chore(deps): update rust crate tokio to v1.43.1 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
tokio (source)	workspace.dependencies	minor	1.41.1 → 1.43.1

GitHub Vulnerability Alerts

GHSA-rr8g-9fpq-6wmg

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync.

Thank you to Austin Bonander for finding and reporting this issue.

---

Release Notes

tokio-rs/tokio (tokio)

v1.43.1

Compare Source

v1.43.0: Tokio v1.43.0

Compare Source

1.43.0 (Jan 8th, 2025)

Added

• net: add UdpSocket::peek methods (#​7068)
• net: add support for Haiku OS (#​7042)
• process: add Command::into_std() (#​7014)
• signal: add SignalKind::info on illumos (#​6995)
• signal: add support for realtime signals on illumos (#​7029)

Fixed

• io: don't call set_len before initializing vector in Blocking (#​7054)
• macros: suppress clippy::needless_return in #[tokio::main] (#​6874)
• runtime: fix thread parking on WebAssembly (#​7041)

Changes

• chore: use unsync loads for unsync_load (#​7073)
• io: use Buf::put_bytes in Repeat read impl (#​7055)
• task: drop the join waker of a task eagerly (#​6986)

Changes to unstable APIs

• metrics: improve flexibility of H2Histogram Configuration (#​6963)
• taskdump: add accessor methods for backtrace (#​6975)

Documented

• io: clarify ReadBuf::uninit allows initialized buffers as well (#​7053)
• net: fix ambiguity in TcpStream::try_write_vectored docs (#​7067)
• runtime: fix LocalRuntime doc links (#​7074)
• sync: extend documentation for watch::Receiver::wait_for (#​7038)
• sync: fix typos in OnceCell docs (#​7047)

v1.42.1: Tokio v1.42.1

Compare Source

This release fixes a soundness issue in the broadcast channel. The channel accepts values that are Send but !Sync. Previously, the channel called clone() on these values without synchronizing. This release fixes the channel by synchronizing calls to .clone() (Thanks Austin Bonander for finding and reporting the issue).

Fixed

• sync: synchronize clone() call in broadcast channel (#​7232)

v1.42.0: Tokio v1.42.0

Compare Source

1.42.0 (Dec 3rd, 2024)

Added

• io: add AsyncFd::{try_io, try_io_mut} (#​6967)

Fixed

• io: avoid ptr->ref->ptr roundtrip in RegistrationSet (#​6929)
• runtime: do not defer yield_now inside block_in_place (#​6999)

Changes

• io: simplify io readiness logic (#​6966)

Documented

• net: fix docs for tokio::net::unix::{pid_t, gid_t, uid_t} (#​6791)
• time: fix a typo in Instant docs (#​6982)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 50.9%. Comparing base (7c74989) to head (7ac09cc).

Additional details and impacted files

see 9 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.