chore(deps): bump the prod-deps group across 1 directory with 14 updates

[dependabot]

Bumps the prod-deps group with 14 updates in the / directory:

Package	From	To
diesel	2.3.6	2.3.9
diesel-async	0.7.4	0.9.0
diesel_migrations	2.3.1	2.3.2
cadence	1.7.0	1.8.0
deadpool	0.12.3	0.13.0
env_logger	0.11.9	0.11.10
hkdf	0.12.4	0.13.0
hmac	0.12.1	0.13.0
reqwest	0.13.2	0.13.3
sha2	0.10.9	0.11.0
uuid	1.22.0	1.23.1
config	0.15.19	0.15.22
protobuf	2.28.0	3.7.2
pyo3	0.28.2	0.28.3

Updates diesel from 2.3.6 to 2.3.9

Changelog

Sourced from diesel's changelog.

[2.3.9] 2026-04-30

• Removed a dbg! statement from the Mysql backend that caused unwanted output
• Fix a regression in #[derive(AsChangeset)] introduced in 2.3.8 where structs with a type or const generic parameter referenced in a field type failed to compile with error[E0425]: cannot find type 'T' in this scope. The diagnostic helper functions added to improve AsChangeset error messages now forward all generic parameters of the input struct, not only lifetimes.

[2.3.8] 2026-04-24

• Added support for libsqlite3-sys 0.37.0
• Raise a compile-time error when mixing aggregate and non-aggregate expressions in an ORDER BY clause without a GROUP BY clause
• Calling .count() or .select(aggregate_expr) on a query that already has a non-aggregate .order_by() clause now raises a compile-time error instead of generating invalid SQL that would be rejected by the database at runtime (fixes #3815)
• Added documentation for migration transaction behaviour at the crate root
• Improved compile time error messages for #[derive(AsChangeset)]
• Allow to use generic types in infix_operator!()
• Fixes for several instances of unsound, unspecified or otherwise dangerous behaviour:
  • Unsound string construction in SqliteValue::read_text/FromSql<Text, Sqlite> for String
  • Invalid alignment for over aligned data in SqliteConnection::register_function for aggregate functions
  • Potential memory leaks in SqliteConnection::register_function
  • Access to padding bytes while serializing Date/time types in the Mysql backend
  • SQL Option Injection in PostgreSQL COPY FROM/TO
  • Unspecified pointer cast in Debug/Display implementation of batch INSERT statements for SQLite
  • Invalid call order of SQLite API functions in SqliteValue::read_text/FromSql<Text, Sqlite> for String/SqliteValue::read_blob()/FromSql<Binary, Sqlite> for Vec<u8>
  • Potential unsound pointer access for FromSql<Binary, _> for Vec<u8> and FromSql<Text, _> for String for third party backends (requires changes to the third party backend as well)

[2.3.7] 2026-03-13

• Add support for libsqlite3-sys 0.36
• Fix a potential resource leak if establishing a SqliteConnection fails.

Commits

• 2e7eb35 Also bump derives version
• b3a16a3 Merge pull request #5046 from apastrana6/ap/fix-derive-as-changeset
• 9f0a6c1 Prepare a 2.3.9 release
• adcc896 Enable some clippy lints to prevent having dbg in a release again
• 66760df Remove MySQL time serializer debug output
• 58820dc Merge pull request #5036 from weiznich/prepare_2.3.8
• 895b5ba Prepare a 2.3.8 release
• ea008d3 Fix several UB instances
• 64003c6 Merge pull request #5034 from ayarotsky/fix-reject-aggregate-select-with-non-...
• 49b936e Merge pull request #5012 from ayarotsky/fix-aggregate-expressions-and-order-by
• Additional commits viewable in compare view

Updates diesel-async from 0.7.4 to 0.9.0

Release notes

Sourced from diesel-async's releases.

Diesel-Async 0.9.0

Changes

• Change all transaction related functions to accept an real async closure instead of the scoped boxed variant. This change requires adujsting all call sides of transaction based functions from conn.transaction(|conn| async move {/* your code */}.scoped_boxed()) to conn.transaction(async |conn| /* your code */)

Fixed

• Fixed an unsound access to padding values while deserializing Date/Time values in the mysql backend Thanks to @​paolobarbolini for finding this issue.

You can support the development of Diesel by:

• Contributing Code, Documentation or Guides. Checkout the planing for Diesel 2.4 for open tasks.
• Providing knowledge and help to maintain the MySQL/MariaDB backend. This is currently the only in-tree backend that is not used by any maintainers, so having someone around that actually uses this backend would be very helpful for the Diesel project.
• Answering questions in our discussion forum
• Reporting bugs in our issue tracker
• Helping triaging issues in our issue tracker
• Sponsoring the maintainers.

Full Changelog: diesel-rs/diesel_async@v0.8.0...v0.9.0

v0.8.0

What's Changed

• Added support for UpdateAndFetchResults for SyncConnectionWrapper, allowing to use save_changes
• Bumped supported deadpool version to 0.13
• Fixed a bug with postgres query pipelining that can cause panics
• Fixed a bug with the SyncConnectionWrapper that can cause panics if the future is dropped before completion

You can support the development of Diesel by:

• Contributing Code, Documentation or Guides. Checkout the planing for Diesel 2.4 for open tasks.
• Providing knowledge and help to maintain the MySQL/MariaDB backend. This is currently the only in-tree backend that is not used by any maintainers, so having someone around that actually uses this backend would be very helpful for the Diesel project.
• Answering questions in our discussion forum
• Reporting bugs in our issue tracker
• Helping triaging issues in our issue tracker
• Sponsoring the maintainers.

New Contributors

• @​epompeii made their first contribution in weiznich/diesel_async#272
• @​Hao2203 made their first contribution in weiznich/diesel_async#273
• @​766974616c79 made their first contribution in weiznich/diesel_async#275
• @​TheNeikos made their first contribution in weiznich/diesel_async#279
• @​dav-wolff made their first contribution in weiznich/diesel_async#283

Full Changelog: diesel-rs/diesel_async@v0.7.4...v0.8.0

Changelog

Sourced from diesel-async's changelog.

[0.9.0] - 2026-04-30

• Change all transaction related functions to accept an real async closure instead of the scoped boxed variant. This change requires adujsting all call sides of transaction based functions from conn.transaction(|conn| async move {/* your code */}.scoped_boxed()) to conn.transaction(async |conn| /* your code */)
• Fixed an unsound access to padding values while deserializing Date/Time values in the mysql backend Thanks to Paolo Barbolini for finding this issue.

[0.8.0] - 2026-03-20

• Added support for UpdateAndFetchResults for SyncConnectionWrapper, allowing to use save_changes
• Bumped supported deadpool version to 0.13
• Fixed a bug with postgres query pipelining that can cause panics
• Fixed a bug with the SyncConnectionWrapper that can cause panics if the future is dropped before completion

Commits

• 18f2c86 Merge pull request #285 from diesel-rs/fix/padding_access
• acc90e9 Prepare a 0.9 release
• ba3ed66 Merge pull request #284 from diesel-rs/async_closures
• 4e2fc54 Use real async closures for transactions
• 237ac09 Prepare 0.8.0
• 67e3e3f Merge pull request #282 from dav-wolff/fix-sync-connection-wrapper-panic
• 03caa1e Replace timeout based tests with more robust channel usage
• 7df84d8 Merge pull request #283 from dav-wolff/remove-unsafe-pin-projection
• b426870 Use pin_project_lite instead of manually pin-projecting
• 7dacba2 Remove pin-project dependency
• Additional commits viewable in compare view

Updates diesel_migrations from 2.3.1 to 2.3.2

Release notes

Sourced from diesel_migrations's releases.

Diesel 2.3.2

Fixed

• Fixed an incompatibility with libmariadb versions shipped by debian
• Fixed docs.rs builds
• Fixed applying patch file schema.rs file with formatting
• Allow to compare DatabaseErrorKind values

(Diesel 2.3.1 did not contain any changes beside the version bump to retrigger the docs.rs build)

Full Changelog: diesel-rs/diesel@v2.3.0...v2.3.2

You can support the development of Diesel by:

• Contributing Code, Documentation or Guides. Checkout the planing for Diesel 2.4 for open tasks.
• Providing knowledge and help to maintain the MySQL/MariaDB backend. This is currently the only in-tree backend that is not used by any maintainers, so having someone around that actually uses this backend would be very helpful for the Diesel project.
• Answering questions in our discussion forum
• Reporting bugs in our issue tracker
• Helping triaging issues in our issue tracker
• Sponsoring the maintainers.

Changelog

Sourced from diesel_migrations's changelog.

[2.3.2] 2025-09-19

Fixed

• Fixed an incompatibility with libmariadb versions shipped by debian
• Fixed docs.rs builds
• Fixed applying patch file schema.rs file with formatting
• Allow to compare DatabaseErrorKind values

Commits

• See full diff in compare view

Updates cadence from 1.7.0 to 1.8.0

Changelog

Sourced from cadence's changelog.

v1.8.0 - 2026-04-11

• Allow UDP sinks (UdpMetricSink, BufferedUdpMetricSink) to be configured to periodically re-resolve the hostname of the server that metrics are being sent to. Examples of this can be found in documentation for each sink, the README, or examples directory.

Commits

• e87353c Merge pull request #238 from 56quarters/version-bump
• b2c9453 chore: version bump for 1.8.0 release
• 26b8145 Merge pull request #237 from 56quarters/resolve-tests
• 9aaed19 Use resolving behavior in integration tests
• 01b1c6f Merge pull request #236 from 56quarters/resolver
• bcf702c feat: optionally re-resolve hosts for UDP sinks
• 58eae5a Merge pull request #235 from 56quarters/executor
• b497cd5 chore: extract QueuingMetricSink thread logic
• 2f085f0 Merge pull request #233 from 56quarters/more-versions
• cc9c31c chore: update rust-version in README and Cargo.toml
• Additional commits viewable in compare view

Updates deadpool from 0.12.3 to 0.13.0

Commits

• b134227 Release deadpool 0.13.0 and deadpool-sync 0.2.0
• 688234b Update lapin to version 4
• 362391f Release deadpool-runtime 0.3.1
• 70f1b93 Fix feature specific dependencies in READMEs
• 860570c Add rustdoc-args = ["--cfg", "docsrs"] to all Cargo.toml files
• 7a00e9c Fix deadpool CHANGELOG and improve yank explanation
• f9bd480 Update CHANGELOG why deadpool-sync 0.1.5 was yanked
• 4f6bd49 Update deadpool-runtime to version 0.3
• eef23c7 Fix small typo in README
• ffcf81e Released deadpool-runtime 0.3.0
• Additional commits viewable in compare view

Updates env_logger from 0.11.9 to 0.11.10

Release notes

Sourced from env_logger's releases.

v0.11.10

[0.11.10] - 2026-03-23

Internal

• Update dependencies

Changelog

Sourced from env_logger's changelog.

[0.11.10] - 2026-03-23

Internal

• Update dependencies

Commits

• 41320bf chore: Release
• de8c74f docs: Update changelog
• d550741 docs(gh): Add sponsor link
• 458b075 chore(deps): Update Rust Stable to v1.94 (#401)
• 8bc3fc3 Merge pull request #400 from epage/update
• 143fa64 chore: Upgrade incompatible
• b687a24 chore: Upgrade compatible
• 8cf1ba9 Merge pull request #397 from rust-cli/renovate/crate-ci-typos-1.x
• 094ecf7 Merge pull request #396 from rust-cli/renovate/crate-ci-committed-1.x
• 34ad626 chore(deps): Update pre-commit hook crate-ci/typos to v1.44.0
• Additional commits viewable in compare view

Updates hkdf from 0.12.4 to 0.13.0

Commits

• bfb3b20 hkdf v0.13.0 (#195)
• 8834f33 Workspace-level lint configuration (#194)
• b802abc Add Trusted Publishing config (#193)
• 9d0a675 hkdf v0.13.0-rc.6 (#192)
• c46732a Bump hmac to v0.13 (#191)
• 29c07ab Bump digest to v0.11 (#190)
• ef4a3ac build(deps): bump the all-deps group across 1 directory with 9 updates (#189)
• a163784 Bump dependencies (#183)
• 2919db3 build(deps): bump the all-deps group with 2 updates (#182)
• 450a0db hkdf v0.13.0-rc.4 (#181)
• Additional commits viewable in compare view

Updates hmac from 0.12.1 to 0.13.0

Commits

• 0236c8e hmac v0.13.0 (#263)
• b895e50 Migrate tests to the new blobby format (#264)
• 3d1440b Workspace-level lint configuration (#261)
• 11d4f36 hmac: use release versions of dev-dependencies (#260)
• c40b82b hmac: bump sha2 dev-dependency to v0.11 (#259)
• 1fa0781 Cut rc.5 prereleases (#258)
• a008265 hmac v0.13.0-rc.6 (#256)
• da485cd Use (Reset)MacTraits (#254)
• 2c51e3b hmac: derive Clone instead of relying on (Reset)MacTraits (#253)
• 669d805 Relax Clone bounds (#250)
• Additional commits viewable in compare view

Updates reqwest from 0.13.2 to 0.13.3

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

• Update docs.rs Features by @​JamesWiresmith in seanmonstar/reqwest#2961
• fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @​monosans in seanmonstar/reqwest#2797
• fix: remove timeout con by @​cuiweixie in seanmonstar/reqwest#2967
• http3: handle stop_sending without error by @​anuraaga in seanmonstar/reqwest#2978
• resolve: debug log to change only host by @​lms0806 in seanmonstar/reqwest#2992
• Edit reference link by @​lms0806 in seanmonstar/reqwest#2996
• docs: more accurate about default HTTP2 window sizes by @​seanmonstar in seanmonstar/reqwest#3007
• [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 by @​lyuzichong in seanmonstar/reqwest#3006
• Upgrade rustls-platform-verifier by @​jplatte in seanmonstar/reqwest#3010
• use wasm-bindgen ecosystem only for wasm32-unknown-* target by @​Ludea in seanmonstar/reqwest#3000
• fix rustls crl pem parsing by @​Threated in seanmonstar/reqwest#3013
• docs(retry): include ReqRep in docsrs by @​seanmonstar in seanmonstar/reqwest#3020

New Contributors

• @​JamesWiresmith made their first contribution in seanmonstar/reqwest#2961
• @​monosans made their first contribution in seanmonstar/reqwest#2797
• @​cuiweixie made their first contribution in seanmonstar/reqwest#2967
• @​anuraaga made their first contribution in seanmonstar/reqwest#2978
• @​lms0806 made their first contribution in seanmonstar/reqwest#2992
• @​lyuzichong made their first contribution in seanmonstar/reqwest#3006
• @​Ludea made their first contribution in seanmonstar/reqwest#3000

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

Commits

• a9a88c4 v0.13.3
• f3f6d9d docs(retry): include ReqRep in docsrs (#3020)
• 5f9c231 fix rustls CRL PEM parsing (#3013)
• 11d835d use wasm-bindgen ecosystem only for wasm32-unknown-* target (#3000)
• 1f72916 Upgrade rustls-platform-verifier (#3010)
• 5d5bf35 [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 (#3006)
• 93dc1b2 docs: more accurate about default HTTP2 window sizes (#3007)
• c5e50f0 docs: update outdated link in comments
• b25611f resolve: debug log to change only host (#2992)
• ca1f479 http3: handle stop_sending without error (#2978)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates uuid from 1.22.0 to 1.23.1

Release notes

Sourced from uuid's releases.

v1.23.1

What's Changed

• Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
• fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
• Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

• @​guybedford made their first contribution in uuid-rs/uuid#877
• @​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

v1.23.0

What's Changed

• feat: add support for 'hyphenated' format in the serde module by @​FrenchDilettante in uuid-rs/uuid#865
• Fix a number of bugs in time-related code by @​KodrAus in uuid-rs/uuid#872
• Reword invalid char error message by @​KodrAus in uuid-rs/uuid#873
• Impl cleanups by @​KodrAus in uuid-rs/uuid#874
• Use LazyLock to synchronize v1/v6 context initialization by @​KodrAus in uuid-rs/uuid#875
• Prepare for 1.23.0 release by @​KodrAus in uuid-rs/uuid#876

New Contributors

• @​FrenchDilettante made their first contribution in uuid-rs/uuid#865

Special thanks

@​meng-xu-cs raised a series of bugs against the timestamp logic in uuid using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better uuid library for everyone. Thanks!

Deprecations

This release includes the following deprecations:

• Context: Renamed to ContextV1
• Timestamp::from_gregorian: Renamed to Timestamp::from_gregorian_time

Change to Version::Max

Version::Max's u8 representation has changed from 0xff to 0x0f to match the value returned by Uuid::get_version_num.

Change to Uuid::get_version for the max UUID

Uuid::get_version will only return Some(Version::Max) if the UUID is actually the max UUID (all bytes are 0xff). Previously it would return Some if only the version field was 0x0f. This change matches the behaviour of the nil UUID, which only returns Some(Version::Nil) if the UUID is the nil UUID (all bytes are 0x00).

Full Changelog: uuid-rs/uuid@v1.22.0...v1.23.0

Commits

• ca0c85f Merge pull request #879 from uuid-rs/cargo/v1.23.1
• b4db015 prepare for 1.23.1 release
• 771069d Merge pull request #878 from aznashwan/fix-from-gregorian-deprecation-note
• 80994a2 fix: Timestamp::from_gregorian deprecation note
• 90c5be8 Merge pull request #877 from guybedford/remove-wasm-bindgen-msrv
• 8b8c4f4 Remove deprecated feature from wasm-bindgen dependency
• 00ab922 Merge pull request #876 from uuid-rs/cargo/v1.23.0
• 726ba45 prepare for 1.23.0 release
• 996dade Merge pull request #875 from uuid-rs/fix/context-ordering
• e140479 simplify a use stmt
• Additional commits viewable in compare view

Updates config from 0.15.19 to 0.15.22

Changelog

Sourced from config's changelog.

[0.15.22] - 2026-03-17

Documentation

• Polish examples

Internal

• Update winnow

[0.15.21] - 2026-03-12

Compatibility

• Bump MSRV to 1.85

[0.15.20] - 2026-03-12

Fixes

• Serialize the full u64 range

Internal

• (toml) Update to 1.0

Commits

• 7293108 chore: Release config version 0.15.22
• 6b82b25 docs: Update changelog
• 2ae46e4 chore: Update to Winnow 1.0.0 (#745)
• 28690ea chore: Update to Winnow 1.0.0
• 1f579ee docs(examples): Clean up (#744)
• c7b1b10 docs(examples): Consoldate env examples
• 5aa9638 docs(examples): Clarify intent
• fcc5cd8 docs(examples): Better organize examples
• 4e8637c docs(examples): Be consistent in env prefix
• 395a9ff docs(examples): Flatten examples
• Additional commits viewable in compare view

Updates protobuf from 2.28.0 to 3.7.2

Updates pyo3 from 0.28.2 to 0.28.3

Release notes

Sourced from pyo3's releases.

PyO3 0.28.3

This patch contains several fixes for stability of the PyO3 0.28.x series:

• Python::attach and Python::try_attach will no longer return before the thread initializing the interpreter has finished runnning site.py when using the auto-initialize feature.
• Fix unsoundness in PyBytesWriter::write_vectored when targeting the Python 3.15 prerelease interpreter.
• Fix possible deadlock in .into_pyobject() implementation for C-like #[pyclass] enums.

A couple of edge cases causing compile failures were also fixed.

Thank you to the following contributors for the improvements:

@​alex @​bschoenmaeckers @​chirizxc @​davidhewitt @​Embers-of-the-Fire @​Icxolu @​maurosilber @​ngoldbaum

Changelog

Sourced from pyo3's changelog.

[0.28.3] - 2026-04-02

Fixed

• Fix compile error with #[pyclass(get_all)] on a type named Probe. #5837
• Fix compile error in debug builds related to _Py_NegativeRefcount with Python < 3.12. #5847
• Fix a race condition where Python::attach or try_attach could return before site.py had finished running. #5903
• Fix unsoundness in PyBytesWriter::write_vectored with Python 3.15 prerelease versions. #5907
• Fix deadlock in .into_pyobject() implementation for C-like #[pyclass] enums. #5928

Commits

• 743af64 release: 0.28.3
• 2042b4c fix deadlock when initializing enum via into_pyobject() (#5928)
• 0157247 ci: update UI tests for Rust 1.94 (#5859)
• e234f8a Update getting-started.md (#5899)
• c06848d fix ffi-check in 3.15.0a7 (#5873)
• 83f4283 remove unused try_trait_v2 feature when enabling the nightly feature (#5868)
• 0de57ed Fix unsoundness in PyBytesWriter::write_vectored (#5907)
• 49cd13f fixes #5900 -- address race condition with initialization and site.py loading...
• c90d163 [fix] Fix std::ffi import for _Py_NegativeRefcount (#5847)
• b79d725 fix(pyo3-macros): allow pyclass named Probe (#5837)
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
reqwest	[>= 0.11.a, < 0.12]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions