Update Rust crate tokio to v1.44.2 [SECURITY] - autoclosed

[oxide-renovate]

This PR contains the following updates:

Package	Type	Update	Change
tokio (source)	workspace.dependencies	patch	1.44.1 -> 1.44.2

GitHub Vulnerability Alerts

GHSA-rr8g-9fpq-6wmg

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync.

Thank you to Austin Bonander for finding and reporting this issue.

---

Release Notes

tokio-rs/tokio (tokio)

v1.44.2: Tokio v1.44.2

Compare Source

This release fixes a soundness issue in the broadcast channel. The channel
accepts values that are Send but !Sync. Previously, the channel called
clone() on these values without synchronizing. This release fixes the channel
by synchronizing calls to .clone() (Thanks Austin Bonander for finding and
reporting the issue).

Fixed

• sync: synchronize clone() call in broadcast channel (#​7232)

---

Configuration

📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - "after 8pm,before 6am" in timezone America/Los_Angeles.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.