deps(deps): bump the networking group across 1 directory with 5 updates

[dependabot]

Bumps the networking group with 5 updates in the / directory:

Package	From	To
tower	0.5.2	0.5.3
axum	0.8.7	0.8.8
tower-http	0.6.7	0.6.8
reqwest	0.12.24	0.12.28
hyper-util	0.1.19	0.1.20

Updates tower from 0.5.2 to 0.5.3

Release notes

Sourced from tower's releases.

tower 0.5.3

Added

• builder: Add ServiceBuilder::boxed_clone_sync() helper (#804)

Fixed

• retry: Check that supplied jitter is not NaN (#843)

#804: tower-rs/tower#804 #843: tower-rs/tower#843

Commits

• 4b0a6b0 tower v0.5.3
• 2c8524a tower v0.5.3
• 50fa4b6 ci: upgrade deny check to v2 (#847)
• 73febcd fix: Check that jitter is not NaN instead of finiteness (#843)
• 719ec03 chore: Disable unused futures feature (#838)
• 1992ebd chore(util): remove redundant ready! wrapping in poll implementations (#844)
• 21e01e9 docs: Resolve document warning (#841)
• d1b55be docs: Remove doc_auto_cfg config (#840)
• 9d876c0 ci: Update to actions/checkout v5 (#839)
• a1c277b docs: correct rng pre-requisite comment (#835)
• Additional commits viewable in compare view

Updates axum from 0.8.7 to 0.8.8

Release notes

Sourced from axum's releases.

axum v0.8.8

• Clarify documentation for Router::route_layer (#3567)

#3567: tokio-rs/axum#3567

Commits

• d07863f Release axum v0.8.8 and axum-extra v0.12.3
• 287c674 axum-extra: Make typed-routing feature enable routing feature (#3514)
• f5804aa SecondElementIs: Correct a small inconsistency (#3559)
• f51f3ba axum-extra: Add trailing newline to pretty JSON response (#3526)
• 816407a Fix integer underflow in try_range_response for empty files (#3566)
• 78656eb docs: Clarify route_layer does not apply middleware to the fallback handler...
• See full diff in compare view

Updates tower-http from 0.6.7 to 0.6.8

Release notes

Sourced from tower-http's releases.

tower-http-0.6.8

Fixed

• Disable multiple_members in Gzip decoder, since HTTP context only uses one member. (#621)

#621: tower-rs/tower-http#621

What's Changed

• Disable multiple_members option for gzip decoder by @​ducaale in tower-rs/tower-http#621
• ci: Pin tracing in MSRV job by @​ducaale in tower-rs/tower-http#622
• ci: Switch cargo-public-api-crates to cargo-check-external-types by @​tottoto in tower-rs/tower-http#613
• Remove deprecated annotations and Refactor From implementations by @​sinder38 in tower-rs/tower-http#608
• v0.6.8 by @​seanmonstar in tower-rs/tower-http#624

New Contributors

• @​sinder38 made their first contribution in tower-rs/tower-http#608

Full Changelog: tower-rs/tower-http@tower-http-0.6.7...tower-http-0.6.8

Commits

• 33166c8 v0.6.8
• 6680160 Fix deprecated lints (#608)
• 81b8231 ci: Switch cargo-public-api-crates to cargo-check-external-types (#613)
• 1fb0144 ci: pin tracing in msrv job (#622)
• 1fe4c09 fix(decompression): disable multiple_members option for gzip decoder (#621)
• See full diff in compare view

Updates reqwest from 0.12.24 to 0.12.28

Release notes

Sourced from reqwest's releases.

v0.12.28

What's Changed

• fix: correctly import TokioIo on Windows by @​seanmonstar in seanmonstar/reqwest#2896

Full Changelog: seanmonstar/reqwest@v0.12.27...v0.12.28

v0.12.27

tl;dr

• Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Pipe.

What's Changed

• chore: Disable unused tokio-util codec feature by @​tottoto in seanmonstar/reqwest#2893
• chore: Use http_body_util::BodyDataStream by @​tottoto in seanmonstar/reqwest#2892
• feat: add windows_named_pipe() option to client builder by @​seanmonstar in seanmonstar/reqwest#2789

Full Changelog: seanmonstar/reqwest@v0.12.26...v0.12.27

v0.12.26

tl;dr

• Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

What's Changed

• deps: update cookie_store by @​seanmonstar in seanmonstar/reqwest#2886
• fix: disable default compression from tower-http if not enabled in reqwest by @​seanmonstar in seanmonstar/reqwest#2889
• fix(http3): correct compression defaults by @​seanmonstar in seanmonstar/reqwest#2890

Full Changelog: seanmonstar/reqwest@v0.12.25...v0.12.26

v0.12.25

Highlights

• Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
• Fix sending Proxy-Authorization if only username is configured.
• Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
• Refactor internal decompression handling to use tower-http.

What's Changed

• tests: fix wasm timeout test with uncached response by @​seanmonstar in seanmonstar/reqwest#2853
• docs: document connection pooling behavior by @​vinzmyko in seanmonstar/reqwest#2851
• docs: document WASM client by @​vinzmyko in seanmonstar/reqwest#2859
• chore: minor improvement for docs by @​black5box in seanmonstar/reqwest#2862
• fix: send proxy-authorization even with empty password by @​barjin in seanmonstar/reqwest#2868
• feat(error): add is_upgrade method to detect protocol upgrade errors by @​0x676e67 in seanmonstar/reqwest#2822
• Use decompression from tower-http by @​ducaale in seanmonstar/reqwest#2840

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.12.28

• Fix compiling on Windows if TLS and SOCKS features are not enabled.

v0.12.27

• Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Piper.

v0.12.26

• Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

v0.12.25

• Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
• Fix sending Proxy-Authorization if only username is configured.
• Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
• Refactor internal decompression handling to use tower-http.

Commits

• d978599 v0.12.28
• ef2768a fix: correctly import TokioIo on Windows (#2896)
• 1bf6441 v0.12.27
• 4967b1b feat: add windows_named_pipe() option to client builder (#2789)
• ef5b239 chore: Use http_body_util::BodyDataStream (#2892)
• a810004 chore: Disable unused tokio-util codec feature (#2893)
• 01f03a4 v0.12.26
• e908f57 fix(http3): correct compression defaults (#2890)
• 509c904 fix: disable default compression from tower-http if not enabled in reqwest (#...
• 896aaea deps: update cookie_store to 0.22 (#2886)
• Additional commits viewable in compare view

Updates hyper-util from 0.1.19 to 0.1.20

Release notes

Sourced from hyper-util's releases.

v0.1.20

What's Changed

• fix(matcher): improve domain matching case insensitivity by @​chen-hongzhi in hyperium/hyper-util#251
• fix(matcher): improve subdomain matching case insensitivity by @​0x676e67 in hyperium/hyper-util#252
• fix(docs): correct malformed reference link in set_interface by @​magurotuna in hyperium/hyper-util#254
• chore(ci): update to actions/checkout@v6 by @​tottoto in hyperium/hyper-util#261
• chore: remove unused mac imports by @​bts in hyperium/hyper-util#260
• bump MSRV to 1.64 by @​seanmonstar in hyperium/hyper-util#258
• chore: bump system-configuration to 0.7 by @​BugenZhao in hyperium/hyper-util#256
• chore: use standard library api by @​tottoto in hyperium/hyper-util#263

New Contributors

• @​chen-hongzhi made their first contribution in hyperium/hyper-util#251
• @​bts made their first contribution in hyperium/hyper-util#260
• @​BugenZhao made their first contribution in hyperium/hyper-util#256

Full Changelog: hyperium/hyper-util@v0.1.19...v0.1.20

Changelog

Sourced from hyper-util's changelog.

0.1.20 (2026-02-02)

• Fix proxy::Matcher to properly match domains regardless of casing
• Fix system proxy matcher dependency on macOS when used in sandboxed environements.
• Increased MSRV to 1.64.

Commits

• b23a13e v0.1.20
• ffa5391 chore: use standard library api (#263)
• b43aeab chore: bump system-configuration to 0.7 (#256)
• d841f5d bump MSRV to 1.64 (#258)
• af19656 chore(client): remove unused mac imports in system proxy (#260)
• ad6a63d chore(ci): update to actions/checkout@v6 (#261)
• d5503b2 docs(client): correct malformed reference link in set_interface (#254)
• 8c4f4a0 fix(matcher): improve subdomain matching case insensitivity (#252)
• 1b3fa96 fix(matcher): improve domain matching case insensitivity (#251)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions