deps: bump the deps-patches group with 5 updates

[dependabot]

Bumps the deps-patches group with 5 updates:

Package	From	To
pulldown-cmark	0.13.3	0.13.4
rfc2047-decoder	1.1.0	1.1.2
serde_json	1.0.149	1.0.150
tower-http	0.6.10	0.6.11
bestool-postgres	1.0.7	1.0.9

Updates pulldown-cmark from 0.13.3 to 0.13.4

Release notes

Sourced from pulldown-cmark's releases.

0.13.4

Fix panic in specific cases with TightParagraph.

What's Changed

• fix: panic in parser iterator for TightParagraph in some cases by @​Martin1887 in pulldown-cmark/pulldown-cmark#1096

Full Changelog: pulldown-cmark/pulldown-cmark@v0.13.3...v0.13.4

Commits

• 38e4d08 chore: cargo update
• 9c61031 chore: bump pulldown-cmark version to 0.13.4
• 709268f Merge pull request #1096 from pulldown-cmark/fix-1095
• c1d4450 Add test case from 1097
• 6fea453 fix: panic in parser iterator for TightParagraph in some cases
• See full diff in compare view

Updates rfc2047-decoder from 1.1.0 to 1.1.2

Release notes

Sourced from rfc2047-decoder's releases.

bump chumsky

What's Changed

• Update chumsky requirement from 0.12 to 0.13 by @​dependabot[bot] in TornaxO7/rfc2047-decoder#47

Full Changelog: TornaxO7/rfc2047-decoder@v1.1.0...v1.1.2

Commits

• d3467e8 chore: Release rfc2047-decoder version 1.1.2
• bae4a23 chore: Release rfc2047-decoder version 1.1.1
• d3a7125 Merge pull request #47 from TornaxO7/dependabot/cargo/chumsky-0.13
• 13681ab Update chumsky requirement from 0.12 to 0.13
• 50e9cf4 remove sponsoring
• 0f6cf1e update funding
• See full diff in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates tower-http from 0.6.10 to 0.6.11

Release notes

Sourced from tower-http's releases.

tower-http-0.6.11

Added

• set-header: add SetMultipleResponseHeadersLayer and SetMultipleResponseHeader for setting multiple response headers at once. Supports overriding, appending, and if_not_present modes. Header values can be fixed or computed dynamically via closures (#672)

  use http::{Response, header::{self, HeaderValue}};
  use http_body::Body as _;
  use tower_http::set_header::response::SetMultipleResponseHeadersLayer;
  let layer = SetMultipleResponseHeadersLayer::overriding(vec![
  (header::X_FRAME_OPTIONS, HeaderValue::from_static("DENY")).into(),
  (header::CONTENT_LENGTH, |res: &Response<MyBody>| {
  res.body().size_hint().exact()
  .map(|size| HeaderValue::from_str(&size.to_string()).unwrap())
  }).into(),
  ]);

• set-header: add SetMultipleRequestHeadersLayer and SetMultipleRequestHeaders for setting multiple request headers at once, mirroring the response-side API (#677)

• classify: add From<i32> and From<NonZeroI32> impls for GrpcCode. Unrecognized status codes map to GrpcCode::Unknown (#506)

Changed

• compression: compress application/grpc-web responses. Previously all application/grpc* content types were excluded from compression; now only application/grpc (non-web) is excluded (#408)

Fixed

• fs: fix ServeDir returning 500 instead of 405 for non-GET/HEAD requests when call_fallback_on_method_not_allowed is enabled but no fallback service is configured (#587)
• fs: remove duplicate cfg attribute on is_reserved_dos_name (#675)

#408: tower-rs/tower-http#408 #506: tower-rs/tower-http#506 #587: tower-rs/tower-http#587 #672: tower-rs/tower-http#672 #675: tower-rs/tower-http#675 #677: tower-rs/tower-http#677

All PRs

• ci: fix flaky encoding test, add nightly stress test job by @​jlizen in tower-rs/tower-http#670

... (truncated)

Commits

• 1d082ef v0.6.11
• 9c3117d feat: set multiple request header (#677)
• 667e7c7 Remove duplicate cfg attribute for is_reserved_dos_name (#675)
• 7551a9b feat(set_header): refactor and improve multiple header middleware (#672)
• 991e9ee add From<i32> impl for GrpcCode (#506)
• 3962dba Do compress grpc-web responses (#408)
• f0b3bb6 Fix serve_dir method not allowed handling when no fallback is configured (#587)
• d1a571b ci: use static timeout in stress-test workflow (#671)
• 309555a ci: fix flaky encoding test, add nightly stress test job (#670)
• See full diff in compare view

Updates bestool-postgres from 1.0.7 to 1.0.9

Commits

• 668451b repo: release
• 6e0e0f2 feat(self-update): prefer zstd-compressed download
• 7bf31da refactor(actions): make Context an extensions map
• 42fcd05 feat(tamanu/logs): special-case caddy with JSON highlighting (#339)
• 6a899d8 docs: add READMEs for each crate (#346)
• 8ba2800 feat(tamanu/logs): tail caddy logs from C:\Caddy on Windows
• 81d78c6 feat(tamanu/logs): special-case caddy with opportunistic JSON highlighting
• ca43171 docs(bestool): point Cargo.toml readme at workspace root README
• a29bb40 docs(rpi-st7789v2-driver): add README
• a953d20 docs(postgres): add README
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions