ci(deps): Bump the cargo group with 2 updates

[dependabot]

Bumps the cargo group with 2 updates: reqwest and schemars.

Updates reqwest from 0.13.3 to 0.13.4

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

What's Changed

• fix(tls): improve rustls-no-provider panic message and add module docs by @​smythg4 in seanmonstar/reqwest#3021
• fix: do not lose the url in error when decoding json by @​Dushistov in seanmonstar/reqwest#3026
• Add tls_sslkeylogfile builder method by @​passcod in seanmonstar/reqwest#2923
• fix(redirect): strip sensitive headers on scheme change across redirects by @​SAY-5 in seanmonstar/reqwest#3034
• chore: upgrade MSRV to 1.85 by @​seanmonstar in seanmonstar/reqwest#3038
• chore: clean up minimal-versions CI job by @​seanmonstar in seanmonstar/reqwest#3039
• fix(http3): use happy eyeballs for h3 connect by @​lyuzichong in seanmonstar/reqwest#3030
• fix: update hickory-resolver to 0.26 and adjust code accordingly by @​seanmonstar in seanmonstar/reqwest#3040
• fix: remove unwrap in hickory initialization by @​mat813 in seanmonstar/reqwest#3041
• feat(https): support TLS 1.3 as min version under native-tls 🎉 by @​AverageHelper in seanmonstar/reqwest#2975
• Expose keep alive configurations in blocking client by @​aeb-dev in seanmonstar/reqwest#3043
• Prepare v0.13.4 by @​seanmonstar in seanmonstar/reqwest#3046

New Contributors

• @​smythg4 made their first contribution in seanmonstar/reqwest#3021
• @​Dushistov made their first contribution in seanmonstar/reqwest#3026
• @​SAY-5 made their first contribution in seanmonstar/reqwest#3034
• @​mat813 made their first contribution in seanmonstar/reqwest#3041
• @​AverageHelper made their first contribution in seanmonstar/reqwest#2975
• @​aeb-dev made their first contribution in seanmonstar/reqwest#3043

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

Changelog

Sourced from reqwest's changelog.

v0.13.4

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

Commits

• 11489b3 v0.13.4
• d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
• 79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
• fb7bf6a fix: remove unwrap in hickory initialization (#3041)
• 3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
• c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
• 9cbb65b chore: clean up minimal-versions CI job (#3039)
• 17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
• 03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
• 4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
• Additional commits viewable in compare view

Updates schemars from 0.8.22 to 1.2.1

Release notes

Sourced from schemars's releases.

v1.2.1

Fixed

• transform attributes are now applied after the schema is otherwise fully constructed. In particular, they're now applied after all other attributes are processed. (GREsau/schemars#505)

v1.2.0

🎅 Merry Christmas! 🎄

Added

• Add smol_str03 feature (GREsau/schemars#486)

Changed

• Schemas generated for HashMap/BTreeMap with enum keys are now more specific (GREsau/schemars#452)

v1.1.0

Added

• Public functions that have no side-effects are now marked with #[must_use] so that they report a lint warning when the returned value is unused, as this likely indicates a mistake.

Fixed

• Improve accuracy of schemas for flattened enums, in particular: unit variants of externally-tagged enums, and enums wrapped in Option<>. (GREsau/schemars#464 / GREsau/schemars#483)

v1.0.5

Fixed

• Fix schema.pointer_mut() to resolve URI fragment identifiers like #/$defs/foo, matching current behaviour of schema.pointer() (GREsau/schemars#478 / GREsau/schemars#479)

v1.0.4

Fixed

• Fix JsonSchema impl on atomic types being ignored on non-nightly compilers due to a buggy cfg check (GREsau/schemars#453)
• Fix compatibility with minimal dependency versions, e.g. old(-ish) versions of syn (GREsau/schemars#450)
• Fix derive for empty tuple variants (GREsau/schemars#455)

v1.0.3

Fixed

• Fix compile error when a doc comment is set on both a transparent (or newtype) struct and its field (GREsau/schemars#446)
• Fix json_schema!() macro compatibility when used from pre-2021 rust editions (GREsau/schemars#447)

v1.0.2

Fixed

• Fix schema properties being incorrectly reordered during serialization (GREsau/schemars#444)

v1.0.1

Fixed

... (truncated)

Changelog

Sourced from schemars's changelog.

[1.2.1] - 2026-02-01

Fixed

• transform attributes are now applied after the schema is otherwise fully constructed. In particular, they're now applied after all other attributes are processed. (GREsau/schemars#505)

[1.2.0] - 2025-12-25 🎄

Added

• Add smol_str03 feature (GREsau/schemars#486)

Changed

• Schemas generated for HashMap/BTreeMap with enum keys are now more specific (GREsau/schemars#452)

[1.1.0] - 2025-11-05

Added

• Public functions that have no side-effects are now marked with #[must_use] so that they report a lint warning when the returned value is unused, as this likely indicates a mistake.

Fixed

• Improve accuracy of schemas for flattened enums, in particular: unit variants of externally-tagged enums, and enums wrapped in Option<>. (GREsau/schemars#464 / GREsau/schemars#483)

[1.0.5] - 2025-11-02

Fixed

• Fix schema.pointer_mut() to resolve URI fragment identifiers like #/$defs/foo, matching current behaviour of schema.pointer() (GREsau/schemars#478 / GREsau/schemars#479)

[1.0.4] - 2025-07-06

Fixed

• Fix JsonSchema impl on atomic types being ignored on non-nightly compilers due to a buggy cfg check (GREsau/schemars#453)
• Fix compatibility with minimal dependency versions, e.g. old(-ish) versions of syn (GREsau/schemars#450)
• Fix derive for empty tuple variants (GREsau/schemars#455)

[1.0.3] - 2025-06-28

Fixed

• Fix compile error when a doc comment is set on both a transparent (or newtype) struct and its field (GREsau/schemars#446)
• Fix json_schema!() macro compatibility when used from pre-2021 rust editions (GREsau/schemars#447)

[1.0.2] - 2025-06-26

Fixed

... (truncated)

Commits

• 5ef5da1 v1.2.1
• 4081b98 Apply extend/transform attributes after any other attributes (#506)
• 5bfec04 v1.2.0
• f6b1f4c Add smol_str03 feature (#486)
• 18826cd Add test for changes from #452
• 2ac8ff5 Added better map support (#452)
• 6009e82 Limit workflow permissions
• ac0b651 Fix title
• 97b2427 v1.1.0
• e67495b Improve optional enum flattening behaviour
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[edenreich]

@claude The CI is failing this bump is not safe?

[claude]

Claude finished @edenreich's task in 2m 24s —— View job

---

Investigating CI failure on dependency bump

• Check CI status and failure logs
• Review the actual changes in this PR
• Identify which dependency is breaking (reqwest minor vs schemars major)
• Assess whether the bump is safe and recommend next steps

Answer: No, this bump is not safe as bundled. The schemars upgrade is the breaking piece; reqwest is fine.

What's failing

The Verify generated types are in sync with openapi.yaml step blew up before even running the codegen diff — it's a compile error in tools/gen-types/src/main.rs:13:

error[E0432]: unresolved import `schemars::schema::RootSchema`
  --> tools/gen-types/src/main.rs:13:24
   |
13 | use schemars::schema::{RootSchema, Schema};
   |                        ^^^^^^^^^^ no `RootSchema` in `schema`

error[E0603]: module `schema` is private
  --> tools/gen-types/src/main.rs:13:15
   |
13 | use schemars::schema::{RootSchema, Schema};
   |               ^^^^^^ private module

Why

schemars 0.8 → 1.2 is a major version bump with deliberate API breaks:

• The schemars::schema module is no longer public.
• RootSchema was removed — schemars 1.x uses a single unified Schema type with $defs instead of a separate root/definitions struct.

tools/gen-types/src/main.rs uses both at main.rs:13 and constructs a RootSchema { meta_schema, schema, definitions } literal at main.rs:65 to feed typify::TypeSpace::add_root_schema(...).

Why this isn't just a fix-the-import job

Even if we rewrote gen-types to use schemars 1.x, the consumer is typify, which in this repo is pinned to typify v0.6.2 and still depends on schemars 0.8.22 (confirmed in Cargo.lock):

1761  name = "typify-impl"
...
1771  "schemars 0.8.22",

So we'd be building a Schema with schemars 1.x and trying to pass it into a function that expects schemars 0.8's RootSchema — those are distinct types from two different crate versions compiled side-by-side. The migration requires typify upstream to support schemars 1.x first, then we bump both together. As of typify 0.6.2 that hasn't happened.

reqwest 0.13.3 → 0.13.4 is fine

Patch bump (TLS 1.3 under native-tls, http2 keep-alive in blocking, redirect-header fix, hickory-resolver 0.26). All 25 SDK tests passed in CI — the failure is purely from the schemars-driven gen-types compile error.

Recommended next step

Tell dependabot to drop the schemars major bump from this PR, e.g.:

@dependabot ignore schemars major version

then re-run / recreate so this PR ships only the safe reqwest patch bump. Schemars can be revisited once typify releases a version that's compatible with schemars 1.x (or if you decide to swap typify for something else in the codegen tool).

Happy to open a follow-up PR that just keeps the reqwest bump if you'd prefer — let me know.
• Branch: dependabot/cargo/cargo-fbfcc98d92

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml