build(deps): bump the cargo-dependencies group with 8 updates

[dependabot]

Bumps the cargo-dependencies group with 8 updates:

Package	From	To
anyhow	1.0.99	1.0.100
serde	1.0.219	1.0.228
thiserror	2.0.16	2.0.17
axum	0.8.4	0.8.6
axum-extra	0.10.1	0.10.3
tokio-rustls	0.26.2	0.26.4
rustls	0.23.31	0.23.32
rcgen	0.14.4	0.14.5

Updates anyhow from 1.0.99 to 1.0.100

Release notes

Sourced from anyhow's releases.

1.0.100

• Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)

Commits

• 18c2598 Release 1.0.100
• f271988 Merge pull request #426 from dtolnay/clippyfmt
• 52f2115 Mark macros with clippy::format_args
• da5fd9d Raise minimum tested compiler to rust 1.76
• 211e409 Opt in to generate-macro-expansion when building on docs.rs
• b48fc02 Enforce trybuild >= 1.0.108
• d5f59fb Update ui test suite to nightly-2025-09-07
• 238415d Update ui test suite to nightly-2025-08-24
• 3bab070 Update actions/checkout@v4 -> v5
• 4249254 Order cap-lints flag in the same order as thiserror build script
• See full diff in compare view

Updates serde from 1.0.219 to 1.0.228

Release notes

Sourced from serde's releases.

v1.0.228

• Allow building documentation with RUSTDOCFLAGS='--cfg=docsrs' set for the whole dependency graph (#2995)

v1.0.227

• Documentation improvements (#2991)

v1.0.226

• Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (#2935, thanks @​Mingun)

v1.0.225

• Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains its own deprecations (#2879, thanks @​rcrisanti)

v1.0.224

• Remove private types being suggested in rustc diagnostics (#2979)

v1.0.223

• Fix serde_core documentation links (#2978)

v1.0.222

• Make serialize_with attribute produce code that works if respanned to 2024 edition (#2950, thanks @​aytey)

v1.0.221

• Documentation improvements (#2973)
• Deprecate serde_if_integer128! macro (#2975)

v1.0.220

• Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: https://docs.rs/serde_core (#2608, thanks @​osiewicz)

Commits

• a866b33 Release 1.0.228
• 5adc9e8 Merge pull request #2995 from dtolnay/rustdocflags
• ab58178 Workaround for RUSTDOCFLAGS='--cfg=docsrs'
• 415d9fc Release 1.0.227
• 7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc
• 9d3410e Merge pull request #2992 from dtolnay/inplaceseed
• 2fb6748 Remove InPlaceSeed public re-export
• f8137c7 Inline serde_core into serde in docsrs mode
• b7dbf7e Merge pull request #2990 from dtolnay/integer128
• 7c83691 No longer macro_use integer128 module
• Additional commits viewable in compare view

Updates thiserror from 2.0.16 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

• Use differently named __private module per patch release (#434)

Commits

• 72ae716 Release 2.0.17
• 599fdce Merge pull request #434 from dtolnay/private
• 9ec05f6 Use differently named __private module per patch release
• d2c492b Raise minimum tested compiler to rust 1.76
• fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
• 819fe29 Update ui test suite to nightly-2025-09-12
• 259f48c Enforce trybuild >= 1.0.108
• 470e6a6 Update ui test suite to nightly-2025-08-24
• 544e191 Update actions/checkout@v4 -> v5
• cbc1eba Delete duplicate cap-lints flag from build script
• See full diff in compare view

Updates axum from 0.8.4 to 0.8.6

Release notes

Sourced from axum's releases.

axum v0.8.5

• fixed: Reject JSON request bodies with trailing characters after the JSON document (#3453)
• added: Implement OptionalFromRequest for Multipart (#3220)
• added: Getter methods Location::{status_code, location}
• added: Support for writing arbitrary binary data into server-sent events (#3425)]
• added: middleware::ResponseAxumBodyLayer for mapping response body to axum::body::Body (#3469)
• added: impl FusedStream for WebSocket (#3443)
• changed: The sse module and Sse type no longer depend on the tokio feature (#3154)
• changed: If the location given to one of Redirects constructors is not a valid header value, instead of panicking on construction, the IntoResponse impl now returns an HTTP 500, just like Json does when serialization fails (#3377)
• changed: Update minimum rust version to 1.78 (#3412)

#3154: tokio-rs/axum#3154 #3220: tokio-rs/axum#3220 #3377: tokio-rs/axum#3377 #3412: tokio-rs/axum#3412 #3425: tokio-rs/axum#3425 #3443: tokio-rs/axum#3443 #3453: tokio-rs/axum#3453 #3469: tokio-rs/axum#3469

Commits

• c1bb9c3 Release axum 0.8.6 and related crates
• 4a50581 Update changelogs
• 5c76cfd Remove usage of the doc_auto_cfg feature (#3505)
• c720f56 Release axum-core v0.5.4
• 0c96ead Remove unused rustversion dependency of axum-core (#3502)
• a1d22f6 Release axum 0.8.5 and related crates
• ad2fd5b Update changelogs
• a0692f9 Reject JSON bodies with trailing chars (#3453)
• ae80850 Update to cargo-deny api version 2 (#3475)
• 651cc1e Remove unused link def
• Additional commits viewable in compare view

Updates axum-extra from 0.10.1 to 0.10.3

Release notes

Sourced from axum-extra's releases.

axum-extra v0.10.2

• added: Implement OptionalFromRequest for Host (#3177)

#3177: tokio-rs/axum#3177

Commits

• c1bb9c3 Release axum 0.8.6 and related crates
• 4a50581 Update changelogs
• 5c76cfd Remove usage of the doc_auto_cfg feature (#3505)
• c720f56 Release axum-core v0.5.4
• 0c96ead Remove unused rustversion dependency of axum-core (#3502)
• a1d22f6 Release axum 0.8.5 and related crates
• ad2fd5b Update changelogs
• a0692f9 Reject JSON bodies with trailing chars (#3453)
• ae80850 Update to cargo-deny api version 2 (#3475)
• 651cc1e Remove unused link def
• Additional commits viewable in compare view

Updates tokio-rustls from 0.26.2 to 0.26.4

Release notes

Sourced from tokio-rustls's releases.

0.26.4

What's Changed

• Add TLS certificate compression features by @​manifest in rustls/tokio-rustls#130

0.26.3

What's Changed

• Clarify how to run the example server by @​sundresh in rustls/tokio-rustls#111
• fix: handshake does not fully flush writes by @​conradludgate in rustls/tokio-rustls#112
• feat: add alpn_protocols for TlsConnector::connect_with by @​yukiiiteru in rustls/tokio-rustls#116
• lib: derive Debug on StartHandshake by @​lucab in rustls/tokio-rustls#120
• server: allow splitting and reassembling a StartHandshake by @​lucab in rustls/tokio-rustls#127
• Make StartHandshake fields public by @​djc in rustls/tokio-rustls#128

Commits

• 0c14e14 Bump version to 0.26.4
• 9074308 Add TLS certificate compression features
• 7ee318d build(deps): bump seanmiddleditch/gha-setup-ninja from 4 to 6
• 6f740df build(deps): bump rcgen from 0.14.4 to 0.14.5
• dc01fcd build(deps): bump actions/checkout from 3 to 5
• fb76ce3 Add Dependabot configuration
• d5dfa08 Update semver-compatible dependencies
• d5bb23c Bump version to 0.26.3
• e0ddd89 Fix warning about potentially incomplete writes
• ba767ae Warn on clippy::use_self
• Additional commits viewable in compare view

Updates rustls from 0.23.31 to 0.23.32

Commits

• 6a188a7 Take semver-compatible updates
• 5abe33e Prepare 0.23.32
• d3c502e Improve compatibility of TLS1.2 with ECDSA+SHA512
• ef7063d take webpki 0.103.5
• 77a0148 ci-bench: RUSTSEC-2025-0057 fxhash -> rustc-hash
• 1492c95 Fix clippy::needless_borrows_for_generic_args
• e029d31 cargo-check-external-types: take updated nightly
• 2d03fa7 Remove test of async-std example
• 20f548a Withdraw use of async-std in example code
• 0cb4244 Track 1.89 lint changes
• Additional commits viewable in compare view

Updates rcgen from 0.14.4 to 0.14.5

Release notes

Sourced from rcgen's releases.

0.14.5

Implement SigningKey for &impl SigningKey to make Issuer more broadly useful.

What's Changed

• Forward signing and public key data through references by @​djc in rustls/rcgen#380

Commits

• 957a3d8 Bump rcgen version to 0.14.5
• befba1f Forward signing and public key data through references
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.