0.19.1

Release notes

Sourced from mdns-sd's releases.

v0.19.1

Version 0.19.1 (2026-04-19)

This is a bugfix release.

Bug fixes

• When responding to a query, pick a source IP that matches the querier's subnet, so responses are reachable on multi-homed hosts. (#460, commit d210372)
• Validate TXT property length in the ServiceInfo constructor, catching oversized properties at registration time instead of at send time. (#458, commit cc81eec)

What's Changed

• fix: check TXT property length in ServiceInfo constructor by @​keepsimple1 in keepsimple1/mdns-sd#458
• fix: use a source IP matching the querier's subnet when responding by @​keepsimple1 in keepsimple1/mdns-sd#460
• prepare for release 0.19.1 by @​keepsimple1 in keepsimple1/mdns-sd#461

Full Changelog: keepsimple1/mdns-sd@v0.19.0...v0.19.1

Changelog

Sourced from mdns-sd's changelog.

Version 0.19.1 (2026-04-19)

This is a bugfix release.

Bug fixes

• When responding to a query, pick a source IP that matches the querier's subnet, so responses are reachable on multi-homed hosts. (#460, commit d210372)
• Validate TXT property length in the ServiceInfo constructor, catching oversized properties at registration time instead of at send time. (#458, commit cc81eec)

All changes

• d210372 2026-04-18 fix: use a source IP matching the querier's subnet when responding (#460) (keepsimple1)
• cc81eec 2026-04-12 fix: check TXT property length in ServiceInfo constructor (#458) (keepsimple1)

Commits

• 0222c89 prepare for release 0.19.1 (#461)
• d210372 fix: use a source IP matching the querier's subnet when responding (#460)
• cc81eec fix: check TXT property length in ServiceInfo constructor (#458)
• See full diff in compare view

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates quick-xml from 0.39.2 to 0.39.4

Release notes

Sourced from quick-xml's releases.

v0.39.4 - Fix another panics when parse malformed DTD

Bug Fixes

• #957: Fix slice-index panic when reading malformed DTD whose unknown markup is split across BufReader chunks. As with #950, the returned Event::DocType may contain the malformed DTD; this fix only ensures that the parser does not panic.
• #960: Fix sibling slice-index panic when a single chunk delivers < followed by 9+ bytes of unknown markup inside a DTD internal subset. Same disposition as #957 / #950: parser must not panic; DTD validity reporting is a future improvement.

#950: tafia/quick-xml#950 #957: tafia/quick-xml#957 #960: tafia/quick-xml#960

Full Changelog: tafia/quick-xml@v0.39.3...v0.39.4

v0.39.3 - Fix panic when parse malformed DTD

Bug Fixes

• #950: Fix subtraction with overflow when parse malformed DTD in some cases. Note, that currently we do not check the validity of DTD, so the returned Event::DocType may contain the malformed DTD.

Full Changelog: tafia/quick-xml@v0.39.2...v0.39.3

Changelog

Sourced from quick-xml's changelog.

0.39.4 -- 2026-05-08

Bug Fixes

• #957: Fix slice-index panic when reading malformed DTD whose unknown markup is split across BufReader chunks. As with #950, the returned Event::DocType may contain the malformed DTD; this fix only ensures that the parser does not panic.
• #960: Fix sibling slice-index panic when a single chunk delivers < followed by 9+ bytes of unknown markup inside a DTD internal subset. Same disposition as #957 / #950: parser must not panic; DTD validity reporting is a future improvement.

#950: tafia/quick-xml#950 #957: tafia/quick-xml#957 #960: tafia/quick-xml#960

0.39.3 -- 2026-05-04

Bug Fixes

• #950: Fix subtraction with overflow when parse malformed DTD in some cases. Note, that currently we do not check the validity of DTD, so the returned Event::DocType may contain the malformed DTD.

#950: tafia/quick-xml#950

Commits

• f72e8b3 Release 0.39.4
• b8b3bbe Fix slice-index panic in DtdParser on long single-chunk unknown markup (#960)
• fd5b908 Fix slice-index panic in DtdParser on chunked unknown markup (#957)
• e156b0b Release 0.39.3
• fa0f8c8 Update xml5ever & markup5even: 0.37 -> 0.38; rxml: 0.13 -> 0.14
• 9ebd88d Add some explanation comments and fix misprints
• b3800c8 Fix subtraction with overflow
• 93865dc Add regression test for #950 - err
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.