Bump the mycelium group across 1 directory with 8 updates

[dependabot]

Bumps the mycelium group with 8 updates in the / directory:

Package	From	To
tokio	1.44.1	1.44.2
blake3	1.6.1	1.8.1
quinn	0.11.6	0.11.7
openssl	0.10.71	0.10.72
once_cell	1.21.1	1.21.3
axum	0.8.1	0.8.3
prometheus	0.13.4	0.14.0
reqwest	0.12.14	0.12.15

Updates tokio from 1.44.1 to 1.44.2

Release notes

Sourced from tokio's releases.

Tokio v1.44.2

This release fixes a soundness issue in the broadcast channel. The channel accepts values that are Send but !Sync. Previously, the channel called clone() on these values without synchronizing. This release fixes the channel by synchronizing calls to .clone() (Thanks Austin Bonander for finding and reporting the issue).

Fixed

• sync: synchronize clone() call in broadcast channel (#7232)

#7232: tokio-rs/tokio#7232

Commits

• ec4b1d7 chore: forward port 1.43.x
• e3c3a56 Merge branch 'tokio-1.43.x' into forward-port-1.43.x
• a7b658c chore: prepare Tokio v1.43.1 release
• c1c8d10 Merge remote-tracking branch 'origin/tokio-1.38.x' into forward-port-1.38.x
• aa303bc chore: prepare Tokio v1.38.2 release
• 7b6ccb5 chore: backport CI fixes
• 4b174ce sync: fix cloning value when receiving from broadcast channel
• See full diff in compare view

Updates blake3 from 1.6.1 to 1.8.1

Release notes

Sourced from blake3's releases.

1.8.1

version 1.8.1

Changes since 1.8.0:

• [CMake] Fix transitive dependencies for TBB when libblake3 is built with BLAKE3_USE_TBB=1 (#460 and #461).

1.8.0

version 1.8.0

Changes since 1.7.0:

• The Rust crate now provides the blake3::hazmat module, which replaces the undocumented and now deprecated blake3::guts module. This is intended for advanced use cases like Bao and Iroh, which need to manipulate chunk and subtree "chaining values" directly. See the module docs for more: https://docs.rs/blake3/1.8.0/blake3/hazmat

1.7.0

version 1.7.0

Changes since 1.6.1:

• The C implementation has gained multithreading support, based on Intel's oneTBB library. This works similarly to the Rayon-based multithreading used in the Rust implementation. See c/README.md for details. Contributed by @​silvanshade (#445).
• The Rust implementation has gained a WASM SIMD backend, gated by the wasm32_simd Cargo feature. Under Wasmtime on my laptop, this is a 6x performance improvement for large inputs. This backend is currently Rust-only. Contributed by @​monoid (#341).
• Fixed cross-compilation builds targeting Windows with cargo-xwin. Contributed by @​Sporif and @​toothbrush7777777 (#230).
• Added b3sum --tag, which changes the output format. This is for compatibility with GNU checksum tools (which use the same flag) and BSD checksum tools (which use the output format this flag turns on). Contributed by @​leahneukirchen (#453) and @​dbohdan (#430).

Commits

• ad639b1 version 1.8.1
• d81fd85 Add -DBLAKE3_USE_TBB to pkg-config CFLAGS
• 339abc5 refactor: fix a few nits in the join function
• 8984349 Propagate tbb through CMake config
• 3f089cb Propagate tbb through pkg-config
• 00c2ea9 version 1.8.0
• e1c2ea2 add the hazmat module and deprecate the undocumented guts module
• 83a60d9 macOS-latest runners are now ARM CPUs
• 657c312 mention the "wasm32_simd" Cargo feature in the crate docs
• a9e9298 version 1.7.0
• Additional commits viewable in compare view

Updates quinn from 0.11.6 to 0.11.7

Commits

• d8302df Remove obsolete advisory ignore rule
• a3f88b3 Ignore advisory for paste being unmaintained
• 490094b Ignore key discard timer when detecting activity in unit tests
• 8b464de Account for queued application datagrams when composing TLPs
• a62c56c Don't queue a PING for a TLP if there's already an IMMEDIATE_ACK
• 8d6e48c move sending path_challenge to its own function
• a7821ff proto: fix compatibility with older quinn
• 9430972 Bump quinn-proto dependency edge
• 161274f Makes poll_read_buf public
• 56ae894 Ignore that ring is unmaintained, for now
• Additional commits viewable in compare view

Updates openssl from 0.10.71 to 0.10.72

Release notes

Sourced from openssl's releases.

openssl-v0.10.72

What's Changed

• make set_rsa_oaep_md visible to boringssl config by @​frncs-rss in sfackler/rust-openssl#2372
• Fix typo in openssl-sys build script by @​rushilmehra in sfackler/rust-openssl#2375
• Unify the two BoringSSL codepaths a bit and simplify init by @​davidben in sfackler/rust-openssl#2377
• pkey_ctx: Fix link to the corresponding OpenSSL function by @​Jakuje in sfackler/rust-openssl#2378
• fix test on MSRV by @​alex in sfackler/rust-openssl#2383
• Add support for AWS-LC to openssl and openssl-sys crates by @​skmcgrail in sfackler/rust-openssl#1805
• Enable additional capabilities for AWS-LC by @​skmcgrail in sfackler/rust-openssl#2386
• Use --experimental with bindgen-cli with aws-lc build by @​skmcgrail in sfackler/rust-openssl#2389
• Fixed two UAFs and bumped versions for release by @​alex in sfackler/rust-openssl#2390

New Contributors

• @​Jakuje made their first contribution in sfackler/rust-openssl#2378
• @​skmcgrail made their first contribution in sfackler/rust-openssl#1805

Full Changelog: sfackler/rust-openssl@openssl-v0.10.71...openssl-v0.10.72

Commits

• 87085bd Merge pull request #2390 from alex/uaf-fix
• d1a12e2 Fixed two UAFs and bumped versions for release
• 7c7b2e6 Merge pull request #2389 from skmcgrail/aws-lc-follow-up
• 34a477b Use --experimental with bindgen-cli with aws-lc build
• d4bf071 Merge pull request #2386 from skmcgrail/aws-lc-follow-up
• a86bf67 Remove comment
• 705dbfb Fix test
• e0df413 Skip final call for LibreSSL 4.1.0 for CCM mode
• 2f1164b Enable additional capabilities for AWS-LC
• dde9ffb Merge pull request #1805 from skmcgrail/aws-lc-support-final
• Additional commits viewable in compare view

Updates once_cell from 1.21.1 to 1.21.3

Changelog

Sourced from once_cell's changelog.

1.21.3

• Outline more initialization in race: #284, #285.

1.21.2

• Relax success ordering from AcqRel to Release in race: #278.

Commits

• 29e3d93 Merge pull request #286 from briansmith/b/once-ref-dry
• a206950 Prepare for 1.21.3 release.
• 17d4a9b DRY race::OnceRef::{get_or_try_init, set}.
• 01b1d56 Merge pull request #285 from briansmith/b/once-ref-cold
• a851cc4 Mark initialization of OnceRef::get_or_try_init cold.
• 2447a93 Merge pull request #281 from briansmith/b/init-inner
• c294d64 Merge pull request #280 from briansmith/b/self
• 5f0fdd4 Merge pull request #283 from briansmith/b/cast_mut
• 899e319 Merge pull request #284 from briansmith/b/dry-get
• 90da60b Mark initialization of OnceBox::get_or_try_init cold.
• Additional commits viewable in compare view

Updates axum from 0.8.1 to 0.8.3

Release notes

Sourced from axum's releases.

axum v0.8.3

• added: Implement From<Bytes> for Message (#3273)
• added: Implement OptionalFromRequest for Json (#3142)
• added: Implement OptionalFromRequest for Extension (#3157)
• added: Allow setting the read buffer capacity of WebSocketUpgrade (#3178)
• changed: Improved code size / compile time of dependent crates (#3285, #3294)

#3273: tokio-rs/axum#3273 #3142: tokio-rs/axum#3142 #3157: tokio-rs/axum#3157 #3178: tokio-rs/axum#3178 #3285: tokio-rs/axum#3285 #3294: tokio-rs/axum#3294

axum v0.8.2

Yanked from crates.io due to unforeseen breaking change, see #3190 for details

---

• added: Implement OptionalFromRequest for Json (#3142)
• added: Implement OptionalFromRequest for Extension (#3157)
• changed: Make the status function of rejections a const function, such as JsonRejection, QueryRejection and PathRejection (#3168)

#3142: tokio-rs/axum#3142 #3157: tokio-rs/axum#3157 #3168: tokio-rs/axum#3168

Commits

• See full diff in compare view

Updates prometheus from 0.13.4 to 0.14.0

Changelog

Sourced from prometheus's changelog.

0.14.0

• API change: Use AsRef<str> for owned label values (#537)

• Improvement: Hashing improvements (#532)

• Dependency upgrade: Update hyper to 1.6 (#524)

• Dependency upgrade: Update procfs to 0.17 (#543)

• Dependency upgrade: Update protobuf to 3.7.2 for RUSTSEC-2024-0437 (#541)

• Dependency upgrade: Update thiserror to 2.0 (#534)

• Internal change: Fix LSP and Clippy warnings (#540)

• Internal change: Bump MSRV to 1.81 (#539)

• Documentation: Fix register_histogram_vec_with_registry docstring (#528)

• Documentation: Fix typos in static-metric docstrings (#479)

• Documentation: Add missing protobuf feature to README list (#531)

Commits

• e07efb4 prometheus: release 0.14.0 (#545)
• 26e46ec Hashing improvements (#532)
• e17c5ce build(deps): update procfs requirement from ^0.16 to ^0.17 (#543)
• e5809b7 build(deps): update hyper requirement from ^0.14 to ^1.4 (#524)
• 4a0e282 Use AsRef<str> for owned label values (#537)
• c3865f3 cargo: upgrade to protobuf 3.7 (#541)
• 7e4e6f2 docs: fix register_histogram_vec_with_registry docstring (#528)
• 5b62f4b Fix LSP and Clippy warnings and errors (#540)
• 52d76fc cargo: bump MSRV to 1.81 (#539)
• 3bd0e82 Upgrade thiserror crate from 1.0 to 2.0 version (#534)
• Additional commits viewable in compare view

Updates reqwest from 0.12.14 to 0.12.15

Release notes

Sourced from reqwest's releases.

v0.12.15

What's Changed

• Fix http3 to support streaming response bodies by @​ducaale in seanmonstar/reqwest#2517
• Fix Windows to support both ProxyOverride and NO_PROXY by @​drewkett in seanmonstar/reqwest#2601
• Fix http3 dependency from public API misuse by @​seanmonstar in seanmonstar/reqwest#2605

New Contributors

• @​drewkett made their first contribution in seanmonstar/reqwest#2601

Full Changelog: seanmonstar/reqwest@v0.12.14...v0.12.15

Changelog

Sourced from reqwest's changelog.

v0.12.15

• Fix Windows to support both ProxyOverride and NO_PROXY.
• Fix http3 to support streaming response bodies.
• Fix http3 dependency from public API misuse.

Commits

• 54376c3 v0.12.15
• e4bb3e6 upgrade h3-quinn (#2605)
• 96a4fea Merge tag 'v0.12.14'
• 5fd3d5b Re-enable NO_PROXY envs on Windows (#2601)
• e9215fd Support streaming response body in HTTP/3 (#2517)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.