Major version bump tracking (askama 0.15, reqwest 0.13, sha2 0.11, rand 0.10, strum 0.28, pg-core 0.5)

[dobby-coder]

Tracks outstanding major / breaking dependency bumps. Filed by Dobby per request in encryption4all/dobby#25.

Snapshot from cargo outdated -R on 2026-04-28:

• askama 0.14.0 → 0.15.6
• pg-core 0.3.1 → 0.5.10
• rand 0.9.4 → 0.10.1
• reqwest 0.12.28 → 0.13.3
• sha2 0.10.9 → 0.11.0
• strum 0.27.2 → 0.28.0
• strum_macros 0.27.2 → 0.28.0

Per the 2026-04-21 dep-landscape memo: askama, reqwest, sha2, rand all have API churn at these majors. Dobby will attempt the safest single bump (strum 0.28) as a draft PR if feasible; the rest need maintainer review.