Skip to content

build(deps): bump the crates-io group with 4 updates #202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build(deps): bump the crates-io group with 4 updates #202

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 29, 2025

Bumps the crates-io group with 4 updates: schannel, rustls, rustls-webpki and tempfile.

Updates schannel from 0.1.27 to 0.1.28

Commits
  • e3ed535 chore: update MSRV to 1.71
  • 9841f88 chore: given need for 1 minor build fix, use that chance to also update to 0....
  • ea1d1d1 Merge pull request #114 from dpaoliello/windowssys
  • acc6204 chore: no reason to track self-signed.badssl.com.cer in repo, since they freq...
  • 8b31aec Add the missing sha1 file
  • 141dab0 Bump windows-sys to 0.60
  • See full diff in compare view

Updates rustls from 0.23.31 to 0.23.32

Commits
  • 6a188a7 Take semver-compatible updates
  • 5abe33e Prepare 0.23.32
  • d3c502e Improve compatibility of TLS1.2 with ECDSA+SHA512
  • ef7063d take webpki 0.103.5
  • 77a0148 ci-bench: RUSTSEC-2025-0057 fxhash -> rustc-hash
  • 1492c95 Fix clippy::needless_borrows_for_generic_args
  • e029d31 cargo-check-external-types: take updated nightly
  • 2d03fa7 Remove test of async-std example
  • 20f548a Withdraw use of async-std in example code
  • 0cb4244 Track 1.89 lint changes
  • Additional commits viewable in compare view

Updates rustls-webpki from 0.103.4 to 0.103.6

Release notes

Sourced from rustls-webpki's releases.

0.103.6

The extensible EKU validation released as part of 0.103.5 was actually not usable due to missing type exports, and contained a regression where empty ExtendedKeyUsage extensions would not trigger an error. Both issues are fixed in this release.

What's Changed

0.103.5

  • New feature: support verification of P256+SHA512 and P384-SHA512 ECDSA signatures with aws-lc-rs. This is not a recommended combination, but such signatures exist in the wild.

What's Changed

Full Changelog: rustls/webpki@v/0.103.4...v/0.103.5

Commits
  • b88328a Bump version to 0.103.6
  • 54f896f Error on empty EKU extensions
  • 6157541 Export more types to enable ExtendedKeyUsageValidator implementations
  • 064a68b Prepare 0.103.5
  • f6fbb2a Support P256+SHA512 and P384+SHA512
  • 41cc1fc Take aws-lc-rs 1.14.0
  • ac0500d build(deps): bump actions/setup-python from 5 to 6
  • 57fa975 Extract trait for ExtendedKeyUsage validation
  • 6700208 Move ExtendedKeyUsage::check() to KeyUsage
  • 260cb69 Extract KeyPurposeId iteration from ExtendedKeyUsage::check()
  • Additional commits viewable in compare view

Updates tempfile from 3.21.0 to 3.23.0

Changelog

Sourced from tempfile's changelog.

3.23.0

  • Remove need for the "nightly" feature to compile with "wasip2".

3.22.0

  • Updated windows-sys requirement to allow version 0.61.x
  • Remove unstable-windows-keep-open-tempfile feature.
Commits
  • fe9f4a3 chore: release v3.23.0 (#381)
  • 006c3fd fix: use std::os::fd instead of std::os::wasi (#380)
  • b0e6309 doc: Update COPYRIGHT link (#377)
  • 2d6fc3f Fix formatting in Builder::disable_cleanup documentation (#375)
  • f720dbe chore: release 3.22.0
  • 55d742c chore: remove deprecated unstable feature flag
  • bc41a0b build(deps): update windows-sys requirement from >=0.52, <0.61 to >=0.52, <0....
  • 3c55387 test: make sure we don't drop tempdirs early (#373)
  • 17bf644 doc(builder): clarify permissions (#372)
  • c7423f1 doc(env): document the alternative to setting the tempdir (#371)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the crates-io group with 4 updates
e784bb3 
Bumps the crates-io group with 4 updates: [schannel](https://github.com/steffengy/schannel-rs), [rustls](https://github.com/rustls/rustls), [rustls-webpki](https://github.com/rustls/webpki) and [tempfile](https://github.com/Stebalien/tempfile).


Updates `schannel` from 0.1.27 to 0.1.28
- [Release notes](https://github.com/steffengy/schannel-rs/releases)
- [Commits](steffengy/schannel-rs@v0.1.27...v0.1.28)

Updates `rustls` from 0.23.31 to 0.23.32
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.31...v/0.23.32)

Updates `rustls-webpki` from 0.103.4 to 0.103.6
- [Release notes](https://github.com/rustls/webpki/releases)
- [Commits](rustls/webpki@v/0.103.4...v/0.103.6)

Updates `tempfile` from 3.21.0 to 3.23.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](Stebalien/tempfile@v3.21.0...v3.23.0)

---
updated-dependencies:
- dependency-name: schannel
  dependency-version: 0.1.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crates-io
- dependency-name: rustls
  dependency-version: 0.23.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crates-io
- dependency-name: rustls-webpki
  dependency-version: 0.103.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crates-io
- dependency-name: tempfile
  dependency-version: 3.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crates-io
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Sep 29, 2025
@djc djc closed this Sep 29, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 29, 2025

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/cargo/crates-io-01b585da6c branch September 29, 2025 05:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@djc