chore(deps)(deps): bump the cargo-minor-and-patch group across 1 directory with 10 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the cargo-minor-and-patch group with 9 updates in the / directory:

Package	From	To
tokio	1.52.1	1.52.3
tower-http	0.6.8	0.6.11
metrics	0.24.5	0.24.6
utoipa	5.4.0	5.5.0
jsonwebtoken	10.3.0	10.4.0
lettre	0.11.21	0.11.22
aws-sdk-s3	1.110.0	1.121.0
aws-smithy-runtime-api	1.11.0	1.11.3
tauri	2.11.1	2.11.2

Updates tokio from 1.52.1 to 1.52.3

Release notes

Sourced from tokio's releases.

Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

• sync: fix underflow in mpsc channel len() (#8062)
• sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• sync: require that an RwLock has max_readers != 0 (#8076)
• sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

#8062: tokio-rs/tokio#8062 #8074: tokio-rs/tokio#8074 #8075: tokio-rs/tokio#8075 #8076: tokio-rs/tokio#8076

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Commits

• d875691 chore: prepare Tokio v1.52.3 (#8130)
• e1aebb0 Merge 'tokio-1.51.3' into 'tokio-1.52.x' (#8129)
• fd63094 chore: prepare Tokio v1.51.3 (#8127)
• 8c600d0 Merge 'tokio-1.47.5' into 'tokio-1.51.x' (#8123)
• 11bfc13 chore: prepare Tokio v1.47.5 (#8122)
• f085b62 sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• 30d25cc sync: require that an RwLock has max_readers != 0 (#8076)
• 9fccf53 sync: return Empty from try_recv() when mpsc is closed with outstanding p...
• ebf61b4 sync: fix underflow in mpsc channel len() (#8062)
• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• Additional commits viewable in compare view

Updates tower-http from 0.6.8 to 0.6.11

Release notes

Sourced from tower-http's releases.

tower-http-0.6.11

Added

• set-header: add SetMultipleResponseHeadersLayer and SetMultipleResponseHeader for setting multiple response headers at once. Supports overriding, appending, and if_not_present modes. Header values can be fixed or computed dynamically via closures (#672)

  use http::{Response, header::{self, HeaderValue}};
  use http_body::Body as _;
  use tower_http::set_header::response::SetMultipleResponseHeadersLayer;
  let layer = SetMultipleResponseHeadersLayer::overriding(vec![
  (header::X_FRAME_OPTIONS, HeaderValue::from_static("DENY")).into(),
  (header::CONTENT_LENGTH, |res: &Response<MyBody>| {
  res.body().size_hint().exact()
  .map(|size| HeaderValue::from_str(&size.to_string()).unwrap())
  }).into(),
  ]);

• set-header: add SetMultipleRequestHeadersLayer and SetMultipleRequestHeaders for setting multiple request headers at once, mirroring the response-side API (#677)

• classify: add From<i32> and From<NonZeroI32> impls for GrpcCode. Unrecognized status codes map to GrpcCode::Unknown (#506)

Changed

• compression: compress application/grpc-web responses. Previously all application/grpc* content types were excluded from compression; now only application/grpc (non-web) is excluded (#408)

Fixed

• fs: fix ServeDir returning 500 instead of 405 for non-GET/HEAD requests when call_fallback_on_method_not_allowed is enabled but no fallback service is configured (#587)
• fs: remove duplicate cfg attribute on is_reserved_dos_name (#675)

#408: tower-rs/tower-http#408 #506: tower-rs/tower-http#506 #587: tower-rs/tower-http#587 #672: tower-rs/tower-http#672 #675: tower-rs/tower-http#675 #677: tower-rs/tower-http#677

All PRs

• ci: fix flaky encoding test, add nightly stress test job by @​jlizen in tower-rs/tower-http#670

... (truncated)

Commits

• 1d082ef v0.6.11
• 9c3117d feat: set multiple request header (#677)
• 667e7c7 Remove duplicate cfg attribute for is_reserved_dos_name (#675)
• 7551a9b feat(set_header): refactor and improve multiple header middleware (#672)
• 991e9ee add From<i32> impl for GrpcCode (#506)
• 3962dba Do compress grpc-web responses (#408)
• f0b3bb6 Fix serve_dir method not allowed handling when no fallback is configured (#587)
• d1a571b ci: use static timeout in stress-test workflow (#671)
• 309555a ci: fix flaky encoding test, add nightly stress test job (#670)
• 4532fc2 v0.6.10
• Additional commits viewable in compare view

Updates metrics from 0.24.5 to 0.24.6

Commits

• 23cc597 chore: Release
• 78ebfc3 revert: defer version bumps to cargo-release
• 8d7f5ea update CHANGELOG for metrics
• cd5b9a3 chore(metrics): update doc comments for macros for consistency
• 9cf1f73 fix(metrics): resolve hash mismatch between pre-computed and on-demand key ha...
• 2bfe3ba enhancement(metrics): allow specifying description and unit in registration m...
• dae3a67 chore: Release
• 6dddb64 update CHANGELOG for metrics-exporter-dogstatsd
• 9e387a4 chore: Release
• f21d811 update CHANGELOG for metrics-exporter-prometheus
• Additional commits viewable in compare view

Updates utoipa from 5.4.0 to 5.5.0

Release notes

Sourced from utoipa's releases.

utoipa-5.5.0

What's New 💎 🆕 🎉

• (2492086) Update next release @​juhaku
• (eb520dc) ignore really ignores! (#1500) @​omid
• (7d0d0be) Add support for jiff::Timestamp (#1416) @​paolobarbolini
• (cdff007) Fix typos (#1497) @​jayvdb

Full change log

utoipa-gen-5.5.0

What's New 💎 🆕 🎉

• (2492086) Update next release @​juhaku
• (eb520dc) ignore really ignores! (#1500) @​omid
• (8e6e6ee) Support servers in path macro (#1293) @​infiniteregrets
• (7d0d0be) Add support for jiff::Timestamp (#1416) @​paolobarbolini
• (b07397d) Add serde to the helper attributes for ToSchema (#1472) @​zackyancey
• (8d006bc) Fix: Refactor to avoid clippy::needless_for_each warning in derive(OpenApi) (#1423) @​raimannma
• (cdff007) Fix typos (#1497) @​jayvdb

Full change log

Commits

• 2492086 Update next release
• eb520dc ignore really ignores! (#1500)
• 9cd3ce9 Chore migrate to justfile (#1542)
• 8e6e6ee Support servers in path macro (#1293)
• 7d0d0be Add support for jiff::Timestamp (#1416)
• b07397d Add serde to the helper attributes for ToSchema (#1472)
• 8d006bc Fix: Refactor to avoid clippy::needless_for_each warning in derive(OpenApi) (...
• cdff007 Fix typos (#1497)
• See full diff in compare view

Updates jsonwebtoken from 10.3.0 to 10.4.0

Changelog

Sourced from jsonwebtoken's changelog.

10.4.0 (2026-05-11)

• Fix incorrect encoding for Ed25519 JWK thumbprints
• Make Algorithm.family public and add Validation.new_for_family
• EncodingKey and DecodingKey are now partially zeroized on drop (the intermediate PemEncodedKey isn't so far)

Commits

• 69a8fbf v10.4.0
• d18e40f Update changelog for 10.4.0 (#507)
• ddd2389 security: zeroize encoding and decoding keys (#483)
• 991e89a Fix more clippy complaints (#503)
• 75f2113 algorithms: expose AlgorithmFamily (#466)
• 0c5931a Fixup typo in the DecodingKey::from_ec_der method (#501)
• 8a80349 Small fixes (#498)
• 9934c7f Fix formatting in Ed25519 key serialization (#485)
• See full diff in compare view

Updates lettre from 0.11.21 to 0.11.22

Release notes

Sourced from lettre's releases.

v0.11.22 - update now if you're using Boring TLS

Security

• Fix inverted TLS hostname verification flag in boring-tls backend that silently disabled hostname verification f5efffc

Bug Fixes

• Cap read_response buffer to prevent unbounded memory growth #1143

Misc

• Upgrade rustls-platform-verifier to v0.7 #1136

Changelog

Sourced from lettre's changelog.

v0.11.22 (2026-05-14)

Security

• Fix inverted TLS hostname verification flag in boring-tls backend that silently disabled hostname verification (f5efffc)

Bug Fixes

• Cap read_response buffer to prevent unbounded memory growth (#1143)

Misc

• Upgrade rustls-platform-verifier to v0.7 (#1136)

#1136: lettre/lettre#1136 #1143: lettre/lettre#1143

Commits

• 9b88c4f Prepare v0.11.22
• f5efffc fix(transport-smtp): negate hostname-verify flag for boring-tls
• f62f304 fix(transport-smtp): cap read_response buffer
• fa402db build(deps): upgrade rustls-platform-verifier to v0.7
• See full diff in compare view

Updates aws-sdk-s3 from 1.110.0 to 1.121.0

Commits

• See full diff in compare view

Updates aws-smithy-runtime-api from 1.11.0 to 1.11.3

Commits

• See full diff in compare view

Updates tauri from 2.11.1 to 2.11.2

Release notes

Sourced from tauri's releases.

tauri-cli v2.11.2

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1090 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1088 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
    ├── wry 0.55.0
    │   └── tauri-runtime-wry 2.11.2
    │       └── tauri 2.11.2
    │           ├── tauri-utils 2.9.2
    │           │   ├── tauri-schema-generator 0.0.0
    │           │   ├── tauri-runtime-wry 2.11.2
    │           │   ├── tauri-runtime 2.11.2
    │           │   │   ├── tauri-runtime-wry 2.11.2
    │           │   │   └── tauri 2.11.2
    │           │   ├── tauri-plugin 2.6.2
    │           │   │   ├── tauri-plugin-sample 0.1.0
    │           │   │   │   └── api 0.1.0
    │           │   │   └── tauri-plugin-log 2.6.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-macros 2.6.2
    │           │   │   └── tauri 2.11.2
    │           │   ├── tauri-codegen 2.6.2
    │           │   │   ├── tauri-macros 2.6.2
    │           │   │   └── tauri-build 2.6.2
    │           │   │       ├── tauri-file-associations-demo 0.1.0
    │           │   │       ├── tauri 2.11.2
    │           │   │       ├── resources 0.1.0
    │           │   │       ├── bench_helloworld 0.1.0
    │           │   │       ├── bench_files_transfer 0.1.0
    │           │   │       ├── bench_cpu_intensive 0.1.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-cli 2.11.2
    │           │   │   └── tauri-cli-node 0.0.0
    │           │   ├── tauri-bundler 2.9.2
    │           │   │   └── tauri-cli 2.11.2
    │           │   ├── tauri-build 2.6.2
</tr></table> 

... (truncated)

Commits

• 499df79 apply version updates (#15378)
• 20bb033 Revert "feat: add Windows VC runtime linking and bundling options (#15372)" (...
• b5b72ce fix(tauri-utils): preserve resource source file name when dest is empty (#15383)
• 3fd8ba2 fix: resources after empty directory not copied (#15388)
• 47e1b75 fix: set_as_windows_menu_for_nsapp command wrongly called `set_as_help_menu...
• eadd8f5 chore(deps-dev): bump svelte from 5.53.11 to 5.55.7 (#15382)
• 32d8166 feat: add Windows VC runtime linking and bundling options (#15372)
• b15b859 refactor: make error dialog take &'static str (#15369)
• 0e8e25f chore(deps): update dependency rollup to v4.60.3 (#15355)
• See full diff in compare view

Updates tauri-build from 2.6.1 to 2.6.2

Release notes

Sourced from tauri-build's releases.

tauri-build v2.6.2

Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1090 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1088 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
    ├── wry 0.55.0
    │   └── tauri-runtime-wry 2.11.2
    │       └── tauri 2.11.2
    │           ├── tauri-utils 2.9.2
    │           │   ├── tauri-schema-generator 0.0.0
    │           │   ├── tauri-runtime-wry 2.11.2
    │           │   ├── tauri-runtime 2.11.2
    │           │   │   ├── tauri-runtime-wry 2.11.2
    │           │   │   └── tauri 2.11.2
    │           │   ├── tauri-plugin 2.6.2
    │           │   │   ├── tauri-plugin-sample 0.1.0
    │           │   │   │   └── api 0.1.0
    │           │   │   └── tauri-plugin-log 2.6.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-macros 2.6.2
    │           │   │   └── tauri 2.11.2
    │           │   ├── tauri-codegen 2.6.2
    │           │   │   ├── tauri-macros 2.6.2
    │           │   │   └── tauri-build 2.6.2
    │           │   │       ├── tauri-file-associations-demo 0.1.0
    │           │   │       ├── tauri 2.11.2
    │           │   │       ├── resources 0.1.0
    │           │   │       ├── bench_helloworld 0.1.0
    │           │   │       ├── bench_files_transfer 0.1.0
    │           │   │       ├── bench_cpu_intensive 0.1.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-cli 2.11.2
    │           │   │   └── tauri-cli-node 0.0.0
    │           │   ├── tauri-bundler 2.9.2
    │           │   │   └── tauri-cli 2.11.2
    │           │   ├── tauri-build 2.6.2
</tr></table> 

... (truncated)

Commits

• 499df79 apply version updates (#15378)
• 20bb033 Revert "feat: add Windows VC runtime linking and bundling options (#15372)" (...
• b5b72ce fix(tauri-utils): preserve resource source file name when dest is empty (#15383)
• 3fd8ba2 fix: resources after empty directory not copied (#15388)
• 47e1b75 fix: set_as_windows_menu_for_nsapp command wrongly called `set_as_help_menu...
• eadd8f5 chore(deps-dev): bump svelte from 5.53.11 to 5.55.7 (#15382)
• 32d8166 feat: add Windows VC runtime linking and bundling options (#15372)
• b15b859 refactor: make error dialog take &'static str (#15369)
• 0e8e25f chore(deps): update dependency rollup to v4.60.3 (#15355)
• See full diff in compare view