Bump tokio from 1.45.0 to 1.48.0 by dependabot[bot] · Pull Request #1265 · Chia-Network/chia_rs

dependabot · 2025-10-14T23:03:34Z

Bumps tokio from 1.45.0 to 1.48.0.

Release notes

Tokio v1.48.0

1.48.0 (October 14th, 2025)

The MSRV is increased to 1.71.

Added

fs: add File::max_buf_size (#7594)

io: export Chain of AsyncReadExt::chain (#7599)

net: add SocketAddr::as_abstract_name (#7491)

net: add TcpStream::quickack and TcpStream::set_quickack (#7490)

net: implement AsRef<Self> for TcpStream and UnixStream (#7573)

task: add LocalKey::try_get (#7666)

task: implement Ord for task::Id (#7530)

Changed

deps: bump windows-sys to version 0.61 (#7645)

fs: preserve max_buf_size when cloning a File (#7593)

macros: suppress clippy::unwrap_in_result in #[tokio::main] (#7651)

net: remove PollEvented noise from Debug formats (#7675)

process: upgrade Command::spawn_with to use FnOnce (#7511)

sync: remove inner mutex in SetOnce (#7554)

sync: use UnsafeCell::get_mut in Mutex::get_mut and RwLock::get_mut (#7569)

time: reduce the generated code size of Timeout<T>::poll (#7535)

Fixed

macros: fix hygiene issue in join! and try_join! (#7638)

net: fix copy/paste errors in udp peek methods (#7604)

process: fix error when runtime is shut down on nightly-2025-10-12 (#7672)

runtime: use release ordering in wake_by_ref() even if already woken (#7622)

sync: close the broadcast::Sender in broadcast::Sender::new() (#7629)

sync: fix implementation of unused RwLock::try_* methods (#7587)

Unstable

tokio: use cargo features instead of --cfg flags for taskdump and io_uring (#7655, #7621)

fs: support io_uring in fs::write (#7567)

fs: support io_uring with File::open() (#7617)

fs: support io_uring with OpenOptions (#7321)

macros: add local runtime flavor (#7375, #7597)

Documented

io: clarify the zero capacity case of AsyncRead::poll_read (#7580)

io: fix typos in the docs of AsyncFd readiness guards (#7583)

net: clarify socket gets closed on drop (#7526)

net: clarify the behavior of UCred::pid() on Cygwin (#7611)

net: clarify the supported platform of set_reuseport() and reuseport() (#7628)

... (truncated)

Commits

556820f chore: prepare Tokio v1.48.0 (#7677)
fd1659a chore: prepare tokio-macros v2.6.0 (#7676)
53e8aca ci: update nightly version to 2025-10-12 (#7670)
9e5527d process: fix error when runtime is shut down on nightly-2025-10-12 (#7672)
25a24de net: remove PollEvented noise from Debug formats (#7675)
c1fa25f task: clarify the behavior of several spawn_local methods (#7669)
e7e02fc fs: use FileOptions inside fs::File to support uring (#7617)
f7a7f62 ci: remove cargo-deny Unicode-DFS-2016 license exception config (#7619)
d1f1499 tokio: use cargo feature for taskdump support instead of cfg (#7655)
ad6f618 runtime: clarify the behavior of Handle::block_on (#7665)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.45.0 to 1.48.0. - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.45.0...tokio-1.48.0) --- updated-dependencies: - dependency-name: tokio dependency-version: 1.48.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2025-10-14T23:03:52Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/tokio@1.45.0 ⏵ 1.48.0	^-2

View full report

socket-security · 2025-10-14T23:03:53Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		`cargo/windows-sys@0.60.2` is a AI-detected potential code anomaly. Notes: This is a standard, albeit large, FFI binding layer for Windows Filter Manager APIs. There is no self-contained malicious logic or data exfiltration. The primary risk is operational: downstream code could misuse these APIs to install or manipulate minifilters or IPC with kernel components. No hardcoded secrets or obfuscated code detected. Recommend restricting surface area via feature flags, providing safe wrappers, and adding thorough input validation and usage guidelines for consuming code. Confidence: 1.00 Severity: 0.60 From: `?` → `cargo/tokio@1.48.0` → `cargo/windows-sys@0.60.2` ℹ Read more on: This package \| This alert \| What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore cargo/windows-sys@0.60.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

coveralls-official · 2025-10-14T23:47:48Z

Pull Request Test Coverage Report for Build 18512435334

Details

0 of 0 changed or added relevant lines in 0 files are covered.
No unchanged relevant lines lost coverage.
Overall coverage remained the same at 84.757%

Totals
Change from base Build 18439529854:	0.0%
Covered Lines:	16853
Relevant Lines:	19884