cargo: bump the minor group with 3 updates

[dependabot]

Bumps the minor group with 3 updates: tokio, tempfile and tokio-websockets.

Updates tokio from 1.42.0 to 1.43.0

Release notes

Sourced from tokio's releases.

Tokio v1.43.0

1.43.0 (Jan 8th, 2025)

Added

• net: add UdpSocket::peek methods (#7068)
• net: add support for Haiku OS (#7042)
• process: add Command::into_std() (#7014)
• signal: add SignalKind::info on illumos (#6995)
• signal: add support for realtime signals on illumos (#7029)

Fixed

• io: don't call set_len before initializing vector in Blocking (#7054)
• macros: suppress clippy::needless_return in #[tokio::main] (#6874)
• runtime: fix thread parking on WebAssembly (#7041)

Changes

• chore: use unsync loads for unsync_load (#7073)
• io: use Buf::put_bytes in Repeat read impl (#7055)
• task: drop the join waker of a task eagerly (#6986)

Changes to unstable APIs

• metrics: improve flexibility of H2Histogram Configuration (#6963)
• taskdump: add accessor methods for backtrace (#6975)

Documented

• io: clarify ReadBuf::uninit allows initialized buffers as well (#7053)
• net: fix ambiguity in TcpStream::try_write_vectored docs (#7067)
• runtime: fix LocalRuntime doc links (#7074)
• sync: extend documentation for watch::Receiver::wait_for (#7038)
• sync: fix typos in OnceCell docs (#7047)

#6874: tokio-rs/tokio#6874 #6963: tokio-rs/tokio#6963 #6975: tokio-rs/tokio#6975 #6986: tokio-rs/tokio#6986 #6995: tokio-rs/tokio#6995 #7014: tokio-rs/tokio#7014 #7029: tokio-rs/tokio#7029 #7038: tokio-rs/tokio#7038 #7041: tokio-rs/tokio#7041 #7042: tokio-rs/tokio#7042 #7047: tokio-rs/tokio#7047 #7053: tokio-rs/tokio#7053 #7054: tokio-rs/tokio#7054 #7055: tokio-rs/tokio#7055

... (truncated)

Commits

• 5f3296d chore: prepare Tokio v1.43.0 (#7079)
• cc974a6 chore: prepare tokio-macros v2.5.0 (#7078)
• 15495fd metrics: improve flexibility of H2Histogram Configuration (#6963)
• ad41834 io: don't call set_len before initializing vector in Blocking (#7054)
• bd3e857 runtime: move is_join_waker_set assertion in unset_waker (#7072)
• 15f7366 runtime: fix LocalRuntime doc links (#7074)
• fd2048d ci: split miri jobs into unit and integration tests (#7071)
• e8f3915 chore: use unsync loads for unsync_load (#7073)
• 67f1277 net: fix ambiguity in TcpStream::try_write_vectored docs (#7067)
• 463502c io: clarify ReadBuf::uninit allows initialized buffers as well (#7053)
• Additional commits viewable in compare view

Updates tempfile from 3.14.0 to 3.16.0

Changelog

Sourced from tempfile's changelog.

3.16.0

• Update getrandom to 0.3.0 (thanks to @​paolobarbolini).
• Allow windows-sys versions 0.59.x in addition to 0.59.0 (thanks @​ErichDonGubler).
• Improved security documentation (thanks to @​n0toose for collaborating with me on this).

3.15.0

Re-seed the per-thread RNG from system randomness when we repeatedly fail to create temporary files (#314). This resolves a potential DoS vector (#178) while avoiding getrandom in the common case where it's necessary. The feature is optional but enabled by default via the getrandom feature.

For libc-free builds, you'll either need to disable this feature or opt-in to a different getrandom backend.

Commits

• 6ecd9f1 chore: release 3.16.0
• 3693c01 build: upgrade getrandom to v0.3.0 (#320)
• a4596e5 build: allow windows-sys 0.59 (#319)
• 3ac6d4e chore: fix clippy lifetime warning (#318)
• 3a722e8 docs: improve & expand security documentation (#317)
• e7a40e3 Release v3.15.0
• ea45f47 feat: re-seed from system randomness on collision (#314)
• 16209da Fix link to ticket in changelog (#310)
• ae22b27 docs: add owasp link on insecure temporary files (#309)
• See full diff in compare view

Updates tokio-websockets from 0.10.1 to 0.11.1

Changelog

Sourced from tokio-websockets's changelog.

[0.11.1] - 2025-01-26

Changed

• The size of several structs has been slightly decreased, reducing memory usage
• The SIMD algorithms have been improved and support for them is now detected at runtime. The simd feature flag is deprecated
• getrandom was updated to 0.3

Fixed

• Fixed an issue where a pending poll_flush call by a writer would stall infinitely if poll_next was called at the same time (see #92)

[0.11.0] - 2025-01-03

Added

• The SIMD masking code now supports AltiVec on PowerPC targets (nightly only)
• WebSocketStream::{get_ref, get_mut} allow access to the underlying I/O
• client::DISALLOWED_HEADERS is a list of headers that may not be added via ClientBuilder::add_header
• CloseCode::is_reserved returns whether the close code is reserved (i.e. may not be sent over the wire)

Changed

• [breaking] ServerBuilder::accept now returns the client's HTTP request alongside the websocket stream in a tuple
• [breaking] ClientBuilder::add_header now returns a Result and errors when adding a disallowed header
• [breaking] Message::close will now panic when the close code is reserved or the reason exceeds 123 bytes
• [breaking] Message::{ping, pong} will now panic when the payload exceeds 125 bytes
• rustls-platform-verifier was updated to 0.5
• The SIMD masking code is now more efficient

Fixed

• Fixed compilation with SIMD on 32-bit x86 targets
• 32-bit ARM NEON is unstable in rustc and now correctly gated behind the nightly feature

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[djmitche]

Looks like tokio-websockets has an incorrect dependency specified.. Let's wait until next time.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml