From bed44052edbdb2bade3d63610b1ccc26cd13e8be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Apr 2026 08:34:05 +0000
Subject: [PATCH] deps: bump rustls from 0.23.28 to 0.23.38

Bumps [rustls](https://github.com/rustls/rustls) from 0.23.28 to 0.23.38.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.28...v/0.23.38)

---
updated-dependencies:
- dependency-name: rustls
  dependency-version: 0.23.38
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Cargo.lock                 | 19 ++++++++++---------
 transports/quic/Cargo.toml |  2 +-
 transports/tls/Cargo.toml  |  2 +-
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index ab0dd1b8fd6..1c97b939b9b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1957,7 +1957,7 @@ dependencies = [
  "libc",
  "percent-encoding",
  "pin-project-lite",
- "socket2 0.5.9",
+ "socket2 0.6.3",
  "system-configuration 0.6.1",
  "tokio",
  "tower-service",
@@ -4306,7 +4306,7 @@ dependencies = [
  "quinn-udp",
  "rustc-hash",
  "rustls",
- "socket2 0.5.9",
+ "socket2 0.6.3",
  "thiserror 2.0.18",
  "tokio",
  "tracing",
@@ -4849,9 +4849,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.23.28"
+version = "0.23.38"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7160e3e10bf4535308537f3c4e1641468cd0e485175d6163087c0393c7d46643"
+checksum = "69f9466fb2c14ea04357e91413efb882e2a6d4a406e625449bc0a5d360d53a21"
 dependencies = [
  "once_cell",
  "ring",
@@ -4863,18 +4863,19 @@ dependencies = [
 
 [[package]]
 name = "rustls-pki-types"
-version = "1.11.0"
+version = "1.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c"
+checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd"
 dependencies = [
  "web-time",
+ "zeroize",
 ]
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.3"
+version = "0.103.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e4a72fe2bcf7a6ac6fd7d0b9e5cb68aeb7d4c0a0271730218b3e92d43b4eb435"
+checksum = "20a6af516fea4b20eccceaf166e8aa666ac996208e8a644ce3ef5aa783bc7cd4"
 dependencies = [
  "ring",
  "rustls-pki-types",
@@ -5452,7 +5453,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd"
 dependencies = [
  "fastrand",
- "getrandom 0.3.2",
+ "getrandom 0.4.2",
  "once_cell",
  "rustix 1.1.4",
  "windows-sys 0.61.2",
diff --git a/transports/quic/Cargo.toml b/transports/quic/Cargo.toml
index 9e98ec13667..378cbf6f9dc 100644
--- a/transports/quic/Cargo.toml
+++ b/transports/quic/Cargo.toml
@@ -17,7 +17,7 @@ libp2p-tls = { workspace = true }
 libp2p-identity = { workspace = true }
 quinn = { version = "0.11.9", default-features = false, features = ["rustls", "futures-io"] }
 rand = "0.8.5"
-rustls = { version = "0.23.28", default-features = false }
+rustls = { version = "0.23.38", default-features = false }
 thiserror = { workspace = true }
 tokio = { workspace = true, default-features = false, features = ["net", "rt", "time"], optional = true }
 tracing = { workspace = true }
diff --git a/transports/tls/Cargo.toml b/transports/tls/Cargo.toml
index 3fca147a10f..6fbb3fd57c3 100644
--- a/transports/tls/Cargo.toml
+++ b/transports/tls/Cargo.toml
@@ -22,7 +22,7 @@ yasna = "0.5.2"
 
 # Exposed dependencies. Breaking changes to these are breaking changes to us.
 [dependencies.rustls]
-version = "0.23.28"
+version = "0.23.38"
 default-features = false
 features = ["ring", "std"] # Must enable this to allow for custom verification code.