build(deps): bump the cargo group across 1 directory with 15 updates

[dependabot]

Bumps the cargo group with 15 updates in the /cli directory:

Package	From	To
clap	4.5.53	4.5.58
dialoguer	0.11.0	0.12.0
futures-util	0.3.31	0.3.32
flate2	1.1.5	1.1.9
prost	0.12.6	0.14.3
rand	0.8.5	0.9.2
regex	1.12.2	1.12.3
serde_json	1.0.148	1.0.149
thiserror	1.0.69	2.0.17
tokio	1.48.0	1.49.0
tokio-tungstenite	0.21.0	0.28.0
url	2.5.7	2.5.8
unicode-width	0.1.14	0.2.2
zip	0.6.6	8.0.0
prost-build	0.12.6	0.14.3

Updates clap from 4.5.53 to 4.5.58

Release notes

Sourced from clap's releases.

v4.5.58

[4.5.58] - 2026-02-11

v4.5.57

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

v4.5.56

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

v4.5.55

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

v4.5.54

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

Changelog

Sourced from clap's changelog.

[4.5.58] - 2026-02-11

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

Commits

• 88f13cb chore: Release
• fe2d731 docs: Update changelog
• b256739 Merge pull request #6131 from mernen/do-not-suggest-opts-after-escape
• 8aaf704 fix(complete): Do not suggest options after "--"
• 4a86fee test(complete): Illustrate current behavior
• 281f8ae Merge pull request #6126 from epage/p
• 3cbce42 docs(cookbook): Make typed-derive easier to maintain
• 9fd4dc9 docs(cookbook): Provide a custom TypedValueParser
• 8f8e861 docs(cookbook): Add local enum to typed-derive
• 926bafe docs(cookbook): Hint at overriding value_name
• Additional commits viewable in compare view

Updates dialoguer from 0.11.0 to 0.12.0

Release notes

Sourced from dialoguer's releases.

0.12.0

What's Changed

• Fix prompt in select.rs example by @​jwodder in console-rs/dialoguer#289
• Document crate feature guarded items on docs.rs by @​robjtede in console-rs/dialoguer#293
• Add conversion between error types by @​jacobtread in console-rs/dialoguer#300
• Accept items by iterator instead of slice by @​jacobtread in console-rs/dialoguer#299
• refactor: replace thiserror with a manual impl by @​CosmicHorrorDev in console-rs/dialoguer#327
• Update console to 0.16 by @​musicinmybrain in console-rs/dialoguer#329

Changelog

Sourced from dialoguer's changelog.

Changelog

For newer releases, please see releases.

Commits

• 731c70b Audit dependencies
• 2a88be1 Check for external types
• d4271ea Check semver compatibility
• 11c990d Check for documentation errors
• 39d2480 Add Dependabot config
• 31b2e25 Upgrade to actions/checkout v5
• 8ebd9e5 Focus CI testing on stable Rust
• d4a002d Use default targets on respective operating systems
• 3e3cc03 Reduce number of targets tested in CI
• fcb8a0d Enable basic caching in CI
• Additional commits viewable in compare view

Updates futures-util from 0.3.31 to 0.3.32

Release notes

Sourced from futures-util's releases.

0.3.32

• Bump MSRV of utility crates to 1.71. (#2989)
• Soft-deprecate ready! macro in favor of std::task::ready! added in Rust 1.64 (#2925)
• Soft-deprecate pin_mut! macro in favor of std::pin::pin! added in Rust 1.68 (#2929)
• Add FuturesOrdered::clear (#2927)
• Add mpsc::*Receiver::recv (#2947)
• Add mpsc::*Receiver::try_recv and deprecate mpsc::*Receiver::::try_next (#2944)
• Implement FusedStream for sink::With (#2948)
• Add no_std support for shared (#2868)
• Make Mutex::new() const (#2956)
• Add #[clippy::has_significant_drop] to guards (#2967)
• Remove dependency to pin-utils (#2929)
• Remove dependency on num_cpus (#2946)
• Performance improvements (#2983)
• Documentation improvements (#2925, #2926, #2940, #2971)

Changelog

Sourced from futures-util's changelog.

0.3.32 - 2026-02-15

• Bump MSRV of utility crates to 1.71. (#2989)
• Soft-deprecate ready! macro in favor of std::task::ready! added in Rust 1.64 (#2925)
• Soft-deprecate pin_mut! macro in favor of std::pin::pin! added in Rust 1.68 (#2929)
• Add FuturesOrdered::clear (#2927)
• Add mpsc::*Receiver::recv (#2947)
• Add mpsc::*Receiver::try_recv and deprecate mpsc::*Receiver::::try_next (#2944)
• Implement FusedStream for sink::With (#2948)
• Add no_std support for shared (#2868)
• Make Mutex::new() const (#2956)
• Add #[clippy::has_significant_drop] to guards (#2967)
• Remove dependency to pin-utils (#2929)
• Remove dependency on num_cpus (#2946)
• Performance improvements (#2983)
• Documentation improvements (#2925, #2926, #2940, #2971)

Commits

• d9bba94 Release 0.3.32
• 151e0b9 Add comments on rust-version field in Cargo.toml
• 4aaf00c Bump MSRV of utility crates to 1.71
• a4cce12 perf: improve AtomicWaker::wake performance (#2983)
• ba9d102 Add #[clippy::has_significant_drop] to guards (#2967)
• 20396a8 Fix rustdoc::broken_intra_doc_links warning
• 815f6eb Fix documentation of BiLock::lock (#2971)
• 0f0db04 futures-util: make Mutex::new() const (#2956)
• 5d6fc5e ci: Test big-endian target (s390x Linux)
• 9f739fe Ignore dead_code lint on Fn1 trait
• Additional commits viewable in compare view

Updates flate2 from 1.1.5 to 1.1.9

Release notes

Sourced from flate2's releases.

1.1.8

What's Changed

• Document feature flags using document-features crate by @​Copilot in rust-lang/flate2-rs#519
• Complete the zlib-rs support without the need for C-bindings by @​Byron in rust-lang/flate2-rs#524
• test zlib API for all compatible backends by @​Byron in rust-lang/flate2-rs#525

New Contributors

• @​Copilot made their first contribution in rust-lang/flate2-rs#519

Full Changelog: rust-lang/flate2-rs@1.1.7...1.1.8

1.1.7 - depend on zlib-rs directly and remove libz-rs-sys

What's Changed

• chore: make some documents clearer by @​reddaisyy in rust-lang/flate2-rs#510
• Explain rationale for choosing bufread,read,write modules by @​jongiddy in rust-lang/flate2-rs#512
• use Decompress::reset() instead of recreating in DeflateDecoder by @​amirshukayev in rust-lang/flate2-rs#514
• use zlib_rs api by @​folkertdev in rust-lang/flate2-rs#513

New Contributors

• @​reddaisyy made their first contribution in rust-lang/flate2-rs#510
• @​amirshukayev made their first contribution in rust-lang/flate2-rs#514

Full Changelog: rust-lang/flate2-rs@1.1.5...1.1.6

1.1.6 - YANKED

It caused rust-lang/flate2-rs#515.

What's Changed

• chore: make some documents clearer by @​reddaisyy in rust-lang/flate2-rs#510
• Explain rationale for choosing bufread,read,write modules by @​jongiddy in rust-lang/flate2-rs#512
• use Decompress::reset() instead of recreating in DeflateDecoder by @​amirshukayev in rust-lang/flate2-rs#514
• use zlib_rs api by @​folkertdev in rust-lang/flate2-rs#513

New Contributors

• @​reddaisyy made their first contribution in rust-lang/flate2-rs#510
• @​amirshukayev made their first contribution in rust-lang/flate2-rs#514

Full Changelog: rust-lang/flate2-rs@1.1.5...1.1.6

Commits

• 19ddb18 Merge pull request #529 from folkertdev/update-zlib-rs-0.6.0
• c956e12 upgrade zlib-rs to version 0.6.0
• 21d5eeb Merge pull request #528 from wgyt/wgyt/patch
• 54f8484 update LICENSE-MIT
• f4924fe Merge pull request #527 from jongiddy/crc-tests
• 8b9b7a6 Add tests to check data CRC
• fd17c74 Merge pull request #526 from folkertdev/zlib-rs-crc32
• aef26ac check that zlib-rs no longer compiles crc32fast
• 5ec7647 make crc32fast an optional dependency
• c584e97 use zlib-rs for crc32 (when available)
• Additional commits viewable in compare view

Updates prost from 0.12.6 to 0.14.3

Changelog

Sourced from prost's changelog.

Prost version 0.14.2

PROST! is a Protocol Buffers implementation for the Rust Language. prost generates simple, idiomatic Rust code from proto2 and proto3 files.

⚠️ Heads-up

• Increase MSRV to 1.82 (#1356)

• Update maintenance status to Passively Maintained (#1359)

  This excerpt is from the readme:

  The current maintainer is not contributing new features and doesn't have the time to review new features. Bug fixes and small improvements are welcome. Feel free to contribute small and easily reviewable PRs.

  Bug fixes are still important, and security fixes will be released as soon as possible. Contact the #prost channel in Tokio discord if you feel a bug or security fix is not getting enough attention.

  The maintainer expects the official protobuf project to release their rust library soon and expects it to be as fully featured as the C++ library. See their source code and crate for more information.

🚀 Features

• Configure prost path via prost_build::Config or #[(prost(prost_path = "::prost")] (#1274)
• Support for deprecated enum and oneof fields (#1316)

🐛 Bug Fixes

• (prost-build) Resolve OneOf type name conflict with embedded message (#1294)
• (prost-build) Avoid OneOf type collision with enums and keyword names (#1341)

💼 Dependencies

• Use trait Error from core (#1179)
• (deps) Update protobuf to v25.8 (#1323)
• (deps) Update criterion requirement from 0.6 to 0.7 (#1308)
• (deps) Update petgraph to 0.8 (#1327)
• (deps) Bump actions/upload-artifact from 4 to 5 (#1351)
• (deps) Bump actions/checkout from 5 to 6 (#1370)
• Bump actions/checkout to v5 (#1312)
• Update clippy to version 1.87 (#1292)
• Replace once_cell dependency by std lib (#1119)

📚 Documentation

• Update outdated link is test documentation (#1289)
• Describe use of encoding module (#1322)
• Update the readme MSRV to the actual number (#1331)
• Update URLs after manual review (#1336)
• Answer why fields are wrapped in option (#1358)

🎨 Styling

• Add spaces to derive arguments in generated code (#1290)
• Use variables directly in the format! string (#1293)

... (truncated)

Commits

• fafa97f chore: remove protobuf submodule and leverage cmake for it (#1389)
• e0643e2 release 0.14.3
• 5595b61 fix: Add back DecodeError::new (#1382)
• e42dcad Bufix: Name::full_name() is correct for empty packages (#1386)
• 107153f build(deps): update pulldown-cmark-to-cmark requirement from 21 to 22 (#1384)
• 3fc7003 build(deps): bump actions/upload-artifact from 5 to 6 (#1381)
• 33f8721 fix some forgotten prost import paths (#1385)
• efb0755 chore: Release version 0.14.2 (#1372)
• 91a093f test(derive_copy): Allow dead code (#1362)
• 2c22c59 build(deps): bump actions/checkout from 5 to 6 (#1370)
• Additional commits viewable in compare view

Updates rand from 0.8.5 to 0.9.2

Changelog

Sourced from rand's changelog.

[0.9.2] - 2025-07-20

Deprecated

• Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

• Enable WeightedIndex<usize> (de)serialization (#1646)

[0.9.1] - 2025-04-17

Security and unsafe

• Revise "not a crypto library" policy again (#1565)
• Remove zerocopy dependency from rand (#1579)

Fixes

• Fix feature simd_support for recent nightly rust (#1586)

Changes

• Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#1623), reverting an undocumented change (#1382) to the previous release.

Additions

• Add rand::distr::Alphabetic distribution. (#1587)
• Re-export rand_core (#1604)

#1565: rust-random/rand#1565 #1579: rust-random/rand#1579 #1586: rust-random/rand#1586 #1587: rust-random/rand#1587 #1604: rust-random/rand#1604 #1623: rust-random/rand#1623 #1634: rust-random/rand#1634 #1646: rust-random/rand#1646

[0.9.0] - 2025-01-27

Security and unsafe

• Policy: "rand is not a crypto library" (#1514)
• Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
• Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

• Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
• Update to rand_core v0.9.0 (#1558)

Features

• Support std feature without getrandom or rand_chacha (#1354)
• Enable feature small_rng by default (#1455)
• Remove implicit feature rand_chacha; use std_rng instead. (#1473)
• Rename feature serde1 to serde (#1477)
• Rename feature getrandom to os_rng (#1537)

... (truncated)

Commits

• d3dd415 Prepare rand_core 0.9.2 (#1605)
• 99fabd2 Prepare rand_core 0.9.2
• c7fe1c4 rand: re-export rand_core (#1604)
• db2b1e0 rand: re-export rand_core
• ee1d96f rand_core: implement reborrow for UnwrapMut (#1595)
• e0eb2ee rand_core: implement reborrow for UnwrapMut
• 975f602 fixup clippy 1.85 warnings
• 775b05b Relax Sized requirements for blanket impls (#1593)
• ec6d5c0 Prepare rand_core v0.9.1 (#1591)
• 6a06056 rand_core: introduce an UnwrapMut wrapper (#1589)
• Additional commits viewable in compare view

Updates regex from 1.12.2 to 1.12.3

Changelog

Sourced from regex's changelog.

1.12.3 (2025-02-03)

This release excludes some unnecessary things from the archive published to crates.io. Specifically, fuzzing data and various shell scripts are now excluded. If you run into problems, please file an issue.

Improvements:

• #1319: Switch from a Cargo exclude list to an include list, and exclude some unnecessary stuff.

Commits

• b028e4f 1.12.3
• 5e195de regex-automata-0.4.14
• a3433f6 regex-syntax-0.8.9
• 0c07fae regex-lite-0.1.9
• 6a81006 cargo: exclude development scripts and fuzzing data
• 4733e28 automata: fix onepass::DFA::try_search_slots panic when too many slots are ...
• See full diff in compare view

Updates serde_json from 1.0.148 to 1.0.149

Release notes

Sourced from serde_json's releases.

v1.0.149

• Align arbitrary_precision number strings with zmij's formatting (#1306, thanks @​b41sh)

Commits

• 4f6dbfa Release 1.0.149
• f3df680 Touch up PR 1306
• e16730f Merge pull request #1306 from b41sh/fix-float-number-display
• eeb2bcd Align arbitrary_precision number strings with zmij’s formatting
• See full diff in compare view

Updates thiserror from 1.0.69 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

• Use differently named __private module per patch release (#434)

2.0.16

• Add to "no-std" crates.io category (#429)

2.0.15

• Prevent Error::provide API becoming unavailable from a future new compiler lint (#427)

2.0.14

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#426)

2.0.13

• Documentation improvements

2.0.12

• Prevent elidable_lifetime_names pedantic clippy lint in generated impl (#413)

2.0.11

• Add feature gate to tests that use std (#409, #410, thanks @​Maytha8)

2.0.10

• Support errors containing a generic type parameter's associated type in a field (#408)

2.0.9

• Work around missing_inline_in_public_items clippy restriction being triggered in macro-generated code (#404)

2.0.8

• Improve support for macro-generated derive(Error) call sites (#399)

2.0.7

• Work around conflict with #[deny(clippy::allow_attributes)] (#397, thanks @​zertosh)

2.0.6

• Suppress deprecation warning on generated From impls (#396)

2.0.5

• Prevent deprecation warning on generated impl for deprecated type (#394)

2.0.4

• Eliminate needless_lifetimes clippy lint in generated From impls (#391, thanks @​matt-phylum)

2.0.3

• Support the same Path field being repeated in both Debug and Display representation in error message (#383)
• Improve error message when a format trait used in error message is not implemented by some field (#384)

2.0.2

• Fix hang on invalid input inside #[error(...)] attribute (#382)

2.0.1

... (truncated)

Commits

• 72ae716 Release 2.0.17
• 599fdce Merge pull request #434 from dtolnay/private
• 9ec05f6 Use differently named __private module per patch release
• d2c492b Raise minimum tested compiler to rust 1.76
• fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
• 819fe29 Update ui test suite to nightly-2025-09-12
• 259f48c Enforce trybuild >= 1.0.108
• 470e6a6 Update ui test suite to nightly-2025-08-24
• 544e191 Update actions/checkout@v4 -> v5
• cbc1eba Delete duplicate cap-lints flag from build script
• Additional commits viewable in compare view

Updates tokio from 1.48.0 to 1.49.0

Release notes

Sourced from tokio's releases.

Tokio v1.49.0

1.49.0 (January 3rd, 2026)

Added

• net: add support for TCLASS option on IPv6 (#7781)
• runtime: stabilize runtime::id::Id (#7125)
• task: implement Extend for JoinSet (#7195)
• task: stabilize the LocalSet::id() (#7776)

Changed

• net: deprecate {TcpStream,TcpSocket}::set_linger (#7752)

Fixed

• macros: fix the hygiene issue of join! and try_join! (#7766)
• runtime: revert "replace manual vtable definitions with Wake" (#7699)
• sync: return TryRecvError::Disconnected from Receiver::try_recv after Receiver::close (#7686)
• task: remove unnecessary trait bounds on the Debug implementation (#7720)

Unstable

• fs: handle EINTR in fs::write for io-uring (#7786)
• fs: support io-uring with tokio::fs::read (#7696)
• runtime: disable io-uring on EPERM (#7724)
• time: add alternative timer for better multicore scalability (#7467)

Documented

• docs: fix a typos in bounded.rs and park.rs (#7817)
• io: add SyncIoBridge cross-references to copy and copy_buf (#7798)
• io: doc that AsyncWrite does not inherit from std::io::Write (#7705)
• metrics: clarify that num_alive_tasks is not strongly consistent (#7614)
• net: clarify the cancellation safety of the TcpStream::peek (#7305)
• net: clarify the drop behavior of unix::OwnedWriteHalf (#7742)
• net: clarify the platform-dependent backlog in TcpSocket docs (#7738)
• runtime: mention LocalRuntime in new_current_thread docs (#7820)
• sync: add missing period to mpsc::Sender::try_send docs (#7721)
• sync: clarify the cancellation safety of oneshot::Receiver (#7780)
• sync: improve the docs for the errors of mpsc (#7722)
• task: add example for spawn_local usage on local runtime (#7689)

#7125: tokio-rs/tokio#7125 #7195: tokio-rs/tokio#7195 #7305: tokio-rs/tokio#7305 #7467: tokio-rs/tokio#7467 #7614: tokio-rs/tokio#7614 #7686: tokio-rs/tokio#7686 #7689: tokio-rs/tokio#7689

... (truncated)

Commits

• e3b89bb chore: prepare Tokio v1.49.0 (#7824)
• 4f577b8 Merge 'tokio-1.47.3' into 'master'
• f320197 chore: prepare Tokio v1.47.3 (#7823)
• ea6b144 ci: freeze rustc on nightly-2025-01-25 in netlify.toml (#7652)
• 264e703 Merge tokio-1.43.4 into tokio-1.47.x (#7822)
• dfb0f00 chore: prepare Tokio v1.43.4 (#7821)
• 4a91f19 ci: fix wasm32-wasip1 tests (#7788)
• 601c383 ci: upgrade FreeBSD from 14.2 to 14.3 (#7758)
• 484cb52 sync: return TryRecvError::Disconnected from Receiver::try_recv after `Re...
• 16f20c3 rt: mention LocalRuntime in new_current_thread docs (#7820)
• Additional commits viewable in compare view

Updates tokio-tungstenite from 0.21.0 to 0.28.0

Changelog

Sourced from tokio-tungstenite's changelog.

0.28.0

• Update tungstenite to 0.18.0. See tungstenite release.

0.27.0

• See performance updates in tungstenite-rs.

0.26.2

• Update tungstenite, see changes here.

0.26.1

• Update tungstenite to address an issue that might cause UB in certain cases.

0.26.0

• Update tungstenite to 0.26.0 (breaking changes).

0.25.0

• Update tungstenite to 0.25.0 (important updates!).

0.24.0

• Update dependencies (TLS, tungstenite).
• Return a runtime error when WSS URLs are used without a proper TLS feature enabled.

0.23.1

• Introduce a url feature (proxies to tungstenite/url).

0.23.0

• Update tungstenite to 0.23.0.
• Disable default features on TLS crates.

0.22.0

• Update TLS dependencies.
• Update tungstenite to match 0.22.0.

Commits

• 35d110c Implement into_inner to get the underlying stream (#367)
• f3ae75d Update tungstenite version and fix bugs
• 25b544e Allow getting a reference to the shared inner stream (#363)
• e855f9e Fix errors in the examples caused by Utf8Error
• 21c5d19 Bump version
• fbd1471 Update performance notes in README
• a8d9f19 Bump version
• aafb2f9 Bump version
• 0eefa27 Bump version
• 2d23077 Update to new tungstenite and bump version
• Additional commits viewable in compare view

Updates url from 2.5.7 to 2.5.8

Commits

• d6ea13c Bump to 2.5.8
• 8269ac3 ci: update cargo-deny config, bump cargo-deny-action to v2 (#1092)
• 6dfdf17 chore: fix some typos in comments (#1090)
• b06048d Attempt to fix 1.82 CI (#1085)
• 9771ab5 Fix roundtripping issue (#1079)
• 22b925f Improve Compile Times with serde_derive (#1075)
• 0afccc9 fix outdated docs for ParseError (#1074)
• See full diff in compare view

Updates unicode-width from 0.1.14 to 0.2.2

Commits

• 9d98411 Publish 0.2.2 (#79)
• 4bba1d1 Support Unicode 17 (#75)
• 0085e91 Publish 0.2.1
• 6db0c14 Remove compiler-builtins from rustc-dep-of-std dependencies (#77)
• 0bccd3f update copyright year (#76)
• 7a7fcdc Support Unicode 16 (#74)
• 82d7136 Advertise and enforce MSRV (#73)
• e77b292 Make characters with Line_Break=Ambiguous ambiguous (#61)
• 5a7fced Update version number in Readme (#70)
• 79eab0d Publish 0.2.0 with newlines treated as width 1 (#68)
• See full diff in compare view

Updates zip from 0.6.6 to 8.0.0

Release notes

Sourced from zip's releases.

v8.0.0

🚀 Features

• document zip flags as enum (#639)
• Migrate to Rust 2024 (#650)
• [breaking] Remove deprecated methods of DateTime (#597)

v7.4.0

🚀 Features

• Increase MSRV to 1.88 and update dependencies (#626)

v7.3.0

🚀 Features

• cleanup the benchs and Cargo.toml (

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.