chore(deps): bump the minor-and-patch group across 1 directory with 4 updates

[dependabot]

Bumps the minor-and-patch group with 4 updates in the / directory: serde_json, sysinfo, tar and tower-http.

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates sysinfo from 0.39.1 to 0.39.2

Changelog

Sourced from sysinfo's changelog.

0.39.2

• Windows: Greatly improve performance of System::refresh_cpu_specifics when CPU usage is not requested.
• iOS: Fix compilation error when user feature is enabled.
• Linux: Correctly set thread information for processes.

Commits

• c43234a Update crate version to 0.39.2
• b71467e Update CHANGELOG for 0.39.2 version
• 345915a Improve code readability
• 35f3c18 Fix fmt and clippy
• 4bf1fe4 Windows: skip PDH setup when cpu_usage isn't requested (#1664)
• 2be72d7 Stub get_users on iOS via app_store::users
• c725c09 linux: fix detect thread entries in ProcessesToUpdate::All mode
• See full diff in compare view

Updates tar from 0.4.45 to 0.4.46

Release notes

Sourced from tar's releases.

0.4.46

Security

• archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm) by @​cgwalters in composefs/tar-rs#454

See also GHSA-3cv2-h65g-fgmm

Other changes

• ci: Fix and re-enable reverse dependency testing by @​cgwalters in composefs/tar-rs#444
• Update astral-tokio-tar requirement from 0.5 to 0.6 by @​dependabot[bot] in composefs/tar-rs#446
• Update some links by @​atouchet in composefs/tar-rs#445
• Add support of absolute paths by @​zxvfc in composefs/tar-rs#426
• docs: Expand notes on concurrent mutations and following symlinks by @​cgwalters in composefs/tar-rs#453
• Update repo links by @​cgwalters in composefs/tar-rs#451
• ci: Add crates.io trusted publishing workflow by @​cgwalters in composefs/tar-rs#456
• Release 0.4.46 by @​cgwalters in composefs/tar-rs#455

New Contributors

• @​dependabot[bot] made their first contribution in composefs/tar-rs#446
• @​atouchet made their first contribution in composefs/tar-rs#445
• @​zxvfc made their first contribution in composefs/tar-rs#426

Full Changelog: composefs/tar-rs@0.4.45...0.4.46

Commits

• fc459c1 Release 0.4.46
• 43e05a8 ci: Add crates.io trusted publishing workflow
• bba5666 Update repo links
• cd94c46 docs: Document TOCTOU / concurrent-mutation threat model
• 1b4997c builder: Expand docs for follow_symlinks and append_dir_all
• bab14dd archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm)
• 2349b49 Add support of absolute paths
• 39d0311 Update some links
• 59d803e Update astral-tokio-tar requirement from 0.5 to 0.6
• 8296b9a ci: Fix and re-enable reverse dependency testing (#444)
• See full diff in compare view

Updates tower-http from 0.6.10 to 0.6.11

Release notes

Sourced from tower-http's releases.

tower-http-0.6.11

Added

• set-header: add SetMultipleResponseHeadersLayer and SetMultipleResponseHeader for setting multiple response headers at once. Supports overriding, appending, and if_not_present modes. Header values can be fixed or computed dynamically via closures (#672)

  use http::{Response, header::{self, HeaderValue}};
  use http_body::Body as _;
  use tower_http::set_header::response::SetMultipleResponseHeadersLayer;
  let layer = SetMultipleResponseHeadersLayer::overriding(vec![
  (header::X_FRAME_OPTIONS, HeaderValue::from_static("DENY")).into(),
  (header::CONTENT_LENGTH, |res: &Response<MyBody>| {
  res.body().size_hint().exact()
  .map(|size| HeaderValue::from_str(&size.to_string()).unwrap())
  }).into(),
  ]);

• set-header: add SetMultipleRequestHeadersLayer and SetMultipleRequestHeaders for setting multiple request headers at once, mirroring the response-side API (#677)

• classify: add From<i32> and From<NonZeroI32> impls for GrpcCode. Unrecognized status codes map to GrpcCode::Unknown (#506)

Changed

• compression: compress application/grpc-web responses. Previously all application/grpc* content types were excluded from compression; now only application/grpc (non-web) is excluded (#408)

Fixed

• fs: fix ServeDir returning 500 instead of 405 for non-GET/HEAD requests when call_fallback_on_method_not_allowed is enabled but no fallback service is configured (#587)
• fs: remove duplicate cfg attribute on is_reserved_dos_name (#675)

#408: tower-rs/tower-http#408 #506: tower-rs/tower-http#506 #587: tower-rs/tower-http#587 #672: tower-rs/tower-http#672 #675: tower-rs/tower-http#675 #677: tower-rs/tower-http#677

All PRs

• ci: fix flaky encoding test, add nightly stress test job by @​jlizen in tower-rs/tower-http#670

... (truncated)

Commits

• 1d082ef v0.6.11
• 9c3117d feat: set multiple request header (#677)
• 667e7c7 Remove duplicate cfg attribute for is_reserved_dos_name (#675)
• 7551a9b feat(set_header): refactor and improve multiple header middleware (#672)
• 991e9ee add From<i32> impl for GrpcCode (#506)
• 3962dba Do compress grpc-web responses (#408)
• f0b3bb6 Fix serve_dir method not allowed handling when no fallback is configured (#587)
• d1a571b ci: use static timeout in stress-test workflow (#671)
• 309555a ci: fix flaky encoding test, add nightly stress test job (#670)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions