chore(deps): bump the cargo-deps group across 1 directory with 8 updates

[dependabot]

Bumps the cargo-deps group with 8 updates in the / directory:

Package	From	To
tokio	1.51.0	1.51.1
axum	0.8.8	0.8.9
indexmap	2.13.1	2.14.0
gloo-net	0.6.0	0.7.0
lru	0.16.3	0.16.4
matchit	0.9.1	0.9.2
libc	0.2.184	0.2.185
nanoid	0.4.0	0.5.0

Updates tokio from 1.51.0 to 1.51.1

Release notes

Sourced from tokio's releases.

Tokio v1.51.1

1.51.1 (April 8th, 2026)

Fixed

• sync: fix semaphore reopens after forget (#8021)
• net: surface errors from SO_ERROR on recv for UDP sockets on Linux (#8001)

Fixed (unstable)

• metrics: fix worker_local_schedule_count test (#8008)
• rt: do not leak fd when cancelling io_uring open operation (#7983)

#7983: tokio-rs/tokio#7983 #8001: tokio-rs/tokio#8001 #8008: tokio-rs/tokio#8008 #8021: tokio-rs/tokio#8021

Commits

• 98df02d chore: prepare Tokio v1.51.1 (#8023)
• 3ea11e2 sync: fix semaphore reopens after forget (#8021)
• c791213 rt: do not leak fd when cancelling io_uring open operation (#7983)
• ad8c59a net: surface errors from SO_ERROR on recv for UDP sockets on Linux (#8001)
• 654d38b metrics: fix worker_local_schedule_count test (#8008)
• 857ba80 docs: improve contributing docs on how to specify crates dependency versions ...
• 95b9342 chore: remove path deps for tokio-macros 2.7.0 (#8007)
• See full diff in compare view

Updates axum from 0.8.8 to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

• added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
• changed: Update minimum rust version to 1.80 (#3620)
• fixed: Set connect endpoint on correct field in MethodRouter (#3656)
• fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

Commits

• c59208c revert axum-core changelog changes
• 99068f5 Revert "Fix IntoResponse for tuples overriding error response codes (#3603)"
• 23d7098 Revert "axum-core 0.5.6"
• e8a39ad axum-macros 0.5.1
• 6e9a249 axum-extra 0.12.6
• 0ec9041 axum 0.8.9
• c3fcebb axum-core 0.5.6
• a8790fc update release notes
• 26ba7bb docs: consolidate state management docs in crate root (#3683)
• 9fc59ef Update to tokio-tungstenite 0.29 (#3689)
• Additional commits viewable in compare view

Updates indexmap from 2.13.1 to 2.14.0

Changelog

Sourced from indexmap's changelog.

2.14.0 (2026-04-09)

• MSRV: Rust 1.85.0 or later is now required.
• Updated the hashbrown dependency to 0.17.
• Made more map::Slice methods const: new_mut, first_mut, last_mut, split_at_mut, split_at_mut_checked, split_first_mut, split_last_mut

Commits

• bcd165b Merge pull request #439 from cuviper/release-2.14.0
• 4ef06a7 Release 2.14.0
• d21826c Merge pull request #438 from cuviper/hashbrown-0.17
• 2566bec Upgrade to hashbrown v0.17
• 4b62776 Merge pull request #437 from cuviper/disjoint-panic
• 478fba2 Normalize the panic doc of get_disjoint_mut
• fb6dafd Merge pull request #436 from cuviper/const-slice-mut
• 5c237a2 Make Slice::{first,last,split_*}_mut methods const
• 48ff9ce Merge pull request #435 from cuviper/edition-2024
• 648be98 cargo fmt with edition 2024
• Additional commits viewable in compare view

Updates gloo-net from 0.6.0 to 0.7.0

Release notes

Sourced from gloo-net's releases.

gloo-net 0.7.0

MSRV updated to 1.82

Breaking

• Remove Clone implementation for EventSource (#417) by @​vpochapuis Cloning had a bug where dropping any clone would disconnect all instances.

New Features

• Add EventSourceBuilder for configuring EventSource with credentials (#530) by @​zn3x
• Add WebSocket::buffered_amount (#510) by @​vi
• Add PartialEq, Eq, Hash derives to CloseEvent (#504) by @​Alexi24601

Fixes

• Fix RequestBuilder::build producing a URL with an extra & (#497) by @​hmacias-avaya
• Fix WebSocket binary send panicking when SharedArrayBuffer is enabled (#502) by @​Fedeparma74

Maintenance

• Bump pin-project to 1.1 and http to 1.4 (#536) by @​Madoshakalaka

Changelog

Sourced from gloo-net's changelog.

Version 0.7.0

• Remove Clone implementation for EventSource (#417) by @​vpochapuis Cloning had a bug where dropping any clone would disconnect all instances.
• Add EventSourceBuilder for configuring EventSource with credentials (#530) by @​zn3x
• Add WebSocket::buffered_amount (#510) by @​vi
• Add PartialEq, Eq, Hash derives to CloseEvent (#504) by @​Alexi24601
• Fix RequestBuilder::build producing a URL with an extra & (#497) by @​hmacias-avaya
• Fix WebSocket binary send panicking when SharedArrayBuffer is enabled (#502) by @​Fedeparma74
• Update MSRV to 1.82 (#505) by @​martinfrances107
• Bump pin-project to 1.1 and http to 1.4 (#536) by @​Madoshakalaka

Commits

• d69fcff chore: release gloo-net 0.7.0
• 7a57df3 chore: release gloo-file 0.4.0
• 2685476 fix: correct gloo-history category slugs
• b1d5129 fix: correct gloo-storage category slugs
• 8316f33 fix: correct gloo-render category slugs
• 0734551 chore: release gloo-console 0.4.0, gloo-dialogs 0.3.0, gloo-events 0.3.0, glo...
• e6280d4 chore: release gloo-utils 0.3.0
• cca8089 chore: release gloo-worker-macros 0.2.0 and gloo-worker 0.6.0
• a8af99c chore: update rust dependencies (#536)
• 0de5865 fix(net)!: remove EventSource Clone implementation (#417)
• Additional commits viewable in compare view

Updates lru from 0.16.3 to 0.16.4

Changelog

Sourced from lru's changelog.

v0.16.4 - 2026-04-13

• Add get_or_insert_with_key and variants.

Commits

• d8c7f5c Merge pull request #230 from jeromefroe/jerome/prepare-0-16-4-release
• bd5261b Prepare 0.16.4 release
• 16e161d Merge pull request #229 from pikatos/get_or_insert_with_key
• 5135e8e Apply suggestions from code review
• 81c2ef0 Add get_or_insert_with_key variants
• See full diff in compare view

Updates matchit from 0.9.1 to 0.9.2

Release notes

Sourced from matchit's releases.

0.9.2

• Fixed a couple false positive route conflicts (ibraheemdev/matchit#89, ibraheemdev/matchit#91).

Commits

• 4b5a2c3 release 0.9.2
• bc1ac7a fix prefix-suffix conflict due to insertion order of trailing slashes
• 500698f fix false conflict
• See full diff in compare view

Updates libc from 0.2.184 to 0.2.185

Release notes

Sourced from libc's releases.

0.2.185

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Changelog

Sourced from libc's changelog.

0.2.185 - 2026-04-13

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Commits

• 71d5bfc libc: Release 0.2.185
• 1027d1c Revert "ci: Pin nightly to 2026-04-01"
• 0e9c6e5 redox: Add semaphore functions
• 24ef457 feat: add back support for gnu windows x86 in ci
• aa75caf horizon: Change POLL constants from c_short to c_int
• b7eda5a hexagon: add missing constants and fix types for linux-musl
• d4613f9 newlib/espidf: Add espidf_picolibc cfg for picolibc O_* flag values
• c89fd76 Fix typo in Padding comments
• b3264b2 hexagon: decouple time64 types from musl symbol redirects
• db1ebee ci: Pin nightly to 2026-04-01
• Additional commits viewable in compare view

Updates nanoid from 0.4.0 to 0.5.0

Changelog

Sourced from nanoid's changelog.

0.5.0

• Bump rand to 0.9
• Add rngs::thread_local random source (#36)
• format now accepts any FnMut(usize) -> Vec<u8> random generator, enabling seeded and stateful RNGs (#32, #41). Non-capturing fn(usize) -> Vec<u8> callers continue to work unchanged.
• nanoid! macro size argument now accepts any expression, not only a single token (#28)
• Specialized fast path for alphabets whose size is a power of two (#35). Note: for seeded RNGs paired with a power-of-two alphabet (e.g. SAFE, the new HEX_* presets), the number of random bytes consumed per ID has changed — the output for a given seed will differ from 0.4.0.
• Add alphabet::HEX_LOWERCASE and alphabet::HEX_UPPERCASE presets (#39)
• Optional smartstring feature for small-string-optimized output (#29)
• Refreshed CI (GitHub Actions across OS matrix), drop Travis/AppVeyor
• Switched benchmarks to criterion

Commits

• 359c02d chore: 0.5.0 release
• f0ad07f #39: Add hex alphabets
• 7f961f2 Merge pull request #35 from tmccombs/fast-impl
• 91a79fc Update fast impl for actual format signature
• ed800e9 feat: Use specialized implementation for alphabets with size 2^n
• fef0b2e Merge pull request #41 from sidarth164/sid/fnmut
• 61e0606 docs: update README and added an example
• 2004ff9 feat: support passing mutable functions as random generators
• 3d405c5 Fix ci for prs
• 7011b10 Fixup readme, delete old example
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Benchmark - core

Yew Master

vnode           fastest       │ slowest       │ median        │ mean          │ samples │ iters
╰─ vnode_clone  2.674 ns      │ 2.75 ns       │ 2.676 ns      │ 2.68 ns       │ 100     │ 1000000000

Pull Request

vnode           fastest       │ slowest       │ median        │ mean          │ samples │ iters
╰─ vnode_clone  2.405 ns      │ 3.668 ns      │ 2.414 ns      │ 2.809 ns      │ 100     │ 1000000000

[github-actions]

Visit the preview URL for this PR (updated for commit 3bbf264):

https://yew-rs-api--pr4131-dependabot-cargo-car-pqiwxnqc.web.app

_{(expires Tue, 21 Apr 2026 13:48:58 GMT)}

_{🔥 via Firebase Hosting GitHub Action 🌎}

[github-actions]

Benchmark - SSR

Yew Master

Details

Benchmark	Round	Min (ms)	Max (ms)	Mean (ms)	Standard Deviation
Baseline	10	291.350	291.859	291.594	0.153
Hello World	10	487.732	503.413	495.250	4.350
Function Router	10	31752.306	32138.988	32011.069	108.098
Concurrent Task	10	1005.477	1007.578	1006.663	0.744
Many Providers	10	1102.292	1143.312	1124.012	13.721

Pull Request

Details

Benchmark	Round	Min (ms)	Max (ms)	Mean (ms)	Standard Deviation
Baseline	10	291.289	291.707	291.433	0.141
Hello World	10	488.661	497.298	490.889	2.509
Function Router	10	34083.416	36826.060	35764.802	770.638
Concurrent Task	10	1006.681	1007.571	1007.346	0.256
Many Providers	10	1066.591	1116.444	1093.841	15.416