From e4a6943c766330999c33c9e4f250b93519e9bcfa Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 7 Apr 2025 18:38:32 -0400
Subject: [PATCH] Update Rust crate tokio to v1.44.2 [SECURITY] (#28277)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [tokio](https://tokio.rs)
([source](https://redirect.github.com/tokio-rs/tokio)) | dependencies |
patch | `1.44.1` -> `1.44.2` |
| [tokio](https://tokio.rs)
([source](https://redirect.github.com/tokio-rs/tokio)) |
workspace.dependencies | patch | `1.44.1` -> `1.44.2` |

### GitHub Vulnerability Alerts

####
[GHSA-rr8g-9fpq-6wmg](https://redirect.github.com/tokio-rs/tokio/pull/7232)

The broadcast channel internally calls `clone` on the stored value when
receiving it, and only requires `T:Send`. This means that using the
broadcast channel with values that are `Send` but not `Sync` can trigger
unsoundness if the `clone` implementation makes use of the value being
`!Sync`.

Thank you to Austin Bonander for finding and reporting this issue.

---

### Release Notes

<details>
<summary>tokio-rs/tokio (tokio)</summary>

###
[`v1.44.2`](https://redirect.github.com/tokio-rs/tokio/releases/tag/tokio-1.44.2):
Tokio v1.44.2

[Compare
Source](https://redirect.github.com/tokio-rs/tokio/compare/tokio-1.44.1...tokio-1.44.2)

This release fixes a soundness issue in the broadcast channel. The
channel
accepts values that are `Send` but `!Sync`. Previously, the channel
called
`clone()` on these values without synchronizing. This release fixes the
channel
by synchronizing calls to `.clone()` (Thanks Austin Bonander for finding
and
reporting the issue).

##### Fixed

- sync: synchronize `clone()` call in broadcast channel ([#&#8203;7232])

[#&#8203;7232]: https://redirect.github.com/tokio-rs/tokio/pull/7232

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone America/New_York,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

Release Notes:

- N/A

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 Cargo.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 482359f8e38dc232a4231c2fc886d5a53f077906..a063fd7536b080306ff667428e6bf2ddfedd1e52 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -7900,7 +7900,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34"
 dependencies = [
  "cfg-if",
- "windows-targets 0.52.6",
+ "windows-targets 0.48.5",
 ]
 
 [[package]]
@@ -14660,9 +14660,9 @@ dependencies = [
 
 [[package]]
 name = "tokio"
-version = "1.44.1"
+version = "1.44.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f382da615b842244d4b8738c82ed1275e6c5dd90c459a30941cd07080b06c91a"
+checksum = "e6b88822cbe49de4185e3a4cbf8321dd487cf5fe0c5c65695fef6346371e9c48"
 dependencies = [
  "backtrace",
  "bytes 1.10.1",