chore(deps): weekly safe cargo updates · 9 packages

[mendral-app]

Packages bumped

Package	Old	New	Published
askama_escape	0.15.4	0.15.6	2026-03-24
axum	0.8.8	0.8.9	2026-04-14
jsonwebtoken	10.3.0	10.4.0	2026-05-11
octocrab	0.49.5	0.49.9	2026-04-27
reqwest	0.13.2	0.13.3	2026-04-27
rustls	0.23.37	0.23.40	2026-04-28
tokio	1.49.0	1.52.3	2026-05-08
tracing-subscriber	0.3.22	0.3.23	2026-03-13
uuid	1.21.0	1.23.1	2026-04-16

Per-package changelog & impact

• askama_escape 0.15.6 — Patch fixes within the HTML escaping module. We use escape(&str, Html) in src/sanitize/text.rs; no API changes in patch releases.
• axum 0.8.9 — Patch release for the web framework. We use basic routing, State extraction, and response types; patch releases don't change these APIs.
• jsonwebtoken 10.4.0 — Minor release adding new algorithm support. We use JWT for GitHub App authentication; existing encode/decode APIs are stable.
• octocrab 0.49.9 — Patch releases (0.49.6–0.49.9) for the GitHub API client. We use PR, issue, and search APIs via octocrab; patch fixes within the 0.49.x line are backwards-compatible.
• reqwest 0.13.3 — Patch release for the HTTP client. We use it with json feature for Mistral API calls; no breaking changes.
• rustls 0.23.40 — Patch releases for the TLS library. We use it with ring backend, no default features; security/bug fixes only.
• tokio 1.52.3 — Minor/patch releases for the async runtime. We use macros, rt-multi-thread, and signal features; the 1.x line guarantees backwards compatibility.
• tracing-subscriber 0.3.23 — Patch release for log subscriber. We use env-filter feature; no API changes.
• uuid 1.23.1 — Minor releases for UUID generation. We use v4 UUIDs; the 1.x line is stable.

Files modified

• Cargo.toml — version bumps
• Cargo.lock — regenerated

Skipped this ecosystem

Package	Reason
hmac 0.13.0	Breaking: new RustCrypto digest trait API, requires co-upgrade with sha2. Used in webhook signature verification.
sha2 0.11.0	Breaking: coupled with hmac 0.13.0 upgrade. Used in webhook HMAC-SHA256 verification.
askama_escape 0.16.0	Breaking: 0.x minor bump (0.15→0.16). Took 0.15.6 patch instead.
octocrab 0.50.0/0.51.0	Breaking: 0.x minor bumps with potential API changes to GitHub client. Took 0.49.9 patch instead.
serde_json 1.0.150	Cooldown: published 2026-05-21 (4 days ago, needs 7).
ammonia	Already at latest (4.1.2).
async-trait	Already at latest (0.1.89).
chrono	Already at latest (0.4.44).
hex	Already at latest (0.4.3).
http	Already at latest (1.4.0).
http-body-util	Already at latest (0.1.3).
serde	Already at latest (1.0.228).
thiserror	Already at latest (2.0.18).
tracing	Already at latest (0.1.44).
mockall	Already at latest (0.14.0).
tower	Already at latest (0.5.3).

---

Note

Created by Mendral. Tag @mendral-app with feedback or questions.

• View implementation session

[cloudflare-workers-and-pages]

Deploying pratrol with    Cloudflare Pages

Latest commit:	ed963ca
Status:	✅  Deploy successful!
Preview URL:	https://ec973ca5.pratrol.pages.dev
Branch Preview URL:	https://mendral-deps-weekly-safe-car.pratrol.pages.dev

View logs