Skip to content

Bump the cargo group across 4 directories with 4 updates#905

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/cargo-7d692c5610
Open

Bump the cargo group across 4 directories with 4 updates#905
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/cargo-7d692c5610

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the cargo group with 4 updates in the / directory: rand, openssl, quinn-proto and rustls-webpki.
Bumps the cargo group with 4 updates in the /helix-cli directory: rand, openssl, quinn-proto and rustls-webpki.
Bumps the cargo group with 3 updates in the /helix-container directory: rand, openssl and rustls-webpki.
Bumps the cargo group with 1 update in the /hql-tests directory: rustls-webpki.

Updates rand from 0.9.1 to 0.9.3

Changelog

Sourced from rand's changelog.

[0.9.3] — 2026-02-11

This release back-ports a fix from v0.10. See also #1763.

Changes

  • Deprecate feature log (#1764)
  • Replace usages of doc_auto_cfg (#1764)

#1763: rust-random/rand#1763

[0.9.2] — 2025-07-20

Deprecated

  • Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

  • Enable WeightedIndex<usize> (de)serialization (#1646)
Commits

Updates openssl from 0.10.72 to 0.10.79

Release notes

Sourced from openssl's releases.

openssl-v0.10.79

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79

openssl-v0.10.78

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.77...openssl-v0.10.78

openssl-v0.10.77

What's Changed

... (truncated)

Commits
  • 649f2d9 Release openssl 0.10.79 and openssl-sys 0.9.115 (#2632)
  • 257f9b2 Fix output buffer overflow for AES key-wrap-with-padding ciphers (#2630)
  • d43e917 Reject non-UTF-8 OCSP responder URLs in X509Ref::ocsp_responders (#2631)
  • f46519c Add PkeyCtxRef::set_context_string for ML-DSA (#2629)
  • ad9ae31 Bind OSSL_PARAM_modified and use it for seed_into (#2628)
  • 4e25c9b Fix process abort when verify/PSK callbacks fire after SSL_CTX swap (#2624)
  • 3dd8f42 Add PKeyRef::seed_into for ML-DSA/ML-KEM seed extraction (#2626)
  • 2c5e5a8 parallelize more builds in CI for cold caches (#2625)
  • 6685591 Add PKey::private_key_from_seed for ML-DSA/ML-KEM key import (#2621)
  • 8f8fdce Drop once_cell in favor of std::sync::{LazyLock, OnceLock} (#2623)
  • Additional commits viewable in compare view

Updates quinn-proto from 0.11.13 to 0.11.14

Release notes

Sourced from quinn-proto's releases.

quinn-proto 0.11.14

@​jxs reported a denial of service issue in quinn-proto 5 days ago:

We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.

Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.

What's Changed

Commits
  • 2c315aa proto: bump version to 0.11.14
  • 8ad47f4 Use newer rustls-pki-types PEM parser API
  • c81c028 ci: fix workflow syntax
  • 0050172 ci: pin wasm-bindgen-cli version
  • 8a6f82c Take semver-compatible dependency updates
  • e52db4a Apply suggestions from clippy 1.91
  • 6df7275 chore: Fix unnecessary_unwrap clippy
  • c8eefa0 proto: avoid unwrapping varint decoding during parameters parsing
  • 9723a97 fuzz: add fuzzing target for parsing transport parameters
  • eaf0ef3 Fix over-permissive proto dependency edge (#2385)
  • Additional commits viewable in compare view

Updates rustls-webpki from 0.103.1 to 0.103.3

Release notes

Sourced from rustls-webpki's releases.

0.103.3

Add support for RSA signature algorithms that don't include parameters. Per RFC 4055 section 5, implementations of the SHA-1/SHA-2 one-way hash functions "MUST accept the parameters being absent as well as present".

What's Changed

0.103.2

  • Maintain context for key usage mismatch errors in order to make them easier to interpret.
  • Accept certificates with an empty extension sequence.

What's Changed

Commits
  • 34a2392 Bump version to 0.103.3
  • 16abda1 Support RSA PKCS#1 signatures with absent parameters
  • 0ac75b1 cargo-check-external-types: update toolchain
  • 1e923bf ci: enable triggering CI workflow manually
  • f4a8783 ci: skip push triggers for most branches
  • 9cf30f6 Bump version to 0.103.2
  • baac0b0 Maintain context for key usage mismatch errors
  • 85d885d tests: remove test certs for client_auth tests
  • 7badc0e tests: move check_cert() down
  • 5b3dae1 tests: use rcgen for client_auth tests
  • Additional commits viewable in compare view

Updates rand from 0.8.5 to 0.8.6

Changelog

Sourced from rand's changelog.

[0.9.3] — 2026-02-11

This release back-ports a fix from v0.10. See also #1763.

Changes

  • Deprecate feature log (#1764)
  • Replace usages of doc_auto_cfg (#1764)

#1763: rust-random/rand#1763

[0.9.2] — 2025-07-20

Deprecated

  • Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

  • Enable WeightedIndex<usize> (de)serialization (#1646)
Commits

Updates openssl from 0.10.75 to 0.10.79

Release notes

Sourced from openssl's releases.

openssl-v0.10.79

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79

openssl-v0.10.78

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.77...openssl-v0.10.78

openssl-v0.10.77

What's Changed

... (truncated)

Commits
  • 649f2d9 Release openssl 0.10.79 and openssl-sys 0.9.115 (#2632)
  • 257f9b2 Fix output buffer overflow for AES key-wrap-with-padding ciphers (#2630)
  • d43e917 Reject non-UTF-8 OCSP responder URLs in X509Ref::ocsp_responders (#2631)
  • f46519c Add PkeyCtxRef::set_context_string for ML-DSA (#2629)
  • ad9ae31 Bind OSSL_PARAM_modified and use it for seed_into (#2628)
  • 4e25c9b Fix process abort when verify/PSK callbacks fire after SSL_CTX swap (#2624)
  • 3dd8f42 Add PKeyRef::seed_into for ML-DSA/ML-KEM seed extraction (#2626)
  • 2c5e5a8 parallelize more builds in CI for cold caches (#2625)
  • 6685591 Add PKey::private_key_from_seed for ML-DSA/ML-KEM key import (#2621)
  • 8f8fdce Drop once_cell in favor of std::sync::{LazyLock, OnceLock} (#2623)
  • Additional commits viewable in compare view

Updates quinn-proto from 0.11.13 to 0.11.14

Release notes

Sourced from quinn-proto's releases.

quinn-proto 0.11.14

@​jxs reported a denial of service issue in quinn-proto 5 days ago:

We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.

Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.

What's Changed

Commits
  • 2c315aa proto: bump version to 0.11.14
  • 8ad47f4 Use newer rustls-pki-types PEM parser API
  • c81c028 ci: fix workflow syntax
  • 0050172 ci: pin wasm-bindgen-cli version
  • 8a6f82c Take semver-compatible dependency updates
  • e52db4a Apply suggestions from clippy 1.91
  • 6df7275 chore: Fix unnecessary_unwrap clippy
  • c8eefa0 proto: avoid unwrapping varint decoding during parameters parsing
  • 9723a97 fuzz: add fuzzing target for parsing transport parameters
  • eaf0ef3 Fix over-permissive proto dependency edge (#2385)
  • Additional commits viewable in compare view

Updates rustls-webpki from 0.103.9 to 0.103.13

Release notes

Sourced from rustls-webpki's releases.

0.103.3

Add support for RSA signature algorithms that don't include parameters. Per RFC 4055 section 5, implementations of the SHA-1/SHA-2 one-way hash functions "MUST accept the parameters being absent as well as present".

What's Changed

0.103.2

  • Maintain context for key usage mismatch errors in order to make them easier to interpret.
  • Accept certificates with an empty extension sequence.

What's Changed

Commits
  • 34a2392 Bump version to 0.103.3
  • 16abda1 Support RSA PKCS#1 signatures with absent parameters
  • 0ac75b1 cargo-check-external-types: update toolchain
  • 1e923bf ci: enable triggering CI workflow manually
  • f4a8783 ci: skip push triggers for most branches
  • 9cf30f6 Bump version to 0.103.2
  • baac0b0 Maintain context for key usage mismatch errors
  • 85d885d tests: remove test certs for client_auth tests
  • 7badc0e tests: move check_cert() down
  • 5b3dae1 tests: use rcgen for client_auth tests
  • Additional commits viewable in compare view

Updates rand from 0.9.2 to 0.9.3

Changelog

Sourced from rand's changelog.

[0.9.3] — 2026-02-11

This release back-ports a fix from v0.10. See also #1763.

Changes

  • Deprecate feature log (#1764)
  • Replace usages of doc_auto_cfg (#1764)

#1763: rust-random/rand#1763

[0.9.2] — 2025-07-20

Deprecated

  • Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

  • Enable WeightedIndex<usize> (de)serialization (#1646)
Commits

Updates openssl from 0.10.75 to 0.10.79

Release notes

Sourced from openssl's releases.

openssl-v0.10.79

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79

openssl-v0.10.78

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.77...openssl-v0.10.78

openssl-v0.10.77

What's Changed

... (truncated)

Commits

Comments Outside Diff (1)

  1. helix-cli/Cargo.lock, line 1089-1140 (link)

    P1 Unrelated packages introduced beyond the stated dependency bumps

    helix-cli/Cargo.lock includes significantly more than the four packages named in the PR description. New crates pulled in include helix-enterprise-ql 0.1.7 (a closed-source crate published to crates.io), aws-lc-rs 1.16.3 / aws-lc-sys 0.40.0 (AWS's crypto library with a native C build), reqwest 0.13.3 (a second major reqwest version now present alongside 0.12.28), jni/jni-macros/jni-sys 0.4.1 (JNI bindings), and cmake/fs_extra/dunce. The helix-cli package itself is also bumped from 2.2.7 → 2.3.4 with new direct dependencies (base64, sha2, thiserror, tui-banner). None of these appear in the changed files list for helix-cli/Cargo.toml, suggesting the lock file was regenerated against a Cargo.toml that is ahead of main or was modified outside this PR. This makes the PR scope much larger than advertised and warrants explicit review of helix-enterprise-ql in particular, as it is an external published crate with its own dependency chain (including reqwest 0.13).

Reviews (1): Last reviewed commit: "Bump the cargo group across 4 directorie..." | Re-trigger Greptile

@dependabot
Bump the cargo group across 4 directories with 4 updates
948473d 
Bumps the cargo group with 4 updates in the / directory: [rand](https://github.com/rust-random/rand), [openssl](https://github.com/rust-openssl/rust-openssl), [quinn-proto](https://github.com/quinn-rs/quinn) and [rustls-webpki](https://github.com/rustls/webpki).
Bumps the cargo group with 4 updates in the /helix-cli directory: [rand](https://github.com/rust-random/rand), [openssl](https://github.com/rust-openssl/rust-openssl), [quinn-proto](https://github.com/quinn-rs/quinn) and [rustls-webpki](https://github.com/rustls/webpki).
Bumps the cargo group with 3 updates in the /helix-container directory: [rand](https://github.com/rust-random/rand), [openssl](https://github.com/rust-openssl/rust-openssl) and [rustls-webpki](https://github.com/rustls/webpki).
Bumps the cargo group with 1 update in the /hql-tests directory: [rustls-webpki](https://github.com/rustls/webpki).


Updates `rand` from 0.9.1 to 0.9.3
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.3/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.1...0.9.3)

Updates `openssl` from 0.10.72 to 0.10.79
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.72...openssl-v0.10.79)

Updates `quinn-proto` from 0.11.13 to 0.11.14
- [Release notes](https://github.com/quinn-rs/quinn/releases)
- [Commits](quinn-rs/quinn@quinn-proto-0.11.13...quinn-proto-0.11.14)

Updates `rustls-webpki` from 0.103.1 to 0.103.3
- [Release notes](https://github.com/rustls/webpki/releases)
- [Commits](rustls/webpki@v/0.103.1...v/0.103.3)

Updates `rand` from 0.8.5 to 0.8.6
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.3/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.1...0.9.3)

Updates `openssl` from 0.10.75 to 0.10.79
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.72...openssl-v0.10.79)

Updates `quinn-proto` from 0.11.13 to 0.11.14
- [Release notes](https://github.com/quinn-rs/quinn/releases)
- [Commits](quinn-rs/quinn@quinn-proto-0.11.13...quinn-proto-0.11.14)

Updates `rustls-webpki` from 0.103.9 to 0.103.13
- [Release notes](https://github.com/rustls/webpki/releases)
- [Commits](rustls/webpki@v/0.103.1...v/0.103.3)

Updates `rand` from 0.9.2 to 0.9.3
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.3/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.1...0.9.3)

Updates `openssl` from 0.10.75 to 0.10.79
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.72...openssl-v0.10.79)

Updates `rustls-webpki` from 0.103.9 to 0.103.13
- [Release notes](https://github.com/rustls/webpki/releases)
- [Commits](rustls/webpki@v/0.103.1...v/0.103.3)

Updates `rustls-webpki` from 0.103.7 to 0.103.13
- [Release notes](https://github.com/rustls/webpki/releases)
- [Commits](rustls/webpki@v/0.103.1...v/0.103.3)

---
updated-dependencies:
- dependency-name: rand
  dependency-version: 0.9.3
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.79
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: quinn-proto
  dependency-version: 0.11.14
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rustls-webpki
  dependency-version: 0.103.3
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rand
  dependency-version: 0.8.6
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.79
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: quinn-proto
  dependency-version: 0.11.14
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rustls-webpki
  dependency-version: 0.103.13
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rand
  dependency-version: 0.9.3
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.79
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rustls-webpki
  dependency-version: 0.103.13
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rustls-webpki
  dependency-version: 0.103.13
  dependency-type: indirect
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 6, 2026
@dependabot dependabot Bot mentioned this pull request May 6, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants