Bump the "backend" group with 1 update across multiple ecosystems

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the backend group with 13 updates:

Package	From	To
askama	0.15.4	0.15.6
aws-sdk-s3	1.125.0	1.126.0
cached	0.56.0	0.59.0
clap	4.5.60	4.6.0
gloo-console	0.3.0	0.4.0
gloo-net	0.6.0	0.7.0
md-5	0.10.6	0.11.0
rand	0.8.5	0.9.2
reqwest	0.12.28	0.13.2
reqwest-middleware	0.4.2	0.5.1
sha2	0.10.9	0.11.0
tracing-subscriber	0.3.22	0.3.23
which	8.0.0	8.0.2

Updates askama from 0.15.4 to 0.15.6

Release notes

Sourced from askama's releases.

v0.15.6

What's Changed

• Correctly handle non-ident item in block error by @​GuillaumeGomez in askama-rs/askama#717
• Remove unnecessary .clone() by @​jplatte in askama-rs/askama#716
• Remove unused lifetime parameter on SyntaxAndCache by @​jplatte in askama-rs/askama#714
• Upgrade winnow to 1.0 by @​jplatte in askama-rs/askama#715

Full Changelog: askama-rs/askama@v0.15.5...v0.15.6

v0.15.5

What's Changed

• parser: reject non-ASCII characters in byte literals by @​Kijewski in askama-rs/askama#694
• parser: reject syntaxes that could cause catastrophic backtracking by @​Kijewski in askama-rs/askama#695
• Fix jinja macro arguments handling by @​GuillaumeGomez in askama-rs/askama#709
• Fix build determinism and macro path management by @​GuillaumeGomez and @​cgundy in askama-rs/askama#710

Full Changelog: askama-rs/askama@v0.15.4...v0.15.5

Commits

• 4260d0d Merge pull request #719 from GuillaumeGomez/update-crate-version
• 1471702 Update crate version to 0.15.6
• fb6f3fb Merge pull request #718 from GuillaumeGomez/improve-ui-tests
• 4f36391 Merge pull request #717 from GuillaumeGomez/fix-non-ident-block
• 1b4350b Update trybuild version to 1.0.116 to enforce diagnostics width
• 2ad677c Correctly handle non-ident item in block error
• 5e12585 Merge pull request #714 from jplatte/jplatte/lt-refactor
• 0ebfd0f Merge pull request #716 from jplatte/jplatte/clippy
• 3c0f1b0 Merge pull request #715 from jplatte/jplatte/winnow1
• acc29f3 Remove unnecessary .clone()
• Additional commits viewable in compare view

Updates aws-sdk-s3 from 1.125.0 to 1.126.0

Commits

• See full diff in compare view

Updates cached from 0.56.0 to 0.59.0

Changelog

Sourced from cached's changelog.

[0.59.0 / [cached_proc_macro[0.27.0]]]

Added

Changed

• Fix examples/wasm build: add time_stores feature to the cached dependency (required when using default-features = false with TimedCache)

Removed

[0.58.0]

Added

• Add redis_async_cache feature for Redis client-side caching support via the RESP3 protocol

Changed

• Update redis to 1.0

Removed

[0.57.0 / [cached_proc_macro[0.26.0]]]

Added

• Add parking_lot dependency

Changed

• Switch to parking_lot's Mutex and RwLock in all macros.
• Remove unwrap() calls from lock operations.

Removed

Commits

• See full diff in compare view

Updates clap from 4.5.60 to 4.6.0

Changelog

Sourced from clap's changelog.

[4.6.0] - 2026-03-12

Compatibility

• Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

• Update dependencies

Commits

• 9ab6dee chore: Release
• 374a30d docs: Update changelog
• d0c8aab Merge pull request #6306 from epage/update
• 686ce2f chore: Upgrade compatible
• 8203238 Merge pull request #6305 from epage/msrv
• c774a89 docs: Reduce main's in doctests
• 73534f6 chore: Upgrade to 2025 edition
• dfe05a9 chore: Bump MSRV to 1.85
• 8b41d0b chore: Release
• 518220f docs: Update changelog
• Additional commits viewable in compare view

Updates gloo-console from 0.3.0 to 0.4.0

Release notes

Sourced from gloo-console's releases.

gloo-console 0.4.0

MSRV updated to 1.82

Changelog

Sourced from gloo-console's changelog.

Version 0.4.0

• Update MSRV to 1.82 (#505) by @​martinfrances107

Commits

• 0734551 chore: release gloo-console 0.4.0, gloo-dialogs 0.3.0, gloo-events 0.3.0, glo...
• e6280d4 chore: release gloo-utils 0.3.0
• cca8089 chore: release gloo-worker-macros 0.2.0 and gloo-worker 0.6.0
• a8af99c chore: update rust dependencies (#536)
• 0de5865 fix(net)!: remove EventSource Clone implementation (#417)
• d237796 feat(worker)!: Add option to spawn workers as a module (#421)
• ea698e6 fix: make JsError::try_from not panic (#488)
• 9fe4c08 fix(net): RequestBuilder::build creates a url with an extra ampersand (#497)
• 798b701 fix(net): Send ws binary message with Blob (#502)
• bc1010b chore: MSRV 1.82, dependency update, ci update, refactoring (#505)
• Additional commits viewable in compare view

Updates gloo-net from 0.6.0 to 0.7.0

Release notes

Sourced from gloo-net's releases.

gloo-net 0.7.0

MSRV updated to 1.82

Breaking

• Remove Clone implementation for EventSource (#417) by @​vpochapuis Cloning had a bug where dropping any clone would disconnect all instances.

New Features

• Add EventSourceBuilder for configuring EventSource with credentials (#530) by @​zn3x
• Add WebSocket::buffered_amount (#510) by @​vi
• Add PartialEq, Eq, Hash derives to CloseEvent (#504) by @​Alexi24601

Fixes

• Fix RequestBuilder::build producing a URL with an extra & (#497) by @​hmacias-avaya
• Fix WebSocket binary send panicking when SharedArrayBuffer is enabled (#502) by @​Fedeparma74

Maintenance

• Bump pin-project to 1.1 and http to 1.4 (#536) by @​Madoshakalaka

Changelog

Sourced from gloo-net's changelog.

Version 0.7.0

• Remove Clone implementation for EventSource (#417) by @​vpochapuis Cloning had a bug where dropping any clone would disconnect all instances.
• Add EventSourceBuilder for configuring EventSource with credentials (#530) by @​zn3x
• Add WebSocket::buffered_amount (#510) by @​vi
• Add PartialEq, Eq, Hash derives to CloseEvent (#504) by @​Alexi24601
• Fix RequestBuilder::build producing a URL with an extra & (#497) by @​hmacias-avaya
• Fix WebSocket binary send panicking when SharedArrayBuffer is enabled (#502) by @​Fedeparma74
• Update MSRV to 1.82 (#505) by @​martinfrances107
• Bump pin-project to 1.1 and http to 1.4 (#536) by @​Madoshakalaka

Commits

• d69fcff chore: release gloo-net 0.7.0
• 7a57df3 chore: release gloo-file 0.4.0
• 2685476 fix: correct gloo-history category slugs
• b1d5129 fix: correct gloo-storage category slugs
• 8316f33 fix: correct gloo-render category slugs
• 0734551 chore: release gloo-console 0.4.0, gloo-dialogs 0.3.0, gloo-events 0.3.0, glo...
• e6280d4 chore: release gloo-utils 0.3.0
• cca8089 chore: release gloo-worker-macros 0.2.0 and gloo-worker 0.6.0
• a8af99c chore: update rust dependencies (#536)
• 0de5865 fix(net)!: remove EventSource Clone implementation (#417)
• Additional commits viewable in compare view

Updates md-5 from 0.10.6 to 0.11.0

Commits

• b5051e5 Cut new releases (#812)
• 451c446 md5: replace force-soft crate feature with md5_backend configuration flag...
• 2f00175 Release sha1 v0.11.0 (#810)
• 07d370c sha1: refactor backends selection (#808)
• 7c7cb76 Fix md5 project link in README (#809)
• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• Additional commits viewable in compare view

Updates rand from 0.8.5 to 0.9.2

Changelog

Sourced from rand's changelog.

[0.9.2] - 2025-07-20

Deprecated

• Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

• Enable WeightedIndex<usize> (de)serialization (#1646)

[0.9.1] - 2025-04-17

Security and unsafe

• Revise "not a crypto library" policy again (#1565)
• Remove zerocopy dependency from rand (#1579)

Fixes

• Fix feature simd_support for recent nightly rust (#1586)

Changes

• Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#1623), reverting an undocumented change (#1382) to the previous release.

Additions

• Add rand::distr::Alphabetic distribution. (#1587)
• Re-export rand_core (#1604)

#1565: rust-random/rand#1565 #1579: rust-random/rand#1579 #1586: rust-random/rand#1586 #1587: rust-random/rand#1587 #1604: rust-random/rand#1604 #1623: rust-random/rand#1623 #1634: rust-random/rand#1634 #1646: rust-random/rand#1646

[0.9.0] - 2025-01-27

Security and unsafe

• Policy: "rand is not a crypto library" (#1514)
• Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
• Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

• Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
• Update to rand_core v0.9.0 (#1558)

Features

• Support std feature without getrandom or rand_chacha (#1354)
• Enable feature small_rng by default (#1455)
• Remove implicit feature rand_chacha; use std_rng instead. (#1473)
• Rename feature serde1 to serde (#1477)
• Rename feature getrandom to os_rng (#1537)

... (truncated)

Commits

• d3dd415 Prepare rand_core 0.9.2 (#1605)
• 99fabd2 Prepare rand_core 0.9.2
• c7fe1c4 rand: re-export rand_core (#1604)
• db2b1e0 rand: re-export rand_core
• ee1d96f rand_core: implement reborrow for UnwrapMut (#1595)
• e0eb2ee rand_core: implement reborrow for UnwrapMut
• 975f602 fixup clippy 1.85 warnings
• 775b05b Relax Sized requirements for blanket impls (#1593)
• ec6d5c0 Prepare rand_core v0.9.1 (#1591)
• 6a06056 rand_core: introduce an UnwrapMut wrapper (#1589)
• Additional commits viewable in compare view

Updates reqwest from 0.12.28 to 0.13.2

Release notes

Sourced from reqwest's releases.

v0.13.2

tl;dr

• Fix HTTP/2 and native-tls ALPN feature combinations.
• Fix HTTP/3 to send h3 ALPN.
• (wasm) fix RequestBuilder::json() from override previously set content-type.

What's Changed

• chore(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in seanmonstar/reqwest#2921
• Update readme for 0.13 by @​VojtaStanek in seanmonstar/reqwest#2926
• fix http2 feature is not enabled for "native-tls" by @​fox0 in seanmonstar/reqwest#2927
• chore(deps): remove unused webpki-roots and rustls-native-certs by @​seanmonstar in seanmonstar/reqwest#2932
• docs: native-tls-alpn has changed to native-tls-no-alpn by @​seanmonstar in seanmonstar/reqwest#2940
• Specify h3 alpn for http3 connector by @​passcod in seanmonstar/reqwest#2929
• update copyright year to 2026 by @​taozui472 in seanmonstar/reqwest#2943
• fix(json): custom content-type overidden by json method for wasm by @​Narendran-KT in seanmonstar/reqwest#2908
• chore: upgrade wasm-streams to v0.5 by @​xangelix in seanmonstar/reqwest#2958
• chore(ci): add windows and linux arm64 to ci by @​dennisameling in seanmonstar/reqwest#2960

New Contributors

• @​VojtaStanek made their first contribution in seanmonstar/reqwest#2926
• @​fox0 made their first contribution in seanmonstar/reqwest#2927
• @​passcod made their first contribution in seanmonstar/reqwest#2929
• @​taozui472 made their first contribution in seanmonstar/reqwest#2943
• @​Narendran-KT made their first contribution in seanmonstar/reqwest#2908
• @​xangelix made their first contribution in seanmonstar/reqwest#2958
• @​dennisameling made their first contribution in seanmonstar/reqwest#2960

Full Changelog: seanmonstar/reqwest@v0.13.1...v0.13.2

v0.13.1

What's Changed

• http3: depend on quinn/rustls-aws-lc-rs to avoid ring dependency by @​djc in seanmonstar/reqwest#2917
• fix rustls on android by @​seanmonstar in seanmonstar/reqwest#2918

Full Changelog: seanmonstar/reqwest@v0.13.0...v0.13.1

v0.13.0

Breaking changes

• rustls is now the default TLS backend, instead of native-tls.
• rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
• rustls-tls has been renamed to rustls.
• rustls roots features removed, rustls-platform-verifier is used by default.
  • To use different roots, call tls_certs_only(your_roots).
• native-tls now includes ALPN. To disable, use native-tls-no-alpn.
• query and form are now crate features, disabled by default.
• Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.2

• Fix HTTP/2 and native-tls ALPN feature combinations.
• Fix HTTP/3 to send h3 ALPN.
• (wasm) fix RequestBuilder::json() from override previously set content-type.

v0.13.1

• Fixes compiling with rustls on Android targets.

v0.13.0

• Breaking changes:
  • rustls is now the default TLS backend, instead of native-tls.
  • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
  • rustls-tls has been renamed to rustls.
  • rustls roots features removed, rustls-platform-verifier is used by default.
    • To use different roots, call tls_certs_only(your_roots).
  • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
  • query and form are now crate features, disabled by default.
  • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
• Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
  • For example, prefer tls_backend_rustls() over use_rustls_tls().

Commits

• ad83b63 v0.13.2
• c25f3db chore: Add Windows and Linux arm64 to CI (#2960)
• 761b89e chore: upgrade wasm-streams to v0.5 (#2958)
• fd2d507 fix(wasm): custom content-type overidden by json method for wasm (#2908)
• 23eb7d4 chore: update copyright year to 2026 (#2943)
• 10c31c2 fix(http3): specify h3 alpn for http3 connector (#2929)
• 8530ec3 docs: native-tls-alpn has changed to native-tls-no-alpn (#2940)
• 04a216f chore(deps): remove unused webpki-roots and rustls-native-certs (#2932)
• 406b59e fix http2 feature is not enabled for native-tls ALPN (#2927)
• 325a020 Update readme for 0.13 (#2926)
• Additional commits viewable in compare view

Updates reqwest-middleware from 0.4.2 to 0.5.1

Release notes

Sourced from reqwest-middleware's releases.

reqwest-middleware-v0.5.1

Other

• Set changelog version for last release (#268)

reqwest-middleware-v0.5.0

Added

• Deprecated fetch_mode_no_cors as it's been deprecated in reqwest.

Commits

• 0744f65 chore: release (#274)
• 33e6be9 feat!: support the opentelemetry 0.31 (#272)
• d3773bb ci: reduce debug-section size to get tests to run (#250)
• 7171e65 fix(reqwest-retry): drop instant by upgrading wasmtimer (#254)
• 1692cad Set changelog version for last release (#268)
• 397efc2 Update reqwest to 0.13 (#263)
• f572396 ci!: add release-plz support (#266)
• 1485f61 chore(release): reqwest-retry 0.8.0 (#258)
• 6d5b1d3 chore(deps)!: upgrade retry-policy to 0.5 (#257)
• 43d31fe Update thiserror to 2.0 (#240)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.22 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

• Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

Commits

• 54ede4d chore: prepare tracing-subscriber 0.3.23 (#3490)
• 37558d5 subscriber: allow ansi sanitization to be disabled (#3484)
• efc690f core: add missing const (#3449)
• 0c32367 core: Use const initializers instead of once_cell
• 9feb241 docs: add arcswap reload crate to related (#3442)
• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• See full diff in compare view

Updates which from 8.0.0 to 8.0.2

Release notes

Sourced from which's releases.

8.0.2

What's Changed

• Remove env_home dependency by @​madsmtm in harryfei/which-rs#118
• New windows impl by @​Xaeroxe in harryfei/which-rs#121
• Swap dependency on rustix for dependency on libc by @​Xaeroxe in harryfei/which-rs#122

New Contributors

• @​madsmtm made their first contribution in harryfei/which-rs#118

Full Changelog: harryfei/which-rs@8.0.1...8.0.2

8.0.1

What's Changed

• Update Readme by @​atouchet in harryfei/which-rs#115
• Empty path fix for Windows machines by @​Xaeroxe in harryfei/which-rs#117

New Contributors

• @​atouchet made their first contribution in harryfei/which-rs#115

Full Changelog: harryfei/which-rs@8.0.0...8.0.1

Changelog

Sourced from which's changelog.

8.0.2

• Dependency on home_env removed, the implementation found in rust 1.85.0 for a home directory has been fixed. Thanks, [@​madsmtm],(https://github.com/madsmtm) for this contribution to which!
• Dependency on winsafe removed, code for Windows API is now handwritten.
• Dependency on rustix removed, we now depend on libc directly to reduce compile times.

8.0.1

• Fix Windows bug reported in harryfei/which-rs#108

Commits

• 5bb3e82 update README MSRV
• aacc10e add changelog entry
• 7b0c544 Swap dependency on rustix for dependency on libc (#122)
• 189e99a New windows impl (#121)
• c48f04e clippy fixes
• 1fa32b7 bump msrv, bump version, add to changelog
• b0d6e74 Remove env_home dependency
• 2697220 chore: add release steps documentation
• 873554e add entry to CHANGELOG.md for 8.0.1
• d684aba bump version to 8.0.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions