Bump the cargo-bump group across 1 directory with 16 updates

[dependabot]

Bumps the cargo-bump group with 16 updates in the /backend directory:

Package	From	To
tracing-opentelemetry	0.32.0	0.32.1
tracing	0.1.43	0.1.44
tokio	1.48.0	1.49.0
tower-http	0.6.7	0.6.8
axum	0.8.7	0.8.8
serde_json	1.0.145	1.0.149
serde_with	3.16.1	3.17.0
chrono	0.4.42	0.4.44
uuid	1.18.1	1.21.0
jsonwebtoken	10.2.0	10.3.0
anyhow	1.0.100	1.0.102
regex	1.12.2	1.12.3
url	2.5.7	2.5.8
thiserror	2.0.17	2.0.18
openai_dive	1.3.3	1.4.1
fantoccini	0.22.0	0.22.1

Updates tracing-opentelemetry from 0.32.0 to 0.32.1

Release notes

Sourced from tracing-opentelemetry's releases.

0.32.1

Added

• allow OpenTelemetry context access with SpanRef (#234)
• add event-counting filtering layer for spans (#228)
• publicly export SetParentError

Fixed

• fix panic in multithreaded follows-from

Other

• Remove unwanted dependency on opentelemetry sdk crate (#241)
• update README.md links to use the latest version (#239)
• remove thiserror and unused dependencies (#238)

Changelog

Sourced from tracing-opentelemetry's changelog.

0.32.1 - 2025-12-17

Added

• allow OpenTelemetry context access with SpanRef (#234)
• add event-counting filtering layer for spans (#228)
• publicly export SetParentError

Fixed

• fix panic in multithreaded follows-from

Other

• Remove unwanted dependency on opentelemetry sdk crate (#241)
• update README.md links to use the latest version (#239)
• remove thiserror and unused dependencies (#238)

Commits

• feedb22 chore: prepare release of 0.32.1 (#246)
• 99b934b feat: allow OpenTelemetry context access with SpanRef (#234)
• 35be2a5 docs: add functionality rustdocs to layer
• a31f8db fix: fix panic in multithreaded follows-from
• 94fddb0 test: add test for mutlithreaded follows from panic
• 6b81167 Remove unwanted dependency on opentelemetry sdk crate (#241)
• 938a9a8 fix: fix broken compilation (#245)
• 13f7ca2 feat: add event-counting filtering layer for spans (#228)
• 884b00c chore: update README.md links to use the latest version (#239)
• 79be94c chore: remove thiserror and unused dependencies (#238)
• Additional commits viewable in compare view

Updates tracing from 0.1.43 to 0.1.44

Release notes

Sourced from tracing's releases.

tracing 0.1.44

Fixed

• Fix record_all panic (#3432)

Changed

• tracing-core: updated to 0.1.36 (#3440)

#3432: tokio-rs/tracing#3432 #3440: tokio-rs/tracing#3440

Commits

• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• cc44064 chore: prepare tracing-subscriber 0.3.22 (#3428)
• See full diff in compare view

Updates tokio from 1.48.0 to 1.49.0

Release notes

Sourced from tokio's releases.

Tokio v1.49.0

1.49.0 (January 3rd, 2026)

Added

• net: add support for TCLASS option on IPv6 (#7781)
• runtime: stabilize runtime::id::Id (#7125)
• task: implement Extend for JoinSet (#7195)
• task: stabilize the LocalSet::id() (#7776)

Changed

• net: deprecate {TcpStream,TcpSocket}::set_linger (#7752)

Fixed

• macros: fix the hygiene issue of join! and try_join! (#7766)
• runtime: revert "replace manual vtable definitions with Wake" (#7699)
• sync: return TryRecvError::Disconnected from Receiver::try_recv after Receiver::close (#7686)
• task: remove unnecessary trait bounds on the Debug implementation (#7720)

Unstable

• fs: handle EINTR in fs::write for io-uring (#7786)
• fs: support io-uring with tokio::fs::read (#7696)
• runtime: disable io-uring on EPERM (#7724)
• time: add alternative timer for better multicore scalability (#7467)

Documented

• docs: fix a typos in bounded.rs and park.rs (#7817)
• io: add SyncIoBridge cross-references to copy and copy_buf (#7798)
• io: doc that AsyncWrite does not inherit from std::io::Write (#7705)
• metrics: clarify that num_alive_tasks is not strongly consistent (#7614)
• net: clarify the cancellation safety of the TcpStream::peek (#7305)
• net: clarify the drop behavior of unix::OwnedWriteHalf (#7742)
• net: clarify the platform-dependent backlog in TcpSocket docs (#7738)
• runtime: mention LocalRuntime in new_current_thread docs (#7820)
• sync: add missing period to mpsc::Sender::try_send docs (#7721)
• sync: clarify the cancellation safety of oneshot::Receiver (#7780)
• sync: improve the docs for the errors of mpsc (#7722)
• task: add example for spawn_local usage on local runtime (#7689)

#7125: tokio-rs/tokio#7125 #7195: tokio-rs/tokio#7195 #7305: tokio-rs/tokio#7305 #7467: tokio-rs/tokio#7467 #7614: tokio-rs/tokio#7614 #7686: tokio-rs/tokio#7686 #7689: tokio-rs/tokio#7689

... (truncated)

Commits

• e3b89bb chore: prepare Tokio v1.49.0 (#7824)
• 4f577b8 Merge 'tokio-1.47.3' into 'master'
• f320197 chore: prepare Tokio v1.47.3 (#7823)
• ea6b144 ci: freeze rustc on nightly-2025-01-25 in netlify.toml (#7652)
• 264e703 Merge tokio-1.43.4 into tokio-1.47.x (#7822)
• dfb0f00 chore: prepare Tokio v1.43.4 (#7821)
• 4a91f19 ci: fix wasm32-wasip1 tests (#7788)
• 601c383 ci: upgrade FreeBSD from 14.2 to 14.3 (#7758)
• 484cb52 sync: return TryRecvError::Disconnected from Receiver::try_recv after `Re...
• 16f20c3 rt: mention LocalRuntime in new_current_thread docs (#7820)
• Additional commits viewable in compare view

Updates tower-http from 0.6.7 to 0.6.8

Release notes

Sourced from tower-http's releases.

tower-http-0.6.8

Fixed

• Disable multiple_members in Gzip decoder, since HTTP context only uses one member. (#621)

#621: tower-rs/tower-http#621

What's Changed

• Disable multiple_members option for gzip decoder by @​ducaale in tower-rs/tower-http#621
• ci: Pin tracing in MSRV job by @​ducaale in tower-rs/tower-http#622
• ci: Switch cargo-public-api-crates to cargo-check-external-types by @​tottoto in tower-rs/tower-http#613
• Remove deprecated annotations and Refactor From implementations by @​sinder38 in tower-rs/tower-http#608
• v0.6.8 by @​seanmonstar in tower-rs/tower-http#624

New Contributors

• @​sinder38 made their first contribution in tower-rs/tower-http#608

Full Changelog: tower-rs/tower-http@tower-http-0.6.7...tower-http-0.6.8

Commits

• 33166c8 v0.6.8
• 6680160 Fix deprecated lints (#608)
• 81b8231 ci: Switch cargo-public-api-crates to cargo-check-external-types (#613)
• 1fb0144 ci: pin tracing in msrv job (#622)
• 1fe4c09 fix(decompression): disable multiple_members option for gzip decoder (#621)
• See full diff in compare view

Updates axum from 0.8.7 to 0.8.8

Release notes

Sourced from axum's releases.

axum v0.8.8

• Clarify documentation for Router::route_layer (#3567)

#3567: tokio-rs/axum#3567

Commits

• d07863f Release axum v0.8.8 and axum-extra v0.12.3
• 287c674 axum-extra: Make typed-routing feature enable routing feature (#3514)
• f5804aa SecondElementIs: Correct a small inconsistency (#3559)
• f51f3ba axum-extra: Add trailing newline to pretty JSON response (#3526)
• 816407a Fix integer underflow in try_range_response for empty files (#3566)
• 78656eb docs: Clarify route_layer does not apply middleware to the fallback handler...
• See full diff in compare view

Updates serde_json from 1.0.145 to 1.0.149

Release notes

Sourced from serde_json's releases.

v1.0.149

• Align arbitrary_precision number strings with zmij's formatting (#1306, thanks @​b41sh)

v1.0.148

• Update zmij dependency to 1.0

v1.0.147

• Switch float-to-string algorithm from Ryū to Żmij for better f32 and f64 serialization performance (#1304)

v1.0.146

• Set fast_arithmetic=64 for riscv64 (#1305, thanks @​Xeonacid)

Commits

• 4f6dbfa Release 1.0.149
• f3df680 Touch up PR 1306
• e16730f Merge pull request #1306 from b41sh/fix-float-number-display
• eeb2bcd Align arbitrary_precision number strings with zmij’s formatting
• 8b291c4 Release 1.0.148
• 1aefe15 Update to zmij 1.0
• 62d6e8d Release 1.0.147
• fd829a6 Merge pull request #1304 from dtolnay/zmij
• e757a3d Switch from ryu -> zmij for float formatting
• 75ad7e6 Release 1.0.146
• Additional commits viewable in compare view

Updates serde_with from 3.16.1 to 3.17.0

Release notes

Sourced from serde_with's releases.

serde_with v3.17.0

Added

• Support OneOrMany with smallvec v1 (#920, #922)

Changed

• Switch to yaml_serde for a maintained yaml dependency by @​kazan417 (#921)
• Bump MSRV to 1.82, since that is required for yaml_serde dev-dependency.

Commits

• 4031878 Bump version to v3.17.0 (#924)
• 204ae56 Bump version to v3.17.0
• 7812b5a serde_yaml 0.9 to yaml_serde 0.10 (#921)
• 614bd89 Bump MSRV to 1.82 as required by yaml_serde
• 518d0ed Suppress RUSTSEC-2026-0009 since we don't have untrusted time input in tests ...
• a6579a8 Suppress RUSTSEC-2026-0009 since we don't have untrusted time input in tests
• 9d4d069 Implement OneOrMany for smallvec_1::SmallVec (#922)
• fc78243 Add changelog
• 2b8c30b Implement OneOrMany for smallvec_1::SmallVec
• 2d9b9a1 Carg.lock update
• Additional commits viewable in compare view

Updates chrono from 0.4.42 to 0.4.44

Release notes

Sourced from chrono's releases.

0.4.44

What's Changed

• docs: match MSRV with Cargo.toml contents by @​coryan in chronotope/chrono#1772
• Add track_caller to non-deprecated functions by @​svix-jplatte in chronotope/chrono#1774

0.4.43

What's Changed

• Install extra components for lint workflow by @​djc in chronotope/chrono#1741
• Upgrade windows-bindgen to 0.64 by @​djc in chronotope/chrono#1742
• Improve windows-bindgen setup by @​djc in chronotope/chrono#1744
• Drop stabilized feature doc_auto_cfg by @​djc in chronotope/chrono#1745
• Faster RFC 3339 parsing by @​djc in chronotope/chrono#1748
• Update windows-bindgen requirement from 0.64 to 0.65 by @​dependabot[bot] in chronotope/chrono#1751
• add NaiveDate::abs_diff by @​Kinrany in chronotope/chrono#1752
• Add feature gated defmt support. by @​pebender in chronotope/chrono#1747
• Drop deny lints, eager Debug impls are a mixed blessing by @​djc in chronotope/chrono#1753
• chore: minor improvement for docs by @​spuradage in chronotope/chrono#1756
• Added doctest for the NaiveDate years_since function by @​LucasBou in chronotope/chrono#1755
• Prepare 0.4.43 by @​djc in chronotope/chrono#1765
• Update copyright year to 2026 in LICENSE.txt by @​taozui472 in chronotope/chrono#1767

Commits

• c14b459 Bump version to 0.4.44
• ea832c5 Add track_caller to non-deprecated functions
• cfae889 Fix panic message in to_rfc2822
• f8900b5 docs: match MSRV with Cargo.toml contents
• 45caaa9 Update copyright year to 2026 in LICENSE.txt
• 1c0b8f0 Bump version to 0.4.43
• a03e43b Upgrade windows-bindgen to 0.66
• 4fedaba Ignore bincode advisory
• f4b7bbd Bump actions/checkout from 5 to 6
• db12973 Added doctest for the NaiveDate years_since function (#1755)
• Additional commits viewable in compare view

Updates uuid from 1.18.1 to 1.21.0

Release notes

Sourced from uuid's releases.

v1.21.0

What's Changed

• Update getrandom to 0.4 by @​KodrAus in uuid-rs/uuid#858
• feat: impl core::error::Error for Error by @​XAMPPRocky in uuid-rs/uuid#852
• Prepare for 1.21.0 release by @​KodrAus in uuid-rs/uuid#859

New Contributors

• @​XAMPPRocky made their first contribution in uuid-rs/uuid#852

Full Changelog: uuid-rs/uuid@v1.20.0...v1.21.0

v1.20.0

What's Changed

• Derive Ord and PartialOrd for NonNilUuid by @​mivort in uuid-rs/uuid#854
• Implement Deserialize on adapter types by @​KodrAus in uuid-rs/uuid#855
• Deprecate macro-diagnostics by @​KodrAus in uuid-rs/uuid#856
• Prepare for 1.20.0 release by @​KodrAus in uuid-rs/uuid#857

New Contributors

• @​mivort made their first contribution in uuid-rs/uuid#854

Full Changelog: uuid-rs/uuid@v1.19.0...v1.20.0

v1.19.0

What's Changed

• Switch serde dependency to serde_core by @​paolobarbolini in uuid-rs/uuid#843
• Upgrade to 2021 edition and fix most clippy warnings by @​paolobarbolini in uuid-rs/uuid#848
• Prepare for 1.19.0 release by @​KodrAus in uuid-rs/uuid#849

Full Changelog: uuid-rs/uuid@v1.18.1...v1.19.0

Commits

• a38fa19 Merge pull request #859 from uuid-rs/cargo/v1.21.0
• e45b10f prepare for 1.21.0 release
• f6f5d48 Merge pull request #852 from XAMPPRocky/main
• 9bee4bd Merge branch 'main' into main
• cb8f156 Merge pull request #858 from uuid-rs/chore/getrandom-04
• a59c061 bump msrv to 1.85.0 for getrandom
• b9a3157 bump msrv to 1.81.0
• 2a0a7a3 force an earlier nightly for miri
• a6e0aa1 update rand to 0.10
• 576d47b update getrandom to 0.4
• Additional commits viewable in compare view

Updates jsonwebtoken from 10.2.0 to 10.3.0

Changelog

Sourced from jsonwebtoken's changelog.

10.3.0 (2026-01-27)

• Export everything needed to define your own CryptoProvider
• Fix type confusion with exp/nbf when not required

Commits

• abbc307 Fix type confusion
• e99740d fix: bump minimal version requirements (#481)
• 50d15e0 Use try_sign to avoid panics (#479)
• 245858f Bump some dep
• 122c2ed Bump action number in CI
• 72e0c7f Expose cryptography backends via CryptoProvider (#452)
• See full diff in compare view

Updates anyhow from 1.0.100 to 1.0.102

Release notes

Sourced from anyhow's releases.

1.0.102

• Remove backtrace dependency (#438, #439, #440, #441, #442)

1.0.101

• Add #[inline] to anyhow::Ok helper (#437, thanks @​Ibitier)

Commits

• 5c657b3 Release 1.0.102
• e737fb6 Merge pull request #442 from dtolnay/backtrace
• 7fe62b5 Further simply backtrace conditional compilation
• c8cb5ca Merge pull request #441 from dtolnay/backtrace
• de27df7 Delete CI use of --features=backtrace
• 9b67e5d Merge pull request #440 from dtolnay/backtrace
• efdb11a Simplify std_backtrace conditional code
• b8a9a70 Merge pull request #439 from dtolnay/backtrace
• a42fc2c Remove feature = "backtrace" conditional code
• 2a2a3ce Re-word backtrace feature comment
• Additional commits viewable in compare view

Updates regex from 1.12.2 to 1.12.3

Changelog

Sourced from regex's changelog.

1.12.3 (2025-02-03)

This release excludes some unnecessary things from the archive published to crates.io. Specifically, fuzzing data and various shell scripts are now excluded. If you run into problems, please file an issue.

Improvements:

• #1319: Switch from a Cargo exclude list to an include list, and exclude some unnecessary stuff.

Commits

• b028e4f 1.12.3
• 5e195de regex-automata-0.4.14
• a3433f6 regex-syntax-0.8.9
• 0c07fae regex-lite-0.1.9
• 6a81006 cargo: exclude development scripts and fuzzing data
• 4733e28 automata: fix onepass::DFA::try_search_slots panic when too many slots are ...
• See full diff in compare view

Updates url from 2.5.7 to 2.5.8

Commits

• d6ea13c Bump to 2.5.8
• 8269ac3 ci: update cargo-deny config, bump cargo-deny-action to v2 (#1092)
• 6dfdf17 chore: fix some typos in comments (#1090)
• b06048d Attempt to fix 1.82 CI (#1085)
• 9771ab5 Fix roundtripping issue (#1079)
• 22b925f Improve Compile Times with serde_derive (#1075)
• 0afccc9 fix outdated docs for ParseError (#1074)
• See full diff in compare view

Updates thiserror from 2.0.17 to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

• Make compatible with project-level needless_lifetimes = "forbid" (#443, thanks @​LucaCappelletti94)

Commits

• dc0f6a2 Release 2.0.18
• 0275292 Touch up PR 443
• 3c33bc6 Merge pull request #443 from LucaCappelletti94/master
• 995939c Reproduce issue 442
• 21653d1 Made clippy lifetime allows conditional
• 45e5388 Update actions/upload-artifact@v5 -> v6
• 386aac1 Update actions/upload-artifact@v4 -> v5
• ec50561 Update actions/checkout@v5 -> v6
• 247eab5 Update name of empty_enum clippy lint
• 91b181f Raise required compiler to Rust 1.68
• Additional commits viewable in compare view

Updates openai_dive from 1.3.3 to 1.4.1

Release notes

Sourced from openai_dive's releases.

v1.4.1

What's Changed

• Add missing response tools & background parameter by @​RemiSahl in tjardoo/openai-client#159
• Complete /images params by @​MathieuBsqt in tjardoo/openai-client#160
• Add reasoning summary parameter to the /response parameters by @​RemiSahl in tjardoo/openai-client#162
• fix: make FunctionToolCall status optional by @​RemiSahl in tjardoo/openai-client#163
• feat: responses top_logprobs by @​RemiSahl in tjardoo/openai-client#164
• Fix response input by @​RemiSahl in tjardoo/openai-client#165

New Contributors

• @​MathieuBsqt made their first contribution in tjardoo/openai-client#160

Full Changelog: tjardoo/openai-client@1.4.0...1.4.1

v1.4.0

What's Changed

• Fix lowercase -> snake_case by @​DenisGorbachev in tjardoo/openai-client#156
• Add reasoning part in /response streaming by @​RemiSahl in tjardoo/openai-client#158
• Split response & completion usage structs into different types by @​RemiSahl in tjardoo/openai-client#157

Full Changelog: tjardoo/openai-client@1.3.3...1.4.0

Commits

• 4fbaa68 Bump version to 1.4.1
• c0a670c Fix response input (#165)
• 552e2e6 feat: responses top_logprobs (#164)
• 5a51e33 fix: make FunctionToolCall status optional (#163)
• 21d8a3c feat: add reasoning summary parameter (#162)
• f62b5c9 Complete /images params (#160)
• a847e81 Add missing response tools & background parameter (#159)
• 4dea717 Bump version to 1.4.0
• 1c689e2 Bump version to 1.3.4
• 945db6e Split response & completion usage structs into different types (#157)
• Additional commits viewable in compare view

Updates fantoccini from 0.22.0 to 0.22.1

Commits

• ed1d694 Release 0.22.1
• 66fa1df Add ShadowRoot support (GetShadowRoot and find from shadow) (#302)
• 3602e9e chore: drop direct dependency on futures-util (#303)
• 77f03d4 cargo update
• 50e4c17 Cookies can no longer have SameSite=None w/o secure (#306)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.