build(deps): bump the simple group across 1 directory with 5 updates

[dependabot]

Bumps the simple group with 5 updates in the /misc/wasm directory:

Package	From	To
axum	0.8.8	0.8.9
http	1.4.0	1.4.2
native-tls	0.2.15	0.2.18
prost	0.14.3	0.14.4
smallvec	1.15.1	1.15.2

Updates axum from 0.8.8 to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

• added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
• changed: Update minimum rust version to 1.80 (#3620)
• fixed: Set connect endpoint on correct field in MethodRouter (#3656)
• fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

Commits

• c59208c revert axum-core changelog changes
• 99068f5 Revert "Fix IntoResponse for tuples overriding error response codes (#3603)"
• 23d7098 Revert "axum-core 0.5.6"
• e8a39ad axum-macros 0.5.1
• 6e9a249 axum-extra 0.12.6
• 0ec9041 axum 0.8.9
• c3fcebb axum-core 0.5.6
• a8790fc update release notes
• 26ba7bb docs: consolidate state management docs in crate root (#3683)
• 9fc59ef Update to tokio-tungstenite 0.29 (#3689)
• Additional commits viewable in compare view

Updates http from 1.4.0 to 1.4.2

Release notes

Sourced from http's releases.

v1.4.1

tl;dr

• Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
• Fix Extend for HeaderMap to clamp max size hint and not overflow.
• Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
• Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

What's Changed

• chore(header): fix clippy::assign_op_pattern by @​rxc-amzn in hyperium/http#806
• ci: pin itoa in msrv job by @​seanmonstar in hyperium/http#813
• Remove unnecessary explicit lifetimes by @​jplatte in hyperium/http#815
• chore(ci): update to actions/checkout@v6 by @​tottoto in hyperium/http#819
• tests: update to rand 0.10 by @​tottoto in hyperium/http#818
• refactor: Remove usage of float instruction by @​AurelienFT in hyperium/http#823
• refactor(uri): consolidate PathAndQuery::from_shared and from_static by @​seanmonstar in hyperium/http#825
• fix(uri): reject Path::from_shared/from_static if doesn't start with slash by @​seanmonstar in hyperium/http#826
• Rephrase comment by @​daalfox in hyperium/http#827
• Fix typo in request builder docs by @​vleksis in hyperium/http#831
• fix: clamp Extend size hint so HeaderMap reserve cannot overflow by @​SAY-5 in hyperium/http#833
• fix(headers): fix stacked borrows for IterMut/ValuesIterMut by @​seanmonstar in hyperium/http#837
• fix(header): use a set_len guard in IntoIter drop by @​seanmonstar in hyperium/http#838

New Contributors

• @​rxc-amzn made their first contribution in hyperium/http#806
• @​AurelienFT made their first contribution in hyperium/http#823
• @​daalfox made their first contribution in hyperium/http#827
• @​vleksis made their first contribution in hyperium/http#831
• @​SAY-5 made their first contribution in hyperium/http#833

Full Changelog: hyperium/http@v1.4.0...v1.4.1

Changelog

Sourced from http's changelog.

1.4.2 (June 8, 2026)

• Fix uri::Builder to allow "*" as the path when scheme and authority are also set, used in HTTP/2 requests.
• Fix Uri to properly reject DEL characters.

1.4.1 (May 25, 2026)

• Fix PathAndQuery::from_static() and from_shared() to reject inputs that do not start with /.
• Fix Extend for HeaderMap to clamp max size hint and not overflow.
• Fix header::IntoIter that could use-after-free if the generic value type could panic on drop.
• Fix header::{IterMut, ValuesIterMut} to not violate stacked borrows.

Commits

• 82db5b8 v1.4.2
• a9cdbf8 fix(uri): reject DEL character (#842)
• df75ca3 fix(uri): allow STAR paths with scheme/auth (#843)
• ec3f8ce feat(method): impl PartialOrd + Ord (#840)
• a24c968 v1.4.1
• bc3b044 fix(header): use a set_len guard in IntoIter drop (#838)
• 1b968dc fix(header): fix stacked borrows for IterMut/ValuesIterMut (#837)
• 6e2dd42 fix: clamp Extend size hint so HeaderMap reserve cannot overflow (#833)
• 68e0abb docs: fix typo in request builder docs (#831)
• 29dd307 docs(extensions): rephrase internal comment (#827)
• Additional commits viewable in compare view

Updates native-tls from 0.2.15 to 0.2.18

Release notes

Sourced from native-tls's releases.

v0.2.17

What's Changed

• Added ALPN support to TlsAcceptor by @​matszpk in rust-native-tls/rust-native-tls#229 and @​JohnGu9 in rust-native-tls/rust-native-tls#363

Full Changelog: rust-native-tls/rust-native-tls@v0.2.16...v0.2.17

v0.2.16

• Added TLS 1.3 as an option on non-Apple platforms rust-native-tls/rust-native-tls#353
  • Apple platforms will fall back to TLS 1.2 when it's allowed, or fail due to lack of TLS 1.3 in the Security.framework rust-native-tls/rust-native-tls#357
• Added stack_from_pem by @​Keruspe in rust-native-tls/rust-native-tls#168
• Upgraded openssl-probe and Security.framework bindings rust-native-tls/rust-native-tls#349
• Simplified cfg()s to support all non-macOS Apple platforms.

Full Changelog: rust-native-tls/rust-native-tls@v0.2.15...v0.2.16

Changelog

Sourced from native-tls's changelog.

[v0.2.18]

• Fixed min/max protocol selection fallback for very old OpenSSL versions.

[v0.2.17]

• Added support for ALPN on the server side on non-Apple platforms.
• Fixed iOS + ALPN feature flag.

[v0.2.16]

• Added TLS 1.3 as an option on non-Apple platforms. Apple platforms will fall back to TLS 1.2 when it's allowed, or fail due to lack of TLS 1.3 in the Security.framework.
• Added stack_from_pem (except iOS).
• Upgraded openssl-probe.
• Upgraded Security.framework bindings.
• Simplified cfg()s to support all non-macOS Apple platforms.

Commits

• 3cf1877 TLS 1.3 min/max fallback for old OpenSSL versions
• a352cb3 Exclude unused files from the package
• be13f94 Release 0.2.17
• 8213e1d fmt
• c250fa7 Test features
• bd165e9 Work around set_alpn_select_callback lifetime issues
• 64439ad Use separate feature flag for server-side ALPN
• aa71c45 Common helper for alpn
• 1be1ac9 add ALPN server side test
• f640501 Add ALPN implement for schannel
• Additional commits viewable in compare view

Updates prost from 0.14.3 to 0.14.4

Changelog

Sourced from prost's changelog.

Prost version 0.14.4

PROST! is a Protocol Buffers implementation for the Rust Language. prost generates simple, idiomatic Rust code from proto2 and proto3 files.

🚀 Features

• (prost-derive) Make is_valid a constant function (#1401)
• Increase MSRV to 1.85 (#1428)

🐛 Bug Fixes

• Use Display instead of Debug for generated enumeration attributes (#1419)
• (prost-derive) Return error for invalid enumeration default identifiers (#1426)
• (build) Grab binary path from cargo (#1429)
• (build) Fix C++ build on GCC 15 (#1395)

📚 Documentation

• Add example for decode_length_delimiter (#1311)
• Update protobuf-src example to avoid unsafe set_var

🧪 Testing

• Test derive Eq behavior (#1422)
• (groups) Actually construct NestedGroup (#1363)

💼 Dependencies

• (deps) Update criterion requirement from 0.7 to 0.8 (#1374)
• (deps) Remove getrandom@0.4.1 from build-dependencies (#1400)
• (deps) Update rand requirement from 0.9 to 0.10 (#1397)
• (deps) Bump actions/upload-artifact from 6 to 7 (#1409)
• (deps) Update cargo clippy to 1.89 (#1433)
• (deps) Update cargo clippy to 1.91 (#1435)
• (deps) Update and improve nix devshell (#1393)

🎨 Styling

• Prevent needless borrow (#1404)
• Use std::hint::black_box() (#1403)
• Use variables directly in format!() (#1432)
• Remove explicit .into_iter() (#1434)
• Run clippy on benches (#1405)

Commits

• 13646cd chore: Release version 0.14.4 (#1437)
• dad79d5 fix(prost-derive): return error for invalid enumeration default identifiers (...
• b0b6c93 ci: Update cargo clippy to 1.91 (#1435)
• 32cfffb style: remove explicit .into_iter() (#1434)
• 2710efd ci: Update cargo clippy to 1.89 (#1433)
• 18ea4e4 style: use variables directly in format!() (#1432)
• 2821bd1 build(deps): bump actions/upload-artifact from 6 to 7 (#1409)
• 3ce3b39 test(groups): Actually construct NestedGroup (#1363)
• 8776405 docs: Update changelog for version 0.14.3 (#1431)
• 33d3ef1 build: Grab binary path from cargo (#1429)
• Additional commits viewable in compare view

Updates smallvec from 1.15.1 to 1.15.2

Release notes

Sourced from smallvec's releases.

v1.15.2

What's Changed

• Exclude development script from cargo packaging by @​weiznich in servo/rust-smallvec#397
• Fix use-after-free in DrainFilter::keep_rest for SmallVec with capacity 0 by @​Shnatsel in servo/rust-smallvec#407
• Work around rustc 1.93 perf regression with MaybeUninit by @​glandium in servo/rust-smallvec#410

New Contributors

• @​Shnatsel made their first contribution in servo/rust-smallvec#407
• @​glandium made their first contribution in servo/rust-smallvec#410

Full Changelog: servo/rust-smallvec@v1.15.1...v1.15.2

Commits

• c469051 Bump version.
• 9fe422b Fix Windows CI.
• 51b965f Work around rustc 1.93 perf regression with MaybeUninit
• 9da26a5 Fix use-after-free in DrainFilter::keep_rest for zero-capacity SmallVecs
• 79184f1 Add Miri test for use-after-free in DrainFilter::keep_rest
• f59fb36 Merge pull request #397 from GiGainfosystems/exclude_scripts
• 28b6ed7 Exclude development script
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions