Bump the cargo-bump group across 1 directory with 18 updates

[dependabot]

Bumps the cargo-bump group with 18 updates in the /backend directory:

Package	From	To
opentelemetry-otlp	0.31.0	0.31.1
tracing-opentelemetry	0.32.0	0.32.1
tracing-subscriber	0.3.22	0.3.23
tracing	0.1.43	0.1.44
tokio	1.48.0	1.50.0
tower-http	0.6.7	0.6.8
axum	0.8.7	0.8.8
serde_json	1.0.145	1.0.149
serde_with	3.16.1	3.18.0
chrono	0.4.42	0.4.44
uuid	1.18.1	1.23.0
jsonwebtoken	10.2.0	10.3.0
anyhow	1.0.100	1.0.102
regex	1.12.2	1.12.3
url	2.5.7	2.5.8
thiserror	2.0.17	2.0.18
openai_dive	1.3.3	1.4.2
fantoccini	0.22.0	0.22.1

Updates opentelemetry-otlp from 0.31.0 to 0.31.1

Release notes

Sourced from opentelemetry-otlp's releases.

opentelemetry-otlp 0.31.1

What's Changed

• feat(OTLP): add tls-ring, tls-aws-lc, and tls-provider-agnostic feature flags [patch release v0.31.1] by @​lalitb in open-telemetry/opentelemetry-rust#3426

Full Changelog: open-telemetry/opentelemetry-rust@v0.31.0...opentelemetry-otlp-0.31.1

Commits

• febe718 feat(OTLP): add tls-ring, tls-aws-lc, and tls-provider-agnostic feature flags...
• See full diff in compare view

Updates tracing-opentelemetry from 0.32.0 to 0.32.1

Release notes

Sourced from tracing-opentelemetry's releases.

0.32.1

Added

• allow OpenTelemetry context access with SpanRef (#234)
• add event-counting filtering layer for spans (#228)
• publicly export SetParentError

Fixed

• fix panic in multithreaded follows-from

Other

• Remove unwanted dependency on opentelemetry sdk crate (#241)
• update README.md links to use the latest version (#239)
• remove thiserror and unused dependencies (#238)

Changelog

Sourced from tracing-opentelemetry's changelog.

0.32.1 - 2025-12-17

Added

• allow OpenTelemetry context access with SpanRef (#234)
• add event-counting filtering layer for spans (#228)
• publicly export SetParentError

Fixed

• fix panic in multithreaded follows-from

Other

• Remove unwanted dependency on opentelemetry sdk crate (#241)
• update README.md links to use the latest version (#239)
• remove thiserror and unused dependencies (#238)

Commits

• feedb22 chore: prepare release of 0.32.1 (#246)
• 99b934b feat: allow OpenTelemetry context access with SpanRef (#234)
• 35be2a5 docs: add functionality rustdocs to layer
• a31f8db fix: fix panic in multithreaded follows-from
• 94fddb0 test: add test for mutlithreaded follows from panic
• 6b81167 Remove unwanted dependency on opentelemetry sdk crate (#241)
• 938a9a8 fix: fix broken compilation (#245)
• 13f7ca2 feat: add event-counting filtering layer for spans (#228)
• 884b00c chore: update README.md links to use the latest version (#239)
• 79be94c chore: remove thiserror and unused dependencies (#238)
• Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.22 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

• Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

Commits

• 54ede4d chore: prepare tracing-subscriber 0.3.23 (#3490)
• 37558d5 subscriber: allow ansi sanitization to be disabled (#3484)
• efc690f core: add missing const (#3449)
• 0c32367 core: Use const initializers instead of once_cell
• 9feb241 docs: add arcswap reload crate to related (#3442)
• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• See full diff in compare view

Updates tracing from 0.1.43 to 0.1.44

Release notes

Sourced from tracing's releases.

tracing 0.1.44

Fixed

• Fix record_all panic (#3432)

Changed

• tracing-core: updated to 0.1.36 (#3440)

#3432: tokio-rs/tracing#3432 #3440: tokio-rs/tracing#3440

Commits

• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• cc44064 chore: prepare tracing-subscriber 0.3.22 (#3428)
• See full diff in compare view

Updates tokio from 1.48.0 to 1.50.0

Release notes

Sourced from tokio's releases.

Tokio v1.50.0

1.50.0 (Mar 3rd, 2026)

Added

• net: add TcpStream::set_zero_linger (#7837)
• rt: add is_rt_shutdown_err (#7771)

Changed

• io: add optimizer hint that memchr returns in-bounds pointer (#7792)
• io: implement vectored writes for write_buf (#7871)
• runtime: panic when event_interval is set to 0 (#7838)
• runtime: shorten default thread name to fit in Linux limit (#7880)
• signal: remember the result of SetConsoleCtrlHandler (#7833)
• signal: specialize windows Registry (#7885)

Fixed

• io: always cleanup AsyncFd registration list on deregister (#7773)
• macros: remove (most) local use declarations in tokio::select! (#7929)
• net: fix GET_BUF_SIZE constant for target_os = "android" (#7889)
• runtime: avoid redundant unpark in current_thread scheduler (#7834)
• runtime: don't park in current_thread if before_park defers waker (#7835)
• io: fix write readiness on ESP32 on short writes (#7872)
• runtime: wake deferred tasks before entering block_in_place (#7879)
• sync: drop rx waker when oneshot receiver is dropped (#7886)
• runtime: fix double increment of num_idle_threads on shutdown (#7910, #7918, #7922)

Unstable

• fs: check for io-uring opcode support (#7815)
• runtime: avoid lock acquisition after uring init (#7850)

Documented

• docs: update outdated unstable features section (#7839)
• io: clarify the behavior of AsyncWriteExt::shutdown() (#7908)
• io: explain how to flush stdout/stderr (#7904)
• io: fix incorrect and confusing AsyncWrite documentation (#7875)
• rt: clarify the documentation of Runtime::spawn (#7803)
• rt: fix missing quotation in docs (#7925)
• runtime: correct the default thread name in docs (#7896)
• runtime: fix event_interval doc (#7932)
• sync: clarify RwLock fairness documentation (#7919)
• sync: clarify that recv returns None once closed and no more messages (#7920)
• task: clarify when to use spawn_blocking vs dedicated threads (#7923)
• task: doc that task drops before JoinHandle completion (#7825)
• signal: guarantee that listeners never return None (#7869)
• task: fix task module feature flags in docs (#7891)

... (truncated)

Commits

• 0273e45 chore: prepare Tokio v1.50.0 (#7934)
• e3ee4e5 chore: prepare tokio-macros v2.6.1 (#7943)
• 8c980ea io: add write_all_vectored to tokio-util (#7768)
• e35fd6d ci: fix patch during clippy step (#7935)
• 03fe44c runtime: fix event_interval doc (#7932)
• d18e5df io: fix race in Mock::poll_write (#7882)
• f21f269 runtime: fix race condition during the blocking pool shutdown (#7922)
• d81e8f0 macros: remove (most) local use declarations in tokio::select! (#7929)
• 25e7f26 rt: fix missing quotation in docs (#7925)
• e1a91ef util: fix typo in docs (#7926)
• Additional commits viewable in compare view

Updates tower-http from 0.6.7 to 0.6.8

Release notes

Sourced from tower-http's releases.

tower-http-0.6.8

Fixed

• Disable multiple_members in Gzip decoder, since HTTP context only uses one member. (#621)

#621: tower-rs/tower-http#621

What's Changed

• Disable multiple_members option for gzip decoder by @​ducaale in tower-rs/tower-http#621
• ci: Pin tracing in MSRV job by @​ducaale in tower-rs/tower-http#622
• ci: Switch cargo-public-api-crates to cargo-check-external-types by @​tottoto in tower-rs/tower-http#613
• Remove deprecated annotations and Refactor From implementations by @​sinder38 in tower-rs/tower-http#608
• v0.6.8 by @​seanmonstar in tower-rs/tower-http#624

New Contributors

• @​sinder38 made their first contribution in tower-rs/tower-http#608

Full Changelog: tower-rs/tower-http@tower-http-0.6.7...tower-http-0.6.8

Commits

• 33166c8 v0.6.8
• 6680160 Fix deprecated lints (#608)
• 81b8231 ci: Switch cargo-public-api-crates to cargo-check-external-types (#613)
• 1fb0144 ci: pin tracing in msrv job (#622)
• 1fe4c09 fix(decompression): disable multiple_members option for gzip decoder (#621)
• See full diff in compare view

Updates axum from 0.8.7 to 0.8.8

Release notes

Sourced from axum's releases.

axum v0.8.8

• Clarify documentation for Router::route_layer (#3567)

#3567: tokio-rs/axum#3567

Commits

• d07863f Release axum v0.8.8 and axum-extra v0.12.3
• 287c674 axum-extra: Make typed-routing feature enable routing feature (#3514)
• f5804aa SecondElementIs: Correct a small inconsistency (#3559)
• f51f3ba axum-extra: Add trailing newline to pretty JSON response (#3526)
• 816407a Fix integer underflow in try_range_response for empty files (#3566)
• 78656eb docs: Clarify route_layer does not apply middleware to the fallback handler...
• See full diff in compare view

Updates serde_json from 1.0.145 to 1.0.149

Release notes

Sourced from serde_json's releases.

v1.0.149

• Align arbitrary_precision number strings with zmij's formatting (#1306, thanks @​b41sh)

v1.0.148

• Update zmij dependency to 1.0

v1.0.147

• Switch float-to-string algorithm from Ryū to Żmij for better f32 and f64 serialization performance (#1304)

v1.0.146

• Set fast_arithmetic=64 for riscv64 (#1305, thanks @​Xeonacid)

Commits

• 4f6dbfa Release 1.0.149
• f3df680 Touch up PR 1306
• e16730f Merge pull request #1306 from b41sh/fix-float-number-display
• eeb2bcd Align arbitrary_precision number strings with zmij’s formatting
• 8b291c4 Release 1.0.148
• 1aefe15 Update to zmij 1.0
• 62d6e8d Release 1.0.147
• fd829a6 Merge pull request #1304 from dtolnay/zmij
• e757a3d Switch from ryu -> zmij for float formatting
• 75ad7e6 Release 1.0.146
• Additional commits viewable in compare view

Updates serde_with from 3.16.1 to 3.18.0

Release notes

Sourced from serde_with's releases.

serde_with v3.18.0

Added

• Support OneOrMany with more sequence and set types (#929)

Changed

• Bump MSRV to 1.88 due to the darling dependency

serde_with v3.17.0

Added

• Support OneOrMany with smallvec v1 (#920, #922)

Changed

• Switch to yaml_serde for a maintained yaml dependency by @​kazan417 (#921)
• Bump MSRV to 1.82, since that is required for yaml_serde dev-dependency.

Commits

• d50ec96 Bump version to 3.18.0 (#931)
• 984fe32 Bump version to 3.18.0
• 4ba41c7 Bump actions/upload-artifact from 6 to 7 in the github-actions group (#927)
• 8fb2468 Bump actions/upload-artifact from 6 to 7 in the github-actions group
• aec0a23 Bump MSRV to 1.88 (#930)
• 25c15a2 Update time dependency to 0.3.47
• 93bd3f4 Update test output after darling update
• f825dbf Upgrade darling to 0.23.0
• 65cbd73 Bump MSRV to 1.88
• daff02e Extend OneOrMany implementation to more collection types (#929)
• Additional commits viewable in compare view

Updates chrono from 0.4.42 to 0.4.44

Release notes

Sourced from chrono's releases.

0.4.44

What's Changed

• docs: match MSRV with Cargo.toml contents by @​coryan in chronotope/chrono#1772
• Add track_caller to non-deprecated functions by @​svix-jplatte in chronotope/chrono#1774

0.4.43

What's Changed

• Install extra components for lint workflow by @​djc in chronotope/chrono#1741
• Upgrade windows-bindgen to 0.64 by @​djc in chronotope/chrono#1742
• Improve windows-bindgen setup by @​djc in chronotope/chrono#1744
• Drop stabilized feature doc_auto_cfg by @​djc in chronotope/chrono#1745
• Faster RFC 3339 parsing by @​djc in chronotope/chrono#1748
• Update windows-bindgen requirement from 0.64 to 0.65 by @​dependabot[bot] in chronotope/chrono#1751
• add NaiveDate::abs_diff by @​Kinrany in chronotope/chrono#1752
• Add feature gated defmt support. by @​pebender in chronotope/chrono#1747
• Drop deny lints, eager Debug impls are a mixed blessing by @​djc in chronotope/chrono#1753
• chore: minor improvement for docs by @​spuradage in chronotope/chrono#1756
• Added doctest for the NaiveDate years_since function by @​LucasBou in chronotope/chrono#1755
• Prepare 0.4.43 by @​djc in chronotope/chrono#1765
• Update copyright year to 2026 in LICENSE.txt by @​taozui472 in chronotope/chrono#1767

Commits

• c14b459 Bump version to 0.4.44
• ea832c5 Add track_caller to non-deprecated functions
• cfae889 Fix panic message in to_rfc2822
• f8900b5 docs: match MSRV with Cargo.toml contents
• 45caaa9 Update copyright year to 2026 in LICENSE.txt
• 1c0b8f0 Bump version to 0.4.43
• a03e43b Upgrade windows-bindgen to 0.66
• 4fedaba Ignore bincode advisory
• f4b7bbd Bump actions/checkout from 5 to 6
• db12973 Added doctest for the NaiveDate years_since function (#1755)
• Additional commits viewable in compare view

Updates uuid from 1.18.1 to 1.23.0

Release notes

Sourced from uuid's releases.

v1.23.0

What's Changed

• feat: add support for 'hyphenated' format in the serde module by @​FrenchDilettante in uuid-rs/uuid#865
• Fix a number of bugs in time-related code by @​KodrAus in uuid-rs/uuid#872
• Reword invalid char error message by @​KodrAus in uuid-rs/uuid#873
• Impl cleanups by @​KodrAus in uuid-rs/uuid#874
• Use LazyLock to synchronize v1/v6 context initialization by @​KodrAus in uuid-rs/uuid#875
• Prepare for 1.23.0 release by @​KodrAus in uuid-rs/uuid#876

New Contributors

• @​FrenchDilettante made their first contribution in uuid-rs/uuid#865

Special thanks

@​meng-xu-cs raised a series of bugs against the timestamp logic in uuid using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better uuid library for everyone. Thanks!

Deprecations

This release includes the following deprecations:

• Context: Renamed to ContextV1
• Timestamp::from_gregorian: Renamed to Timestamp::from_gregorian_time

Change to Version::Max

Version::Max's u8 representation has changed from 0xff to 0x0f to match the value returned by Uuid::get_version_num.

Change to Uuid::get_version for the max UUID

Uuid::get_version will only return Some(Version::Max) if the UUID is actually the max UUID (all bytes are 0xff). Previously it would return Some if only the version field was 0x0f. This change matches the behaviour of the nil UUID, which only returns Some(Version::Nil) if the UUID is the nil UUID (all bytes are 0x00).

Full Changelog: uuid-rs/uuid@v1.22.0...v1.23.0

v1.22.0

What's Changed

• Default to rand 0.10 by @​haxtibal in uuid-rs/uuid#863
• Prepare for 1.22.0 release by @​KodrAus in uuid-rs/uuid#864

New Contributors

• @​haxtibal made their first contribution in uuid-rs/uuid#863

Full Changelog: uuid-rs/uuid@v1.21.0...v1.22.0

v1.21.0

What's Changed

• Update getrandom to 0.4 by @​KodrAus in uuid-rs/uuid#858
• feat: impl core::error::Error for Error by @​XAMPPRocky in uuid-rs/uuid#852
• Prepare for 1.21.0 release by @​KodrAus in uuid-rs/uuid#859

New Contributors

... (truncated)

Commits

• 00ab922 Merge pull request #876 from uuid-rs/cargo/v1.23.0
• 726ba45 prepare for 1.23.0 release
• 996dade Merge pull request #875 from uuid-rs/fix/context-ordering
• e140479 simplify a use stmt
• 8ed9142 reorganize and document more v7 context internals
• e09a322 use LazyLock to synchronize v1/v6 context initialization
• 0f260cc Merge pull request #874 from uuid-rs/chore/impl-cleanups
• 1419e91 clean up and refactor main lib tests
• ceeaf4b ensure we don't overflow on counters less than 12
• 63bc8f5 Merge pull request #873 from uuid-rs/fix/error-msg
• Additional commits viewable in compare view

Updates jsonwebtoken from 10.2.0 to 10.3.0

Changelog

Sourced from jsonwebtoken's changelog.

10.3.0 (2026-01-27)

• Export everything needed to define your own CryptoProvider
• Fix type confusion with exp/nbf when not required

Commits

• abbc307 Fix type confusion
• e99740d fix: bump minimal version requirements (#481)
• 50d15e0 Use try_sign to avoid panics (#479)
• 245858f Bump some dep
• 122c2ed Bump action number in CI
• 72e0c7f Expose cryptography backends via CryptoProvider (#452)
• See full diff in compare view

Updates anyhow from 1.0.100 to 1.0.102

Release notes

Sourced from anyhow's releases.

1.0.102

• Remove backtrace dependency (#438, #439, #440, #441, #442)

1.0.101

• Add #[inline] to anyhow::Ok helper (#437, thanks @​Ibitier)

Commits

• 5c657b3 Release 1.0.102
• e737fb6 Merge pull request #442 from dtolnay/backtrace
• 7fe62b5 Further simply backtrace conditional compilation
• c8cb5ca Merge pull request #441 from dtolnay/backtrace
• de27df7 Delete CI use of --features=backtrace
• 9b67e5d Merge pull request #440 from dtolnay/backtrace
• efdb11a Simplify std_backtrace conditional code
• b8a9a70 Merge pull request #439 from dtolnay/backtrace
• a42fc2c Remove feature = "backtrace" conditional code
• 2a2a3ce Re-word backtrace feature comment
• Additional commits viewable in compare view

Updates regex from 1.12.2 to 1.12.3

Changelog

Sourced from regex's changelog.

1.12.3 (2025-02-03)

This release excludes some unnecessary things from the archive published to crates.io. Specifically, fuzzing data and various shell scripts are now excluded. If you run into problems, please file an issue.

Improvements:

• #1319: Switch from a Cargo exclude list to an include list, and exclude some unnecessary stuff.

Commits

• b028e4f 1.12.3
• 5e195de regex-automata-0.4.14
• a3433f6 regex-syntax-0.8.9
• 0c07fae regex-lite-0.1.9
• 6a81006 cargo: exclude development scripts and fuzzing data
• 4733e28 automata: fix onepass::DFA::try_search_slots panic when too many slots are ...
• See full diff in compare view

Updates url from 2.5.7 to 2.5.8

Commits

• d6ea13c Bump to 2.5.8
• 8269ac3 ci: update cargo-deny config, bump cargo-deny-action to v2 (#1092)
• 6dfdf17 chore: fix some typos in comments (#1090)
• b06048d Attempt to fix 1.82 CI (#1085)
• 9771ab5 Fix roundtripping issue (#1079)
• 22b925f Improve Compile Times with serde_derive (#1075)
• 0afccc9 fix outdated docs for ParseError (#1074)
• See full diff in compare view

Updates thiserror from 2.0.17 to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

• Make compatible with project-level needless_lifetimes = "forbid" (#443, thanks @​LucaCappelletti94)

Commits

• dc0f6a2 Release 2.0.18
• 0275292 Touch up PR 443
• 3c33bc6 Merge pull request #443 from LucaCappelletti94/master
• 995939c Reproduce issue 442
• 21653d1 Made clippy lifetime allows conditional
• 45e5388 Update actions/upload-artifact@v5 -> v6
• 386aac1 Update actions/upload-artifact@v4 -> v5
• ec50561 Update actions/checkout@v5 -> v6
• 247eab5 Update name of empty_enum clippy lint
• 91b181f Raise required compiler to Rust 1.68
• Additional commits viewable in compare view

Updates openai_dive from 1.3.3 to 1.4.2

Release notes

Sourced from openai_dive's releases.

v1.4.2

What's Changed

• Add missing audio voices (ballad, verse, marin and cedar) by @​fbilhaut in tjardoo/openai-client#166
• fix: add service_tier to ResponseParameters by @​RemiSahl in tjardoo/openai-client#167
• Update GPT5.4 by @​tjardoo in tjardoo/openai-client#168

Full Changelog: tjardoo/openai-client@1.4.1...1.4.2

v1.4.1

What's Changed

• Add missing response tools & background parameter by @​RemiSahl in tjardoo/openai-client#159
• Complete /images params by @​MathieuBsqt in tjardoo/openai-client#160
• Add reasoning summary parameter to the /response parameters by @​RemiSahl in tjardoo/openai-client#162
• fix: make FunctionToolCall status optional by @​RemiSahl in tjardoo/openai-client#163
• feat: responses top_logprobs by @​RemiSahl in tjardoo/openai-client#164
• Fix response input by @​RemiSahl in tjardoo/openai-client#165

New Contributors

• @​MathieuBsqt made their first contribution in tjardoo/openai-client#160

Full Changelog: tjardoo/openai-client@1.4.0...1.4.1

v1.4.0

What's Changed

• Fix lowercase -> snake_case by @​DenisGorbachev in tjardoo/openai-client#156
• Add reasoning part in /response streaming by @​RemiSahl in tjardoo/openai-client#158
• Split response & completion usage structs into different types by @​RemiSahl in tjardoo/openai-client#157

Full Changelog: tjardoo/openai-client@1.3.3...1.4.0

Commits

• 06b253a Bump version to 1.4.2
• 70afa72 Update GPT5.4 (#168)
• bbc3502 fix: add service_tier to ResponseParameters (#167)
• 1361b04 Add missing audio voices (ballad, verse, marin and cedar) (#166)
• 4fbaa68 Bump version to 1.4.1
• c0a670c Fix response input (#165)
• 552e2e6 feat: responses top_logprobs (#164)
• 5a51e33 fix: make FunctionToolCall status optional (#163)
• 21d8a3c feat: add reasoning summary parameter (#162)
• f62b5c9 Complete /images params (#160)
• Additional commits viewable in compare view

Updates fantoccini from 0.22.0 to 0.22.1

Commits

• ed1d694 Release 0.22.1
• 66fa1df Add ShadowRoot support (GetShadowRoot and find from shadow) (#302)
• 3602e9e chore: drop direct dependency on futures-util (#303)
• 77f03d4 cargo update
• 50e4c17 Cookies can no longer have SameSite=None w/o secure (#306)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unigno...

Description has been truncated