Bump the cargo group across 1 directory with 2 updates

[dependabot]

Bumps the cargo group with 2 updates in the /cli directory: tokio and openssl.

Updates tokio from 1.38.2 to 1.42.1

Release notes

Sourced from tokio's releases.

Tokio v1.42.1

This release fixes a soundness issue in the broadcast channel. The channel accepts values that are Send but !Sync. Previously, the channel called clone() on these values without synchronizing. This release fixes the channel by synchronizing calls to .clone() (Thanks Austin Bonander for finding and reporting the issue).

Fixed

• sync: synchronize clone() call in broadcast channel (#7232)

#7232: tokio-rs/tokio#7232

Tokio v1.42.0

1.42.0 (Dec 3rd, 2024)

Added

• io: add AsyncFd::{try_io, try_io_mut} (#6967)

Fixed

• io: avoid ptr->ref->ptr roundtrip in RegistrationSet (#6929)
• runtime: do not defer yield_now inside block_in_place (#6999)

Changes

• io: simplify io readiness logic (#6966)

Documented

• net: fix docs for tokio::net::unix::{pid_t, gid_t, uid_t} (#6791)
• time: fix a typo in Instant docs (#6982)

#6791: tokio-rs/tokio#6791 #6929: tokio-rs/tokio#6929 #6966: tokio-rs/tokio#6966 #6967: tokio-rs/tokio#6967 #6982: tokio-rs/tokio#6982 #6999: tokio-rs/tokio#6999

Tokio v1.41.1

1.41.1 (Nov 7th, 2024)

Fixed

• metrics: fix bug with wrong number of buckets for the histogram (#6957)
• net: display net requirement for net::UdpSocket in docs (#6938)
• net: fix typo in TcpStream internal comment (#6944)

#6957: tokio-rs/tokio#6957 #6938: tokio-rs/tokio#6938 #6944: tokio-rs/tokio#6944

... (truncated)

Commits

• f7fb0bd chore: prepare Tokio v1.42.1
• 9faea74 Merge 'tokio-1.38.x' into 'tokio.1.42.x'
• bb9d570 chore: prepare Tokio v1.42.0 (#7005)
• af9c683 tests: fix typo in build test instructions (#7004)
• 4bc5a1a ci: allow Unicode-3.0 license for unicode-ident (#7006)
• f8948ea runtime: do not defer yield_now inside block_in_place (#6999)
• bce9780 time: use array::from_fn instead of manually creating array (#7000)
• 38151f3 readme: unlist 1.32.x as LTS release (#6997)
• 5dda72d ci: pin valgrind to rustc 1.82 (#6998)
• c07257f io: simplify io readiness logic (#6966)
• Additional commits viewable in compare view

Updates openssl from 0.10.72 to 0.10.73

Release notes

Sourced from openssl's releases.

openssl-v0.10.73

What's Changed

• test against openssl 3.5.0 by @​alex in sfackler/rust-openssl#2392
• Support Libressl 4.1 by @​botovq in sfackler/rust-openssl#2398
• Release openssl-sys v0.9.108 by @​alex in sfackler/rust-openssl#2399
• Replace ctest2 with ctest by @​botovq in sfackler/rust-openssl#2403
• fixed building on the latest boringssl by @​alex in sfackler/rust-openssl#2414
• Release openssl v0.10.73 and openssl-sys v0.9.109 by @​alex in sfackler/rust-openssl#2415

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.72...openssl-v0.10.73

Commits

• e6209d4 Merge pull request #2415 from alex/bump-version
• 9ca6cfe Release openssl v0.10.73 and openssl-sys v0.9.109
• c42d49c Merge pull request #2414 from alex/boringssl-fix
• 5e24219 Attempt to fix with vcpkg
• 93f30ff fixed building on the latest boringssl
• eb88fb0 Merge pull request #2403 from botovq/ctest
• 79a304a Replace ctest2 with ctest
• 132418b Merge pull request #2399 from alex/release-sys
• f7a692b Release openssl-sys v0.9.108
• 2f9b496 Merge pull request #2398 from botovq/libressl-4.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by Bito

This pull request updates the Cargo.lock file in the /cli directory, upgrading the 'tokio' package from 1.38.2 to 1.42.1 and the 'openssl' package from 0.10.72 to 0.10.73. These updates address a soundness issue and incorporate various improvements and fixes, enhancing the project's functionality and security.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
vscode	Ready	Preview	Comment	Aug 29, 2025 6:48pm