Bump the dependencies group with 2 updates

[dependabot]

Updates the requirements on trillium and trillium-testing to permit the latest version.
Updates trillium to 1.3.0

Release notes

Sourced from trillium's releases.

trillium-http-v1.3.0

Added

• Upgrade::send_trailers(self, &Headers) -> io::Result<()> — emit trailing headers and finish the outbound stream. On HTTP/1.1 with Transfer-Encoding: chunked set on the response, writes the last-chunk marker, trailer section, and final CRLF, then closes the transport. On HTTP/2, enqueues a trailing HEADERS frame with END_STREAM via the connection driver. On HTTP/3, encodes a trailing HEADERS frame via QPACK and closes the stream. On HTTP/1.x without chunked framing trailers are dropped with a log::warn!.
• Upgrade::received_trailers() -> Option<&Headers> (with _mut and take_ variants) — inbound trailers carried across the upgrade transition or decoded by the post-upgrade inbound state machine.

Changed

• Upgrade::request_headers and associated accessors are deprecated in preference to Upgrade::received_headers
• Upgrade::response_headers and associated accessors are deprecated in preference to Upgrade::sent_headers

Fixed

• HTTP/2 requests did not prevent graceful shutdown. Now they do.
• The AsyncWrite/AsyncRead implementations on Upgrade now correctly applies per-protocol framing/deframing instead of raw passthrough. Previously, only HTTP/2 applied framing. Now, HTTP/1.1 with Transfer-Encoding: chunked headers encodes/decodes appropriate chunk framing, and HTTP/3 encodes/decodes DATA framing. HTTP/1.x without Transfer-Encoding: Chunked continues to pass through transparently.
• Reading an HTTP/1.1 chunked-encoded body — request bodies in the server role, response bodies in the client role — could in rare cases fail to decode despite the wire being well-formed, surfacing as one of chunk header too long, invalid chunk size, ConnectionAborted, or UnexpectedEof. The triggers all sat at the intersection of partial chunk-size headers (caused by transport segmentation landing inside the few-byte chunk-size header window) and content already buffered for processing (either residual from the conn's pre-read scratch, or partial header bytes stashed by a prior poll). Well-behaved clients use sensible chunk sizes, and reverse proxies typically re-frame chunked bodies before forwarding to the backend, so traffic in typical deployments was very unlikely to hit any of these. Decode errors are now surfaced only for genuinely malformed bodies or actual transport closure. Outbound chunked encoding (the write path in either role) was never affected.
• Client-role responses from HTTP/1.0 servers that omit Content-Length (read-to-close framing) now decode correctly. Previously these surfaced as chunked-decode errors because the inbound body was routed through the chunked decoder.

Commits

• 2a246ba docs: fix intra doc links
• b669200 feat(smol): add reuseport fanout
• 9fc0969 chore: release Listeners/ListenerConfig
• 422121c feat: Listeners and ListenerConfig
• 185ee0a feat(logger): Logger::without_init_message
• c9bbdaa chore(static): release 0.6.1
• 1a383cc feat(static): resolved directory
• 34299f1 chore(rustls): release 0.11.2
• 55f097d feat(rustls): add RustlsClientConfig::from_root_cert_pem and dangerously_acce...
• f79ac12 fix(rustls): add support for ip-based certs
• Additional commits viewable in compare view

Updates trillium-testing to 0.10.0

Release notes

Sourced from trillium-testing's releases.

trillium-testing-v0.10.0

Changed

• Compatible with trillium-client 0.9

Commits

• ec6c99f chore(testing): release trillium-testing 0.10
• 2c936cd fix(cookies): had a * dev dep
• 7f75847 chore(static): release trillium-static 0.6
• 2e34a52 chore(client): release 0.9.1
• f289b41 chore(trillium): release 1.2.0
• 221b41c chore(http): release http-1.3.0
• f2fb57f ci: add a timeout and retry to nextest
• be0ebcd docs(guide): update library patterns mention of stateset
• f6da546 feat(caching-headers): add support for cdn-cache-control
• 413d1a1 fix(caching-headers)!: infallible CacheControlHeader::parse, rename MaxFresh ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions