chore(deps): bump the all-cargo-deps group across 1 directory with 6 updates

[dependabot]

Bumps the all-cargo-deps group with 6 updates in the / directory:

Package	From	To
axum	0.8.8	0.8.9
tokio	1.50.0	1.51.1
sha2	0.10.9	0.11.0
noodles-fasta	0.42.0	0.60.0
noodles-core	0.15.0	0.19.0
md-5	0.10.6	0.11.0

Updates axum from 0.8.8 to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

• added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
• changed: Update minimum rust version to 1.80 (#3620)
• fixed: Set connect endpoint on correct field in MethodRouter (#3656)
• fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

Commits

• c59208c revert axum-core changelog changes
• 99068f5 Revert "Fix IntoResponse for tuples overriding error response codes (#3603)"
• 23d7098 Revert "axum-core 0.5.6"
• e8a39ad axum-macros 0.5.1
• 6e9a249 axum-extra 0.12.6
• 0ec9041 axum 0.8.9
• c3fcebb axum-core 0.5.6
• a8790fc update release notes
• 26ba7bb docs: consolidate state management docs in crate root (#3683)
• 9fc59ef Update to tokio-tungstenite 0.29 (#3689)
• Additional commits viewable in compare view

Updates tokio from 1.50.0 to 1.51.1

Release notes

Sourced from tokio's releases.

Tokio v1.51.1

1.51.1 (April 8th, 2026)

Fixed

• sync: fix semaphore reopens after forget (#8021)
• net: surface errors from SO_ERROR on recv for UDP sockets on Linux (#8001)

Fixed (unstable)

• metrics: fix worker_local_schedule_count test (#8008)
• rt: do not leak fd when cancelling io_uring open operation (#7983)

#7983: tokio-rs/tokio#7983 #8001: tokio-rs/tokio#8001 #8008: tokio-rs/tokio#8008 #8021: tokio-rs/tokio#8021

Tokio v1.51.0

1.51.0 (April 3rd, 2026)

Added

• net: implement get_peer_cred on Hurd (#7989)
• runtime: add tokio::runtime::worker_index() (#7921)
• runtime: add runtime name (#7924)
• runtime: stabilize LocalRuntime (#7557)
• wasm: add wasm32-wasip2 networking support (#7933)

Changed

• runtime: steal tasks from the LIFO slot (#7431)

Fixed

• docs: do not show "Available on non-loom only." doc label (#7977)
• macros: improve overall macro hygiene (#7997)
• sync: fix notify_waiters priority in Notify (#7996)
• sync: fix panic in Chan::recv_many when called with non-empty vector on closed channel (#7991)

#7431: tokio-rs/tokio#7431 #7557: tokio-rs/tokio#7557 #7921: tokio-rs/tokio#7921 #7924: tokio-rs/tokio#7924 #7933: tokio-rs/tokio#7933 #7977: tokio-rs/tokio#7977 #7989: tokio-rs/tokio#7989 #7991: tokio-rs/tokio#7991 #7996: tokio-rs/tokio#7996 #7997: tokio-rs/tokio#7997

Commits

• 98df02d chore: prepare Tokio v1.51.1 (#8023)
• 3ea11e2 sync: fix semaphore reopens after forget (#8021)
• c791213 rt: do not leak fd when cancelling io_uring open operation (#7983)
• ad8c59a net: surface errors from SO_ERROR on recv for UDP sockets on Linux (#8001)
• 654d38b metrics: fix worker_local_schedule_count test (#8008)
• 857ba80 docs: improve contributing docs on how to specify crates dependency versions ...
• 95b9342 chore: remove path deps for tokio-macros 2.7.0 (#8007)
• 0af06b7 chore: prepare Tokio v1.51.0 (#8005)
• 01a7f1d chore: prepare tokio-macros v2.7.0 (#8004)
• eeb55c7 runtime: steal tasks from the LIFO slot (#7431)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates noodles-fasta from 0.42.0 to 0.60.0

Commits

• c835f68 Bump versions for noodles 0.106.0
• 3302410 cram/codecs/name_tokenizer/encoder: Use byte buffer
• dbb5dc2 cram/changelog: Add entry for reference sequence copying
• ef7053b cram/io/reader/container/block/compression_method: Use <[T]>::split_off_first
• e1982b9 cram/io/reader/container/block: Return clone-on-write buffers from blocks dec...
• 1537cd4 cram/io/reader/container/header: Reduce visibilities of readers
• a944a0a fasta/repository: Reference count sequences in cache
• 330190a Bump versions for noodles 0.105.0
• a8ccda0 bcf/io/reader: Remove unnecessary import from example
• ee1dc0d cram/file_definition: Return an array reference from FileDefinition::file_id
• Additional commits viewable in compare view

Updates noodles-core from 0.15.0 to 0.19.0

Commits

• 330190a Bump versions for noodles 0.105.0
• a8ccda0 bcf/io/reader: Remove unnecessary import from example
• ee1dc0d cram/file_definition: Return an array reference from FileDefinition::file_id
• 17d5ae9 cram/io/reader/header/tests: Use <[T]>::split_last_chunk
• 398c63d bam/record/fields: Add read length getter
• ae75ebc csi/io/reader/index/reference_sequences: Add reference sequence count reader
• 31fc88a cram/codecs/aac/decode/stripe/tests: Add field reader tests
• e355efb cram: Update to lzma-rust2 0.16.1
• 94d142a cram/changelog: Add entry for index destination creation
• 10facc1 cram/crai/io/writer: Change buffers to sinks in examples
• Additional commits viewable in compare view

Updates md-5 from 0.10.6 to 0.11.0

Commits

• b5051e5 Cut new releases (#812)
• 451c446 md5: replace force-soft crate feature with md5_backend configuration flag...
• 2f00175 Release sha1 v0.11.0 (#810)
• 07d370c sha1: refactor backends selection (#808)
• 7c7cb76 Fix md5 project link in README (#809)
• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

• Chores
  • Updated core dependencies to latest stable versions for enhanced security and stability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 440d199e-4c58-4395-b010-594acdc13464

📥 Commits

Reviewing files that changed from the base of the PR and between bda26b6 and d6e5f78.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• Cargo.toml

---

📝 Walkthrough

Walkthrough

Dependencies are updated in the workspace configuration: sha2 (0.10→0.11), noodles-fasta (0.42→0.60), noodles-core (0.15→0.19), and md-5 (0.10→0.11). No functional code or API changes.

Changes

Cohort / File(s)	Summary
Workspace Dependency Updates Cargo.toml	Updated four cryptography and bioinformatics crate versions: sha2, noodles-fasta, noodles-core, and md-5 to newer patch or minor releases.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Dependencies upgraded with care,
New versions float through the air,
Sha2 and noodles, md-5 too,
Better tools for what we do!
Hop along to futures bright, ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: a dependency version bump across multiple Cargo dependencies, which aligns with the actual changeset of updating six crate versions in Cargo.toml.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/cargo/all-cargo-deps-741a3a8309

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}