deps: bump the async-ecosystem group with 2 updates

[dependabot]

Bumps the async-ecosystem group with 2 updates: tokio and hyper.

Updates tokio from 1.49.0 to 1.50.0

Release notes

Sourced from tokio's releases.

Tokio v1.50.0

1.50.0 (Mar 3rd, 2026)

Added

• net: add TcpStream::set_zero_linger (#7837)
• rt: add is_rt_shutdown_err (#7771)

Changed

• io: add optimizer hint that memchr returns in-bounds pointer (#7792)
• io: implement vectored writes for write_buf (#7871)
• runtime: panic when event_interval is set to 0 (#7838)
• runtime: shorten default thread name to fit in Linux limit (#7880)
• signal: remember the result of SetConsoleCtrlHandler (#7833)
• signal: specialize windows Registry (#7885)

Fixed

• io: always cleanup AsyncFd registration list on deregister (#7773)
• macros: remove (most) local use declarations in tokio::select! (#7929)
• net: fix GET_BUF_SIZE constant for target_os = "android" (#7889)
• runtime: avoid redundant unpark in current_thread scheduler (#7834)
• runtime: don't park in current_thread if before_park defers waker (#7835)
• io: fix write readiness on ESP32 on short writes (#7872)
• runtime: wake deferred tasks before entering block_in_place (#7879)
• sync: drop rx waker when oneshot receiver is dropped (#7886)
• runtime: fix double increment of num_idle_threads on shutdown (#7910, #7918, #7922)

Unstable

• fs: check for io-uring opcode support (#7815)
• runtime: avoid lock acquisition after uring init (#7850)

Documented

• docs: update outdated unstable features section (#7839)
• io: clarify the behavior of AsyncWriteExt::shutdown() (#7908)
• io: explain how to flush stdout/stderr (#7904)
• io: fix incorrect and confusing AsyncWrite documentation (#7875)
• rt: clarify the documentation of Runtime::spawn (#7803)
• rt: fix missing quotation in docs (#7925)
• runtime: correct the default thread name in docs (#7896)
• runtime: fix event_interval doc (#7932)
• sync: clarify RwLock fairness documentation (#7919)
• sync: clarify that recv returns None once closed and no more messages (#7920)
• task: clarify when to use spawn_blocking vs dedicated threads (#7923)
• task: doc that task drops before JoinHandle completion (#7825)
• signal: guarantee that listeners never return None (#7869)
• task: fix task module feature flags in docs (#7891)

... (truncated)

Commits

• 0273e45 chore: prepare Tokio v1.50.0 (#7934)
• e3ee4e5 chore: prepare tokio-macros v2.6.1 (#7943)
• 8c980ea io: add write_all_vectored to tokio-util (#7768)
• e35fd6d ci: fix patch during clippy step (#7935)
• 03fe44c runtime: fix event_interval doc (#7932)
• d18e5df io: fix race in Mock::poll_write (#7882)
• f21f269 runtime: fix race condition during the blocking pool shutdown (#7922)
• d81e8f0 macros: remove (most) local use declarations in tokio::select! (#7929)
• 25e7f26 rt: fix missing quotation in docs (#7925)
• e1a91ef util: fix typo in docs (#7926)
• Additional commits viewable in compare view

Updates hyper from 1.8.1 to 1.9.0

Release notes

Sourced from hyper's releases.

v1.9.0

Features

• client:
  • expose HTTP/2 current max stream count (#4026) (d51cb715)
  • add HTTP/2 max_local_error_reset_streams option (#4021) (57787459)
• error: add 'Error::is_parse_version_h2' method (393c77c7)
• http1: add UpgradeableConnection::into_parts (e21205cf)

Bug Fixes

• ffi: validate null pointers before dereferencing in request/response functions (#4038 (28e73ccd)
• http1:
  • allow keep-alive for chunked requests with trailers (#4043) (7211ec25, closes #4044)
  • use case-insensitive matching for trailer fields (#4011) (3b344cac, closes #4010)
  • use httparse config for Servers (#4002) (bcb8ec57, closes #3923)
• http2:
  • cancel sending client request body on response future drop (#4042) (5b17a69e, closes #4040)
  • non-utf8 char in Connection header may cause panic when calling to_str (#4019) (c36ca8a5)

Refactors and chores

• docs(error): add more information about is_incomplete_message by @​seanmonstar in hyperium/hyper#3978
• Run cargo-audit in CI to check for known vulnerabilities in dependencies. by @​f0rki in hyperium/hyper#3246
• refactor(http1): simplify match of Token parse error by @​seanmonstar in hyperium/hyper#3981
• refactor(http1): use saturating_sub instead of manual impl by @​seanmonstar in hyperium/hyper#3983
• refactor(http1): replace many args of Chunked::step with struct by @​seanmonstar in hyperium/hyper#3982
• docs: fix comment in put_slice() by @​coryan in hyperium/hyper#3986
• test(lib): fix unused warnings due to feature gating test imports by @​seanmonstar in hyperium/hyper#3997
• docs: improve Read trait and ReadBufCursor documentation by @​majiayu000 in hyperium/hyper#4000
• fix: use h1 parser config when parsing server req by @​0xPoe in hyperium/hyper#4002
• test(server): fix flaky disable_keep_alive_mid_request by @​seanmonstar in hyperium/hyper#4009
• chore(ci): update to actions/checkout@v6 by @​tottoto in hyperium/hyper#4005
• chore(ci): update to cargo-check-external-types 0.4.0 by @​tottoto in hyperium/hyper#4006
• update copyright year to 2026 by @​jasmyhigh in hyperium/hyper#4007
• refactor: avoid unwrap examples by @​0xPoe in hyperium/hyper#4001
• fix(http1): use case-insensitive matching for trailer fields by @​HueCodes in hyperium/hyper#4011
• chore: convert bug report template to GitHub form by @​njg7194 in hyperium/hyper#4015
• chore(ci): force toml mode in yq selecting msrv by @​seanmonstar in hyperium/hyper#4020
• fix: non-utf8 char may cause panic when calling to_str by @​cuiweixie in hyperium/hyper#4019
• feat(http2/client): add max_local_error_reset_streams option by @​ffuugoo in hyperium/hyper#4021
• chore: drop pin-utils dependency by @​tottoto in hyperium/hyper#4023
• [minor] doc: Fix HTTP/2 max concurrent stream link by @​dentiny in hyperium/hyper#4037
• fix(ffi): validate null pointers before dereferencing in request/resp… by @​DhruvaD1 in hyperium/hyper#4038
• h2: expose current max stream count by @​howardjohn in hyperium/hyper#4026
• fix(http1): allow keep-alive for chunked requests with trailers by @​wi-adam in hyperium/hyper#4043
• fix(http2): cancel pipe_task and send RST_STREAM on response future drop by @​mmishra100 in hyperium/hyper#4042
• Add APIs to allow switching an HTTP1 connection to HTTP2 if H2 preface is seen by @​pborzenkov in hyperium/hyper#3996

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.9.0 (2026-03-31)

Bug Fixes

• ffi: validate null pointers before dereferencing in request/response functions (#4038 (28e73ccd)
• http1:
  • allow keep-alive for chunked requests with trailers (#4043) (7211ec25, closes #4044)
  • use case-insensitive matching for trailer fields (#4011) (3b344cac, closes #4010)
  • use httparse config for Servers (#4002) (bcb8ec57, closes #3923)
• http2:
  • cancel sending client request body on response future drop (#4042) (5b17a69e, closes #4040)
  • non-utf8 char in Connection header may cause panic when calling to_str (#4019) (c36ca8a5)

Features

• client:
  • expose HTTP/2 current max stream count (#4026) (d51cb715)
  • add HTTP/2 max_local_error_reset_streams option (#4021) (57787459)
• error: add 'Error::is_parse_version_h2' method (393c77c7)
• http1: add UpgradeableConnection::into_parts (e21205cf)

Commits

• 0d6c7d5 v1.9.0
• e21205c feat(http1): add UpgradeableConnection::into_parts
• 393c77c feat(error): add 'Error::is_parse_version_h2' method
• 5b17a69 fix(http2): cancel sending client request body on response future drop (#4042)
• 7211ec2 fix(http1): allow keep-alive for chunked requests with trailers (#4043)
• d51cb71 feat(client): expose HTTP/2 current max stream count (#4026)
• 28e73cc fix(ffi): validate null pointers before dereferencing in request/response fun...
• e13e783 docs(client): fix HTTP/2 max concurrent stream link to spec (#4037)
• 8ba9008 chore(dependencies): drop pin-utils dependency (#4023)
• 5778745 feat(client): add HTTP/2 max_local_error_reset_streams option (#4021)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[kmesh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign hzxuzhonghu for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment