Bump the rust-minor-and-patch group across 1 directory with 10 updates

[dependabot]

Bumps the rust-minor-and-patch group with 10 updates in the /v2 directory:

Package	From	To
serde_json	1.0.149	1.0.150
bytes	1.11.1	1.12.0
lz4_flex	0.13.0	0.13.1
memmap2	0.9.10	0.9.11
tokio	1.52.2	1.52.3
time	0.3.47	0.3.51
chrono	0.4.44	0.4.45
log	0.4.29	0.4.33
prost	0.14.3	0.14.4
snafu	0.9.0	0.9.1

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates bytes from 1.11.1 to 1.12.0

Release notes

Sourced from bytes's releases.

Bytes v1.12.0

1.12.0 (June 18th, 2026)

Added

• Add BytesMut::extend_from_within() (#818)
• Add BytesMut::try_unsplit() (#746)

Fixed

• Fix panic in get_int if nbytes is zero (#806)

Changed

• Pass vtable data by value (#826)
• Exclude development scripts from published package (#810)

Documented

• Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)

Changelog

Sourced from bytes's changelog.

1.12.0 (June 18th, 2026)

Added

• Add BytesMut::extend_from_within() (#818)
• Add BytesMut::try_unsplit() (#746)

Fixed

• Fix panic in get_int if nbytes is zero (#806)

Changed

• Pass vtable data by value (#826)
• Exclude development scripts from published package (#810)

Documented

• Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)

Commits

• 91402ce Release bytes v1.12.0 (#831)
• 2256e6d chore: add safety comments on unsafe blocks (#827)
• 245adff Pass vtable data by value (#826)
• 00cc5ff Implement BytesMut::extend_from_within (#818)
• 5b79d31 Merge tag 'v1.11.1'
• 804ee6d Make try_unsplit method public (#746)
• fd426ca Exclude development scripts from published package (#810)
• b4ed70d Add test for copy_to_bytes() -> BytesMut avoiding clone (#809)
• 94e4291 Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capac...
• acd1e0f Fix get_int if nbytes is zero (#806)
• See full diff in compare view

Updates lz4_flex from 0.13.0 to 0.13.1

Release notes

Sourced from lz4_flex's releases.

0.13.1

What's Changed

• Fix panic in Fromio::Error implementation for frame::Error by @​phoerious in PSeitz/lz4_flex#221
• fix: handle short compression dictionaries by @​PSeitz in PSeitz/lz4_flex#222

New Contributors

• @​dglittle made their first contribution in PSeitz/lz4_flex#205
• @​phoerious made their first contribution in PSeitz/lz4_flex#221

Full Changelog: PSeitz/lz4_flex@0.13.0...0.13.1

Changelog

Sourced from lz4_flex's changelog.

0.13.1 (2026-05-09)

Fixes

• Fix compression with short dictionaries (less than 4 bytes), avoiding a panic/out-of-bounds read #222

Compression with dictionaries shorter than the minimum match length of 4 now falls
back to compression without a dictionary instead of panicking or reading past
the dictionary. 
This is a security fix for unsafe compression with untrusted dictionaries.

Users on 0.13.0 should upgrade to 0.13.1.

• Fix panic in From<io::Error> implementation for frame::Error #221 (thanks @​phoerious)

Commits

• 8507d2e bump version
• 5a1962c update CHANGELOG
• ce548ab fix: handle short compression dictionaries
• 1756d13 Fix panic in From<io::Error> implementation for frame::Error
• a513030 update binggan
• 0b9bd1d check fmt in CI
• c5b546f release 0.13.0
• See full diff in compare view

Updates memmap2 from 0.9.10 to 0.9.11

Changelog

Sourced from memmap2's changelog.

[0.9.11] - 2026-06-22

Fixed

• Fix unchecked pointer arithmatic in advice_range, unchecked_advise_range, flush_range and flush_async_range.

Changed

• Bump the MSRV from 1.63 to 1.65.

Commits

• 7d76ad3 Merge pull request #171 from RazrFalcon/release/v0.9.11
• 34f87ab Bump version to 0.9.11
• de56043 Merge pull request #170 from RazrFalcon/fix-unchecked-pointer-math
• 8b31409 Bump MSRV to 1.65 (to follow libc).
• cee7cf0 Fix unchecked pointer math.
• e741b00 Merge pull request #166 from andybalaam/typo-crated
• 28fdcdd Fix typo 'crated' -> 'created'
• See full diff in compare view

Updates tokio from 1.52.2 to 1.52.3

Release notes

Sourced from tokio's releases.

Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

• sync: fix underflow in mpsc channel len() (#8062)
• sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• sync: require that an RwLock has max_readers != 0 (#8076)
• sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

#8062: tokio-rs/tokio#8062 #8074: tokio-rs/tokio#8074 #8075: tokio-rs/tokio#8075 #8076: tokio-rs/tokio#8076

Commits

• d875691 chore: prepare Tokio v1.52.3 (#8130)
• e1aebb0 Merge 'tokio-1.51.3' into 'tokio-1.52.x' (#8129)
• fd63094 chore: prepare Tokio v1.51.3 (#8127)
• 8c600d0 Merge 'tokio-1.47.5' into 'tokio-1.51.x' (#8123)
• 11bfc13 chore: prepare Tokio v1.47.5 (#8122)
• f085b62 sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• 30d25cc sync: require that an RwLock has max_readers != 0 (#8076)
• 9fccf53 sync: return Empty from try_recv() when mpsc is closed with outstanding p...
• ebf61b4 sync: fix underflow in mpsc channel len() (#8062)
• See full diff in compare view

Updates time from 0.3.47 to 0.3.51

Release notes

Sourced from time's releases.

v0.3.51

See the changelog for details.

v0.3.49

See the changelog for details.

v0.3.48

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.51 [2026-06-22]

Fixed

• time compiles with macros enabled. This version is otherwise identical to v0.3.50.

0.3.50 [2026-06-22]

Added

• Timestamp type

Fixed

• [year] in a runtime-parsed version 3 format description when the large-dates feature is not enabled now succeeds. This previously failed due to a missing #[cfg].

Performance

• Further gains when parsing with the non-deprecated parts of the RFC 2822 well-known format
• Gains when formatting with the ISO 8601 well-known format
• Date arithmetic is improved in common situations

0.3.49 [2026-06-13]

Fixed

• Due to a long-standing bug in the Rust compiler, v0.3.48 caused a number of crates to stop compiling. A patch has been added that avoids triggering the bug.

0.3.48 [2026-06-12] [YANKED]

Security

• The number of digits parsed by [subsecond digits:1+] is capped at 32 to avoid parsing unbounded user input. Digits after the 9th have no semantic meaning.
• Explicitly specify #[repr] for Weekday. The value of the variants is relied upon in multiple locations for soundness. The practical effect of this change is nothing, as Rust has always mapped C-like enums to 0..N in memory.

Compatibility

• Non-UTF-8 formatting and parsing is deprecated without replacement. It is recommended to only format and parse valid UTF-8.
• format_description::parse is deprecated. It is recommended to use format_description::parse_borrowed::<3> or format_description::parse_owned::<3>.

Added

• All types in the unit module have a generic parameter, though this is currently not used for

... (truncated)

Commits

• 4ae4926 v0.3.51 release
• 88eece3 v0.3.50 release
• e1aa9ed Remove unused imports
• 6f64473 Add regression test for issue 773
• 9f8d7da Improve performance of ISO 8601 formatting
• 356975c Share parsing components with different versions
• 2850178 Improve RFC 2822 fast path
• 1f6fa79 Add #[inline] to trivial method
• 7e4fd30 Add fast path for Date arithmetic
• a928f2d Avoid range error when not using large-dates
• Additional commits viewable in compare view

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

• fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow by @​SAY-5 in chronotope/chrono#1787
• tz_data: fix tzdata locations on Android by @​caruschalalamove in chronotope/chrono#1789

Commits

• 1703382 Prepare 0.4.45 release
• 881f9ab tz_data: fix tzdata locations on Android
• f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
• c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
• 120686c Bump codecov/codecov-action from 5 to 6
• See full diff in compare view

Updates log from 0.4.29 to 0.4.33

Release notes

Sourced from log's releases.

0.4.32

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729
• Prepare for 0.4.32 release by @​KodrAus in rust-lang/log#730

Full Changelog: rust-lang/log@0.4.31...0.4.32

0.4.31

What's Changed

• fix typos in kv compile errors and log documentation by @​Isvane in rust-lang/log#726
• Leverage static str key when possible by @​tisonkun in rust-lang/log#727
• Prepare for 0.4.31 release by @​KodrAus in rust-lang/log#728

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

0.4.30

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Changelog

Sourced from log's changelog.

[0.4.33] - 2026-06-20

What's Changed

• Fixed key comparison by @​matteo-zeggiotti-ok in rust-lang/log#732

New Contributors

• @​matteo-zeggiotti-ok made their first contribution in rust-lang/log#732

Full Changelog: rust-lang/log@0.4.32...0.4.33

[0.4.32] - 2026-06-04

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729

Full Changelog: rust-lang/log@0.4.31...0.4.32

[0.4.31] - 2026-06-02

What's Changed

• Leverage static str key when possible by @​tisonkun in rust-lang/log#727

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

[0.4.30] - 2026-05-21

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Commits

• f405739 Merge pull request #734 from rust-lang/cargo/0.4.33
• 6a24abf prepare for 0.4.33 release
• 87e0621 Merge pull request #732 from matteo-zeggiotti-ok/fix-key-comparison
• a9b5711 Review: fallback to the &str hash
• cc89cc6 Review: fixed other comparisons
• 920e7dc Review: fixed comparison on MaybeStaticStr
• 0d71d3c Fixed key comparison
• a5b5b21 Merge pull request #730 from rust-lang/cargo/0.4.32
• c8d3b12 prepare for 0.4.32 release
• ce6cd9f Merge pull request #729 from tisonkun/kv-std-support
• Additional commits viewable in compare view

Updates prost from 0.14.3 to 0.14.4

Changelog

Sourced from prost's changelog.

Prost version 0.14.4

PROST! is a Protocol Buffers implementation for the Rust Language. prost generates simple, idiomatic Rust code from proto2 and proto3 files.

🚀 Features

• (prost-derive) Make is_valid a constant function (#1401)
• Increase MSRV to 1.85 (#1428)

🐛 Bug Fixes

• Use Display instead of Debug for generated enumeration attributes (#1419)
• (prost-derive) Return error for invalid enumeration default identifiers (#1426)
• (build) Grab binary path from cargo (#1429)
• (build) Fix C++ build on GCC 15 (#1395)

📚 Documentation

• Add example for decode_length_delimiter (#1311)
• Update protobuf-src example to avoid unsafe set_var

🧪 Testing

• Test derive Eq behavior (#1422)
• (groups) Actually construct NestedGroup (#1363)

💼 Dependencies

• (deps) Update criterion requirement from 0.7 to 0.8 (#1374)
• (deps) Remove getrandom@0.4.1 from build-dependencies (#1400)
• (deps) Update rand requirement from 0.9 to 0.10 (#1397)
• (deps) Bump actions/upload-artifact from 6 to 7 (#1409)
• (deps) Update cargo clippy to 1.89 (#1433)
• (deps) Update cargo clippy to 1.91 (#1435)
• (deps) Update and improve nix devshell (#1393)

🎨 Styling

• Prevent needless borrow (#1404)
• Use std::hint::black_box() (#1403)
• Use variables directly in format!() (#1432)
• Remove explicit .into_iter() (#1434)
• Run clippy on benches (#1405)

Commits

• 13646cd chore: Release version 0.14.4 (#1437)
• dad79d5 fix(prost-derive): return error for invalid enumeration default identifiers (...
• b0b6c93 ci: Update cargo clippy to 1.91 (#1435)
• 32cfffb style: remove explicit .into_iter() (#1434)
• 2710efd ci: Update cargo clippy to 1.89 (#1433)
• 18ea4e4 style: use variables directly in format!() (#1432)
• 2821bd1 build(deps): bump actions/upload-artifact from 6 to 7 (#1409)
• 3ce3b39 test(groups): Actually construct NestedGroup (#1363)
• 8776405 docs: Update changelog for version 0.14.3 (#1431)
• 33d3ef1 build: Grab binary path from cargo (#1429)
• Additional commits viewable in compare view

Updates snafu from 0.9.0 to 0.9.1

Changelog

Sourced from snafu's changelog.

0.9.1 - 2026-05-29

Fixed

• Error types that use Self in fields or trait bounds are now supported.

Commits

• ff50133 Release 0.9.1
• c425b0a Update the changelog
• 8f50dc7 Merge pull request #556 from legeana/self-error
• 757eeec Expand Self to the original error type before parsing
• 1f8e75f Merge pull request #557 from legeana/ui-report
• a656885 Fix cargo fmt for Rust 1.95.0
• e0a2c25 Update compile-fail's ui/report test for Rust 1.95.0
• a658cc6 Merge pull request #554 from jplatte/cargo-feat-cleanup
• fa8a8bd Use namespaced dependency activation
• 9af844a Merge pull request #555 from shepmaster/maint
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions