build(deps): bump bytes from 1.11.1 to 1.12.0

[dependabot]

Bumps bytes from 1.11.1 to 1.12.0.

Release notes

Sourced from bytes's releases.

Bytes v1.12.0

1.12.0 (June 18th, 2026)

Added

• Add BytesMut::extend_from_within() (#818)
• Add BytesMut::try_unsplit() (#746)

Fixed

• Fix panic in get_int if nbytes is zero (#806)

Changed

• Pass vtable data by value (#826)
• Exclude development scripts from published package (#810)

Documented

• Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)

Changelog

Sourced from bytes's changelog.

1.12.0 (June 18th, 2026)

Added

• Add BytesMut::extend_from_within() (#818)
• Add BytesMut::try_unsplit() (#746)

Fixed

• Fix panic in get_int if nbytes is zero (#806)

Changed

• Pass vtable data by value (#826)
• Exclude development scripts from published package (#810)

Documented

• Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capacity (#808)

Commits

• 91402ce Release bytes v1.12.0 (#831)
• 2256e6d chore: add safety comments on unsafe blocks (#827)
• 245adff Pass vtable data by value (#826)
• 00cc5ff Implement BytesMut::extend_from_within (#818)
• 5b79d31 Merge tag 'v1.11.1'
• 804ee6d Make try_unsplit method public (#746)
• fd426ca Exclude development scripts from published package (#810)
• b4ed70d Add test for copy_to_bytes() -> BytesMut avoiding clone (#809)
• 94e4291 Document that BytesMut::{reserve,try_reserve} doesn't preserve unused capac...
• acd1e0f Fix get_int if nbytes is zero (#806)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
cargo/bytes	1.12.0	🟢 5.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 9 security policy file detected Maintained ⚠️ 2 2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• Cargo.lock