chore(deps): bump the patch group across 2 directories with 18 updates

[dependabot]

Bumps the patch group with 18 updates in the /backend directory:

Package	From	To
anyhow	1.0.100	1.0.101
clap	4.5.49	4.5.57
chrono	0.4.42	0.4.43
mockito	1.7.0	1.7.2
serde_json	1.0.145	1.0.149
thiserror	2.0.17	2.0.18
tracing	0.1.41	0.1.44
tracing-subscriber	0.3.20	0.3.22
tracing-opentelemetry	0.32.0	0.32.1
axum	0.8.6	0.8.8
regex	1.12.2	1.12.3
tower-http	0.6.6	0.6.8
syn	2.0.107	2.0.114
aws-credential-types	1.2.2	1.2.7
axum-extra	0.12.1	0.12.5
tokio-stream	0.1.17	0.1.18
time	0.3.44	0.3.47
tower	0.5.2	0.5.3

Bumps the patch group with 2 updates in the /workflows-cli directory: clap and serde_json.

Updates anyhow from 1.0.100 to 1.0.101

Release notes

Sourced from anyhow's releases.

1.0.101

• Add #[inline] to anyhow::Ok helper (#437, thanks @​Ibitier)

Commits

• 80bfe29 Release 1.0.101
• dff8c43 Merge pull request #437 from Ibitier/inline-ok-helper
• 85d9ea9 Add #[inline] to anyhow::Ok helper
• 54036cc Update ui test suite to nightly-2026-01-21
• cce0579 Update actions/upload-artifact@v5 -> v6
• f2c598c Update actions/upload-artifact@v4 -> v5
• 2c0bda4 Update to 2021 edition
• 0d82268 Remove rustc version requirement from readme
• 67df012 Merge pull request #436 from dtolnay/up
• c898488 Raise required compiler to Rust 1.68
• Additional commits viewable in compare view

Updates clap from 4.5.49 to 4.5.57

Release notes

Sourced from clap's releases.

v4.5.57

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

v4.5.56

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

v4.5.55

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

v4.5.54

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

v4.5.53

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

v4.5.52

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

v4.5.51

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

... (truncated)

Changelog

Sourced from clap's changelog.

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

Commits

• 69c0ddb chore: Release
• 8206bba docs: Update changelog
• c109d67 Merge pull request #6104 from epage/hide
• 9d7f212 fix(complete): Hide dot files on dynamic completer
• 77b3fdb test(complete): Show dot file behavior
• f89b9b8 test(derive): Make stable across upgrade
• 58eb8a9 chore: Release
• 10a2a75 docs: Update changelog
• a42eebf Merge pull request #6103 from epage/mut_subcommands
• 5335f54 feat: Add Command::mut_subcommands
• Additional commits viewable in compare view

Updates chrono from 0.4.42 to 0.4.43

Release notes

Sourced from chrono's releases.

0.4.43

What's Changed

• Install extra components for lint workflow by @​djc in chronotope/chrono#1741
• Upgrade windows-bindgen to 0.64 by @​djc in chronotope/chrono#1742
• Improve windows-bindgen setup by @​djc in chronotope/chrono#1744
• Drop stabilized feature doc_auto_cfg by @​djc in chronotope/chrono#1745
• Faster RFC 3339 parsing by @​djc in chronotope/chrono#1748
• Update windows-bindgen requirement from 0.64 to 0.65 by @​dependabot[bot] in chronotope/chrono#1751
• add NaiveDate::abs_diff by @​Kinrany in chronotope/chrono#1752
• Add feature gated defmt support. by @​pebender in chronotope/chrono#1747
• Drop deny lints, eager Debug impls are a mixed blessing by @​djc in chronotope/chrono#1753
• chore: minor improvement for docs by @​spuradage in chronotope/chrono#1756
• Added doctest for the NaiveDate years_since function by @​LucasBou in chronotope/chrono#1755
• Prepare 0.4.43 by @​djc in chronotope/chrono#1765
• Update copyright year to 2026 in LICENSE.txt by @​taozui472 in chronotope/chrono#1767

Commits

• 45caaa9 Update copyright year to 2026 in LICENSE.txt
• 1c0b8f0 Bump version to 0.4.43
• a03e43b Upgrade windows-bindgen to 0.66
• 4fedaba Ignore bincode advisory
• f4b7bbd Bump actions/checkout from 5 to 6
• db12973 Added doctest for the NaiveDate years_since function (#1755)
• 34b5f49 chore: minor improvement for docs
• 8c82711 Bump actions/setup-node from 5 to 6
• ea1f11b Drop deny lints, eager Debug impls are a mixed blessing
• 35f9f2d Add feature gated defmt support.
• Additional commits viewable in compare view

Updates mockito from 1.7.0 to 1.7.2

Release notes

Sourced from mockito's releases.

1.7.2

• Update to reqwest 0.13 by @​tottoto in lipanski/mockito#223
• Allow returning a different status code based on a request by @​songokas in lipanski/mockito#224

1.7.1

• Add headers method to Request struct by @​gustavomedeiross in lipanski/mockito#220
• Optimize body matching by checking binary match before UTF-8 conversion by @​Abimael10 in lipanski/mockito#221
• Refactor response body by @​tottoto in lipanski/mockito#222

Commits

• 2e16acf Bump to 1.7.2
• e404bdf Update docs
• e2c1692 Merge pull request #224 from songokas/status-code-from-request
• 86596b7 Allow returning a different status code based on a request
• 4a70878 Merge pull request #223 from tottoto/update-to-reqwest-0.13
• 35fccfb Update to reqwest 0.13
• 7f00a9c Bump to 1.7.1
• dff2b36 Bump to 1.7.0
• 9f776f9 Merge pull request #222 from tottoto/refactor-response-body
• 89c0121 Refactor response body
• Additional commits viewable in compare view

Updates serde_json from 1.0.145 to 1.0.149

Release notes

Sourced from serde_json's releases.

v1.0.149

• Align arbitrary_precision number strings with zmij's formatting (#1306, thanks @​b41sh)

v1.0.148

• Update zmij dependency to 1.0

v1.0.147

• Switch float-to-string algorithm from Ryū to Żmij for better f32 and f64 serialization performance (#1304)

v1.0.146

• Set fast_arithmetic=64 for riscv64 (#1305, thanks @​Xeonacid)

Commits

• 4f6dbfa Release 1.0.149
• f3df680 Touch up PR 1306
• e16730f Merge pull request #1306 from b41sh/fix-float-number-display
• eeb2bcd Align arbitrary_precision number strings with zmij’s formatting
• 8b291c4 Release 1.0.148
• 1aefe15 Update to zmij 1.0
• 62d6e8d Release 1.0.147
• fd829a6 Merge pull request #1304 from dtolnay/zmij
• e757a3d Switch from ryu -> zmij for float formatting
• 75ad7e6 Release 1.0.146
• Additional commits viewable in compare view

Updates thiserror from 2.0.17 to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

• Make compatible with project-level needless_lifetimes = "forbid" (#443, thanks @​LucaCappelletti94)

Commits

• dc0f6a2 Release 2.0.18
• 0275292 Touch up PR 443
• 3c33bc6 Merge pull request #443 from LucaCappelletti94/master
• 995939c Reproduce issue 442
• 21653d1 Made clippy lifetime allows conditional
• 45e5388 Update actions/upload-artifact@v5 -> v6
• 386aac1 Update actions/upload-artifact@v4 -> v5
• ec50561 Update actions/checkout@v5 -> v6
• 247eab5 Update name of empty_enum clippy lint
• 91b181f Raise required compiler to Rust 1.68
• Additional commits viewable in compare view

Updates tracing from 0.1.41 to 0.1.44

Release notes

Sourced from tracing's releases.

tracing 0.1.44

Fixed

• Fix record_all panic (#3432)

Changed

• tracing-core: updated to 0.1.36 (#3440)

#3432: tokio-rs/tracing#3432 #3440: tokio-rs/tracing#3440

tracing 0.1.43

Important

The previous release [0.1.42] was yanked because #3382 was a breaking change. See further details in #3424. This release contains all the changes from that version, plus a revert for the problematic part of the breaking PR.

Fixed

• Revert "make valueset macro sanitary" (#3425)

#3382: tokio-rs/tracing#3382 #3424: tokio-rs/tracing#3424 #3425: tokio-rs/tracing#3425 [0.1.42]: https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.42

tracing 0.1.42

Important

The [Span::record_all] method has been removed from the documented API. It was always unsuable via the documented API as it requried a ValueSet which has no publically documented constructors. The method remains, but should not be used outside of tracing macros.

Added

• attributes: Support constant expressions as instrument field names (#3158)
• Add record_all! macro for recording multiple values in one call (#3227)
• core: Improve code generation at trace points significantly (#3398)

Changed

• tracing-core: updated to 0.1.35 (#3414)
• tracing-attributes: updated to 0.1.31 (#3417)

Fixed

• Fix "name / parent" variant of event! (#2983)

... (truncated)

Commits

• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• cc44064 chore: prepare tracing-subscriber 0.3.22 (#3428)
• 64e1c8d chore: prepare tracing 0.1.43 (#3427)
• 7c44f7b tracing: revert "make valueset macro sanitary" (#3425)
• cdaf661 chore: prepare tracing-mock 0.1.0-beta.2 (#3422)
• a164fd3 chore: prepare tracing-journald 0.3.2 (#3421)
• 405397b chore: prepare tracing-appender 0.2.4 (#3420)
• Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.20 to 0.3.22

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.22

Important

The previous release [0.3.21] was yanked as it depended explicitly on [tracing-0.1.42], which was yanked due to a breaking change (see #3424 for details). This release contains all the changes from the previous release, plus an update to the newer version of tracing.

Changed

• tracing: updated to 0.1.43 (#3427)

#3424: tokio-rs/tracing#3424 #3427: tokio-rs/tracing#3427 [0.3.21]: https://github.com/tokio-rs/tracing/releases/tag/tracing-subscriber-0.3.21 [tracing-0.1.42]: https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.42

tracing-subscriber 0.3.21

Fixed

• Change registry exit to decrement local span ref only (#3331)
• Make Layered propagate on_register_dispatch (#3379)

Changed

• tracing: updated to 0.1.42 (#3418)

Performance

• Remove clone_span on enter (#3289)

Documented

• Fix a few small things in the format module (#3339)
• Fix extra closing brace in layer docs (#3350)
• Fix link in FmtSpan docs (#3411)

#3289: tokio-rs/tracing#3289 #3331: tokio-rs/tracing#3331 #3339: tokio-rs/tracing#3339 #3350: tokio-rs/tracing#3350 #3379: tokio-rs/tracing#3379 #3411: tokio-rs/tracing#3411 #3418: tokio-rs/tracing#3418

Commits

• cc44064 chore: prepare tracing-subscriber 0.3.22 (#3428)
• 64e1c8d chore: prepare tracing 0.1.43 (#3427)
• 7c44f7b tracing: revert "make valueset macro sanitary" (#3425)
• cdaf661 chore: prepare tracing-mock 0.1.0-beta.2 (#3422)
• a164fd3 chore: prepare tracing-journald 0.3.2 (#3421)
• 405397b chore: prepare tracing-appender 0.2.4 (#3420)
• a9eeed7 chore: prepare tracing-subscriber 0.3.21 (#3419)
• 5bd5505 chore: prepare tracing 0.1.42 (#3418)
• 5508623 chore: prepare tracing-attributes 0.1.31 (#3417)
• d92b4c0 chore: prepare tracing-core 0.1.35 (#3414)
• Additional commits viewable in compare view

Updates tracing-opentelemetry from 0.32.0 to 0.32.1

Release notes

Sourced from tracing-opentelemetry's releases.

0.32.1

Added

• allow OpenTelemetry context access with SpanRef (#234)
• add event-counting filtering layer for spans (#228)
• publicly export SetParentError

Fixed

• fix panic in multithreaded follows-from

Other

• Remove unwanted dependency on opentelemetry sdk crate (#241)
• update README.md links to use the latest version (#239)
• remove thiserror and unused dependencies (#238)

Changelog

Sourced from tracing-opentelemetry's changelog.

0.32.1 - 2025-12-17

Added

• allow OpenTelemetry context access with SpanRef (#234)
• add event-counting filtering layer for spans (#228)
• publicly export SetParentError

Fixed

• fix panic in multithreaded follows-from

Other

• Remove unwanted dependency on opentelemetry sdk crate (#241)
• update README.md links to use the latest version (#239)
• remove thiserror and unused dependencies (#238)

Commits

• feedb22 chore: prepare release of 0.32.1 (#246)
• 99b934b feat: allow OpenTelemetry context access with SpanRef (#234)
• 35be2a5 docs: add functionality rustdocs to layer
• a31f8db fix: fix panic in multithreaded follows-from
• 94fddb0 test: add test for mutlithreaded follows from panic
• 6b81167 Remove unwanted dependency on opentelemetry sdk crate (#241)
• 938a9a8 fix: fix broken compilation (#245)
• 13f7ca2 feat: add event-counting filtering layer for spans (#228)
• 884b00c chore: update README.md links to use the latest version (#239)
• 79be94c chore: remove thiserror and unused dependencies (#238)
• Additional commits viewable in compare view

Updates axum from 0.8.6 to 0.8.8

Release notes

Sourced from axum's releases.

axum v0.8.8

• Clarify documentation for Router::route_layer (#3567)

#3567: tokio-rs/axum#3567

axum v0.8.7

• Relax implicit Send / Sync bounds on RouterAsService, RouterIntoService (#3555)
• Make it easier to visually scan for default features (#3550)
• Fix some documentation typos

#3550: tokio-rs/axum#3550 #3555: tokio-rs/axum#3555

Commits

• d07863f Release axum v0.8.8 and axum-extra v0.12.3
• 287c674 axum-extra: Make typed-routing feature enable routing feature (#3514)
• f5804aa SecondElementIs: Correct a small inconsistency (#3559)
• f51f3ba axum-extra: Add trailing newline to pretty JSON response (#3526)
• 816407a Fix integer underflow in try_range_response for empty files (#3566)
• 78656eb docs: Clarify route_layer does not apply middleware to the fallback handler...
• 4404f27 Release axum v0.8.7 and axum-extra v0.12.2
• 8f1545a Fix typo in extractors guide (#3554)
• 4fc3faa Relax implicit Send / Sync bounds (#3555)
• a05920c Make it easier to visually scan for default features (#3550)
• Additional commits viewable in compare view

Updates regex from 1.12.2 to 1.12.3

Changelog

Sourced from regex's changelog.

1.12.3 (2025-02-03)

This release excludes some unnecessary things from the archive published to crates.io. Specifically, fuzzing data and various shell scripts are now excluded. If you run into problems, please file an issue.

Improvements:

• #1319: Switch from a Cargo exclude list to an include list, and exclude some unnecessary stuff.

Commits

• b028e4f 1.12.3
• 5e195de regex-automata-0.4.14
• a3433f6 regex-syntax-0.8.9
• 0c07fae regex-lite-0.1.9
• 6a81006 cargo: exclude development scripts and fuzzing data
• 4733e28 automata: fix onepass::DFA::try_search_slots panic when too many slots are ...
• See full diff in compare view

Updates tower-http from 0.6.6 to 0.6.8

Release notes

Sourced from tower-http's releases.

tower-http-0.6.8

Fixed

• Disable multiple_members in Gzip decoder, since HTTP context only uses one member. (#621)

#621: tower-rs/tower-http#621

What's Changed

• Disable multiple_members option for gzip decoder by @​ducaale in tower-rs/tower-http#621
• ci: Pin tracing in MSRV job by @​ducaale in tower-rs/tower-http#622
• ci: Switch cargo-public-api-crates to cargo-check-external-types by @​tottoto in tower-rs/tower-http#613
• Remove deprecated annotations and Refactor From implementations by @​sinder38 in tower-rs/tower-http#608
• v0.6.8 by @​seanmonstar in tower-rs/tower-http#624

New Contributors

• @​sinder38 made their first contribution in tower-rs/tower-http#608

Full Changelog: tower-rs/tower-http@tower-http-0.6.7...tower-http-0.6.8

tower-http-0.6.7

Added

• TimeoutLayer::with_status_code(status) to define the status code returned when timeout is reached. (#599)

Deprecated

• auth::require_authorization is too basic for real-world. (#591)
• TimeoutLayer::new() should be replaced with TimeoutLayer::with_status_code(). (Previously was StatusCode::REQUEST_TIMEOUT) (#599)

Fixed

• on_eos is now called even for successful responses. (#580)
• ServeDir: call fallback when filename is invalid (#586)
• decompression will not fail when body is empty (#618)

#580: tower-rs/tower-http#580 #586: tower-rs/tower-http#586 #591: tower-rs/tower-http#591 #599: tower-rs/tower-http#599 #618: tower-rs/tower-http#618

New Contributors

• @​mladedav made their first contribution in tower-rs/tower-http#580
• @​aryaveersr made their first contribution in tower-rs/tower-http#586
• @​soerenmeier made their first contribution in tower-rs/tower-http#588

... (truncated)

Commits

• 33166c8 v0.6.8
• 6680160 Fix deprecated lints (#608)
• 81b8231 ci: Switch cargo-public-api-crates to cargo-check-external-types (#613)
• 1fb0144 ci: pin tracing in msrv job (#622)
• 1fe4c09 fix(decompression): disable multiple_members option for gzip decoder (#621)
• 3bf1ba7 v0.6.7
• 723ca9a fix(decompression): Suppress EOF errors caused by decompressing empty body (#...
• 8ab9f82 chore(ci): use newer cargo-public-api-crates job (#619)
• 7cfdf76 doc: Replace doc_auto_cfg with doc_cfg (#609)
• 50beeaf Add support for custom status code in TimeoutLayer (#599)
• Additional commits viewable in compare view

Updates syn from 2.0.107 to 2.0.114

Release notes

Sourced from syn's releases.

2.0.114

• Make std dependencies more easily discoverable in source code (#1956, thanks @​tamird)

2.0.113

• Allow parsing TypeParam with colon not followed by any type param bounds (#1953, thanks @​wyfo)

2.0.112

• Fix panic in LitByte::new().value() (#1951, thanks @​VictorArcium)

2.0.111

• Allow first argument of braced!, bracketed!, parenthesized! to be an otherwise unused variable (#1946)

2.0.110

• Tweaks to improve build speed (#1939, thanks @​dishmaker)
• Make syn::ext::IdentExt::unraw available without "parsing" feature (#1940)
• Support parsing syn::Meta followed by => (#1944)

2.0.109

• Tweaks to improve build speed (#1927, #1928, #1930, #1932, #1934, thanks @​dishmaker)

2.0.108

• Parse unrecognized or invalid literals as Lit::Verbatim (#1925)

Commits

• 211e0df Release 2.0.114
• 18cd645 Touch up PR 1956
• 8c9f7e1 Merge pull request #1956 from tamird/no-std-prep
• f8a7a33 Disable std prelude
• 888a207 Delete html_root_url comment
• 8cfa32a Release 2.0.113
• d5e19ff Do PR 1953 also for LifetimeParam
• 3fe4dc6 Merge pull request #1953 from wyfo/fix/type-param-colon-no-bounds
• 31508f3 Fix TypeParam expecting identifier after colon
• 1534d3a Update reqwest dev-dependency to 0.13
• Additional commits viewable in compare view

Updates aws-credential-types from 1.2.2 to 1.2.7

Commits

• See full diff in compare view

Updates axum-extra from 0.12.1 to 0.12.5

Release notes

Sourced from axum-extra's releases.

axum-extra v0.12.3

• changed: Make the typed-routing feature enable the routing feature (#3514)
• changed: Add trailing newline to ErasedJson::pretty response bodies (#3526)
• fixed: Fix integer underflow in FileStream::try_range_response for empty files (#3566)

#3514: tokio-rs/axum#3514 #3526: tokio-rs/axum#3526 #3566: tokio-rs/axum#3566

axum-extra v0.12.2

• Make it easier to visually scan for default features (#3550)

#3550: tokio-rs/axum#3550

Commits

• See full diff in compare view

Updates tokio-stream from 0.1.17 to 0.1.18

Commits

• 60b083b chore: prepare tokio-stream 0.1.18 (#7830)
• 9cc02cc chore: prepare tokio-util 0.7.18 (#7829)
• d2799d7 task: improve the docs of Builder::spawn_local (#7828)
• 4d4870f task: doc that task drops before JoinHandle completion (#7825)
• fdb1509 fs: check for io-uring opcode support (#7815)
• 426a562 rt: remove allow(dead_code) after JoinSet stabilization (#7826)
• e3b89bb chore: prepare Tokio v1.49.0 (#7824)
• 4f577b8 Merge 'tokio-1.47.3' into 'master'
• f320197 chore: prepare Tokio v1.47.3 (#7823)
• ea6b144 ci: freeze rustc on nightly-2025-01-25 in netlify.toml (#7652)
• Additional commits viewable in compare view

Updates time from 0.3.44 to 0.3.47

Release notes

Sourced from time's releases.

v0.3.47

See the changelog for details.

v0.3.46

See the changelog for details.

v0.3.45

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.47 [2026-02-05]

Security

• The possibility of a stack exhaustion denial of service attack when parsing RFC 2822 has been eliminated. Previously, it was possible to craft input that would cause unbounded recursion. Now, the depth of the recursion is tracked, causing an error to be returned if it exceeds a reasonable limit.

  This attack vector requires parsing user-provided input, with any type, using the RFC 2822 format.

Compatibility

• Attempting to format a value with a well-known format (i.e. RFC 3339, RFC 2822, or ISO 8601) will error at compile time if the type being formatted does not provide sufficient information. This would previously fail at runtime. Similarly, attempting to format a value with ISO 8601 that is only configured for parsing (i.e. Iso8601::PARSING) will error at compile time.

Added

• Builder methods for format description modifiers, eliminating the need for verbose initiali...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.