Skip to content

Combined Dependabot PRs 2026-02-09#299

Merged
CleanCut merged 12 commits intomainfrom
combined-dependabot-20260209-043401
Feb 11, 2026
Merged

Combined Dependabot PRs 2026-02-09#299
CleanCut merged 12 commits intomainfrom
combined-dependabot-20260209-043401

Conversation

@code-search-bot
Copy link
Collaborator

@code-search-bot code-search-bot commented Feb 9, 2026

This PR combines 6 Dependabot PRs.

ℹ️ Details from merged PRs:

Details from Bump prost-wkt from 0.7.0 to 0.7.1

Release notes

Sourced from prost-wkt's releases.

Release v0.7.1

What's Changed

Full Changelog: fdeantoni/prost-wkt@v0.7.0...v0.7.1

Changelog

Sourced from prost-wkt's changelog.

Release 0.7.1

What's Changed

  • Converted to proper cargo workspace layout
  • Updated rust-version in line with prost to 1.82
  • Updated schema-rs from 0.8.0 to 1.2.0 by @​maxwase in fdeantoni/prost-wkt#85

Full Changelog: fdeantoni/prost-wkt@v0.7.0...v0.7.1

Commits

Details from Bump tokio from 1.48.0 to 1.49.0

Release notes

Sourced from tokio's releases.

Tokio v1.49.0

1.49.0 (January 3rd, 2026)

Added

  • net: add support for TCLASS option on IPv6 (#7781)
  • runtime: stabilize runtime::id::Id (#7125)
  • task: implement Extend for JoinSet (#7195)
  • task: stabilize the LocalSet::id() (#7776)

Changed

  • net: deprecate {TcpStream,TcpSocket}::set_linger (#7752)

Fixed

  • macros: fix the hygiene issue of join! and try_join! (#7766)
  • runtime: revert "replace manual vtable definitions with Wake" (#7699)
  • sync: return TryRecvError::Disconnected from Receiver::try_recv after Receiver::close (#7686)
  • task: remove unnecessary trait bounds on the Debug implementation (#7720)

Unstable

  • fs: handle EINTR in fs::write for io-uring (#7786)
  • fs: support io-uring with tokio::fs::read (#7696)
  • runtime: disable io-uring on EPERM (#7724)
  • time: add alternative timer for better multicore scalability (#7467)

Documented

  • docs: fix a typos in bounded.rs and park.rs (#7817)
  • io: add SyncIoBridge cross-references to copy and copy_buf (#7798)
  • io: doc that AsyncWrite does not inherit from std::io::Write (#7705)
  • metrics: clarify that num_alive_tasks is not strongly consistent (#7614)
  • net: clarify the cancellation safety of the TcpStream::peek (#7305)
  • net: clarify the drop behavior of unix::OwnedWriteHalf (#7742)
  • net: clarify the platform-dependent backlog in TcpSocket docs (#7738)
  • runtime: mention LocalRuntime in new_current_thread docs (#7820)
  • sync: add missing period to mpsc::Sender::try_send docs (#7721)
  • sync: clarify the cancellation safety of oneshot::Receiver (#7780)
  • sync: improve the docs for the errors of mpsc (#7722)
  • task: add example for spawn_local usage on local runtime (#7689)

#7125: tokio-rs/tokio#7125 #7195: tokio-rs/tokio#7195 #7305: tokio-rs/tokio#7305 #7467: tokio-rs/tokio#7467 #7614: tokio-rs/tokio#7614 #7686: tokio-rs/tokio#7686 #7689: tokio-rs/tokio#7689

... (truncated)

Commits

Details from Bump quote from 1.0.42 to 1.0.43

Release notes

Sourced from quote's releases.

1.0.43

  • Disambiguate references to stringify! macro inside generated code (#316)
Commits
  • 635ee67 Release 1.0.43
  • 5f605a6 Reorder module-level attributes in crate root
  • 9c63cee Delete html_root_url comment
  • 009af09 Disallow direct use of quote v1 as a no-std crate
  • 546c7c2 Merge pull request 320 from tamird/no-std
  • fc59136 Merge pull request #319 from tamird/fix-tests
  • b3faa37 Make the crate no_std
  • 8e70480 Merge pull request #318 from tamird/more-core
  • 3b9996b tests: fix compilation with --no-default-features
  • 4d1e4fe Change std imports to core/alloc
  • Additional commits viewable in compare view

Details from Bump syn from 2.0.112 to 2.0.114

Release notes

Sourced from syn's releases.

2.0.114

  • Make std dependencies more easily discoverable in source code (#1956, thanks @​tamird)

2.0.113

  • Allow parsing TypeParam with colon not followed by any type param bounds (#1953, thanks @​wyfo)
Commits

Details from Bump url from 2.5.7 to 2.5.8

Commits

Details from Bump bytes from 1.10.1 to 1.11.1 in the cargo group across 1 directory

Release notes

Sourced from bytes's releases.

Bytes v1.11.1

1.11.1 (February 3rd, 2026)

  • Fix integer overflow in BytesMut::reserve

Bytes v1.11.0

1.11.0 (November 14th, 2025)

  • Bump MSRV to 1.57 (#788)

Fixed

  • fix: BytesMut only reuse if src has remaining (#803)
  • Specialize BytesMut::put::<Bytes> (#793)
  • Reserve capacity in BytesMut::put (#794)
  • Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

  • Guarantee address in slice() for empty slices. (#780)
  • Rename Vtable::to_* -> Vtable::into_* (#776)
  • Fix latest clippy warnings (#787)
  • Ignore BytesMut::freeze doctest on wasm (#790)
  • Move drop_fn of from_owner into vtable (#801)
Changelog

Sourced from bytes's changelog.

1.11.1 (February 3rd, 2026)

  • Fix integer overflow in BytesMut::reserve

1.11.0 (November 14th, 2025)

  • Bump MSRV to 1.57 (#788)

Fixed

  • fix: BytesMut only reuse if src has remaining (#803)
  • Specialize BytesMut::put::<Bytes> (#793)
  • Reserve capacity in BytesMut::put (#794)
  • Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

  • Guarantee address in slice() for empty slices. (#780)
  • Rename Vtable::to_* -> Vtable::into_* (#776)
  • Fix latest clippy warnings (#787)
  • Ignore BytesMut::freeze doctest on wasm (#790)
  • Move drop_fn of from_owner into vtable (#801)
Commits

dependabot bot and others added 12 commits January 15, 2026 16:33
@dependabot
Bump prost-wkt from 0.7.0 to 0.7.1
31a7acd 
Bumps [prost-wkt](https://github.com/fdeantoni/prost-wkt) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/fdeantoni/prost-wkt/releases)
- [Changelog](https://github.com/fdeantoni/prost-wkt/blob/master/CHANGELOG.md)
- [Commits](fdeantoni/prost-wkt@v0.7.0...v0.7.1)

---
updated-dependencies:
- dependency-name: prost-wkt
  dependency-version: 0.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump tokio from 1.48.0 to 1.49.0
f9d375c 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.48.0 to 1.49.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.48.0...tokio-1.49.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump quote from 1.0.42 to 1.0.43
41e227d 
Bumps [quote](https://github.com/dtolnay/quote) from 1.0.42 to 1.0.43.
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](dtolnay/quote@1.0.42...1.0.43)

---
updated-dependencies:
- dependency-name: quote
  dependency-version: 1.0.43
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump syn from 2.0.112 to 2.0.114
c0d8a7b 
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.112 to 2.0.114.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](dtolnay/syn@2.0.112...2.0.114)

---
updated-dependencies:
- dependency-name: syn
  dependency-version: 2.0.114
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump url from 2.5.7 to 2.5.8
186fd17 
Bumps [url](https://github.com/servo/rust-url) from 2.5.7 to 2.5.8.
- [Release notes](https://github.com/servo/rust-url/releases)
- [Commits](servo/rust-url@v2.5.7...v2.5.8)

---
updated-dependencies:
- dependency-name: url
  dependency-version: 2.5.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump bytes from 1.10.1 to 1.11.1 in the cargo group across 1 directory
927e871 
Bumps the cargo group with 1 update in the / directory: [bytes](https://github.com/tokio-rs/bytes).


Updates `bytes` from 1.10.1 to 1.11.1
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.10.1...v1.11.1)

---
updated-dependencies:
- dependency-name: bytes
  dependency-version: 1.11.1
  dependency-type: indirect
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@code-search-bot
Merge dependabot/cargo/prost-wkt-0.7.1 into combined-dependabot-20260…
154a783 
…209-043401
@code-search-bot
Merge dependabot/cargo/tokio-1.49.0 into combined-dependabot-20260209…
ac60a3a 
…-043401
@code-search-bot
Merge dependabot/cargo/quote-1.0.43 into combined-dependabot-20260209…
0832cd6 
…-043401
@code-search-bot
Merge dependabot/cargo/syn-2.0.114 into combined-dependabot-20260209-…
beb2412 
…043401
@code-search-bot
Merge dependabot/cargo/url-2.5.8 into combined-dependabot-20260209-04…
9f261c5 
…3401
@code-search-bot
Merge dependabot/cargo/cargo-f6ecf5c85a into combined-dependabot-2026…
23f6781 
…0209-043401
@code-search-bot code-search-bot requested a review from a team as a code owner February 9, 2026 04:34
Copilot AI review requested due to automatic review settings February 9, 2026 04:34
Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR consolidates multiple Dependabot updates, primarily refreshing Rust ecosystem dependencies across the workspace (library crate + example) and updating the lockfile accordingly.

Changes:

  • Bump tokio to 1.49 in example and crates/twirp.
  • Refresh Cargo.lock to newer resolved versions including bytes 1.11.1, prost-wkt 0.7.1, quote 1.0.43, syn 2.0.114, url 2.5.8, and related transitive updates.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File Description
example/Cargo.toml Updates tokio dependency to 1.49 for the example binaries.
crates/twirp/Cargo.toml Updates tokio dependency to 1.49 for the twirp crate.
Cargo.lock Updates resolved dependency versions to match the bumped crates and transitive updates.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

CleanCut
CleanCut approved these changes Feb 11, 2026
View reviewed changes
Copy link
Contributor

@CleanCut CleanCut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • prost-wkt - upstream bump
  • tokio - fixes and additions, a couple deprecations that don't affect us
  • quote - a fix
  • syn - fixes
  • url - upstream bump, fixes
  • bytes - a fix

@CleanCut CleanCut added this pull request to the merge queue Feb 11, 2026
Merged via the queue into main with commit 7e05193 Feb 11, 2026
11 checks passed
@CleanCut CleanCut deleted the combined-dependabot-20260209-043401 branch February 11, 2026 04:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@CleanCut CleanCut CleanCut approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@code-search-bot @CleanCut