Skip to content

Bump the cargo group across 7 directories with 10 updates#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/cargo-2664439c82
Open

Bump the cargo group across 7 directories with 10 updates#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/cargo-2664439c82

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown

Bumps the cargo group with 8 updates in the / directory:

Package From To
rpassword 7.3.1 7.5.0
openssl 0.10.74 0.10.80
rand 0.9.1 0.9.3
tar 0.4.43 0.4.46
wasmtime-wasi 43.0.0 44.0.2
aws-sdk-dynamodb 1.53.0 1.54.0
quinn-proto 0.11.8 0.11.15
time 0.3.36 0.3.52

Bumps the cargo group with 1 update in the /examples/http-rust directory: rand.
Bumps the cargo group with 1 update in the /examples/open-ai-rust directory: rand.
Bumps the cargo group with 6 updates in the /examples/spin-timer directory:

Package From To
openssl 0.10.72 0.10.81
rand 0.9.0 0.9.4
aws-sdk-dynamodb 1.58.0 1.59.0
tracing-subscriber 0.3.19 0.3.20
quinn-proto 0.11.10 0.11.15
time 0.3.41 0.3.52

Bumps the cargo group with 1 update in the /examples/spin-wagi-http/http-rust directory: rand.
Bumps the cargo group with 2 updates in the /examples/vault-variable-test directory: bytes and rand.
Bumps the cargo group with 1 update in the /tests/manual/pg-ssl-root-certs directory: rand.

Updates rpassword from 7.3.1 to 7.5.0

Release notes

Sourced from rpassword's releases.

v7.5.0

This release comes with lots of stuff. It should be fully backward compatible.

New features

  • Support for masking or partially masking a password as it's being typed. Thank you, @​chipsenkbeil, for your contribution.
  • New API. The documentation has been vastly improved to support this, see https://docs.rs/rpassword/. To sum up, you can now call read_password_with_config(config) and there is a ConfigBuilder that allows you to configure how passwords should be read. This makes the library much more flexible and means new options will be added without breaking existing code.

Fixes

  • Fix for CVE-2025-64170 which affects rpassword on versions v7.4.0 and below. Thank you, @​squell and @​DevLaTron, for reporting this.
  • Better support for multibyte characters and more reliable handling of control characters and terminal escape sequences. Thank you again, @​chipsenkbeil, for your contribution.

Deprecations

  • _from_bufread functions have been deprecated. You are encouraged to migrate to _with_config functions. See UPGRADE.md as well as the documentation which has examples that you can most likely drop into your code without other changes.

Misc

  • Update of the windows-sys dependency.
  • Update Rust edition from 2018 to 2024.
  • Better cross-platform testing, through more unit tests and a CI that runs Linux, Windows and Wasm.

Feedback is very much welcome.

v7.4.0

Changes and updates in this release:

I've noticed after publishing the release that the size of the crate on crates.io went from 7KiB to 121KiB. That's due to the addition of an image in the README.md, which I did not anticipate would be distributed to everyone. The fix (conradkleinespel/rpassword@7c30111) will be included in the next release.

No functionality changes in this release. It is backwards compatible.

Commits
  • 2d9873e release v7.5.0
  • e67e3b4 removes commented out code
  • fdde958 remove .idea from .gitignore
  • d531c59 allow reading from any Read and writing to any Write
  • 205dfb2 differentiate Input and Output targets
  • 6aa333a make PasswordFeedback internal though ConfigBuilder
  • aadeef2 allow more flexible input/output
  • ff7be55 add support for Ctrl-W
  • c56fefa format rust files with cargo fmt
  • c6f4f19 handle character encodings more reliably
  • Additional commits viewable in compare view

Updates openssl from 0.10.74 to 0.10.80

Release notes

Sourced from openssl's releases.

openssl-v0.10.80

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.79...openssl-v0.10.80

openssl-v0.10.79

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79

openssl-v0.10.78

What's Changed

... (truncated)

Commits
  • 35be7ae Release openssl 0.10.80 and openssl-sys 0.9.116 (#2639)
  • 19eceb2 Fix output buffer overflow in cipher_update_inplace for AES key-wrap-with-pad...
  • b460eb3 Prefer Homebrew openssl@4 and stop looking for openssl@1.1 (#2633)
  • 649f2d9 Release openssl 0.10.79 and openssl-sys 0.9.115 (#2632)
  • 257f9b2 Fix output buffer overflow for AES key-wrap-with-padding ciphers (#2630)
  • d43e917 Reject non-UTF-8 OCSP responder URLs in X509Ref::ocsp_responders (#2631)
  • f46519c Add PkeyCtxRef::set_context_string for ML-DSA (#2629)
  • ad9ae31 Bind OSSL_PARAM_modified and use it for seed_into (#2628)
  • 4e25c9b Fix process abort when verify/PSK callbacks fire after SSL_CTX swap (#2624)
  • 3dd8f42 Add PKeyRef::seed_into for ML-DSA/ML-KEM seed extraction (#2626)
  • Additional commits viewable in compare view

Updates rand from 0.9.1 to 0.9.3

Changelog

Sourced from rand's changelog.

[0.9.3] — 2026-02-11

This release back-ports a fix from v0.10. See also #1763.

Changes

  • Deprecate feature log (#1764)
  • Replace usages of doc_auto_cfg (#1764)

#1763: rust-random/rand#1763

[0.9.2] — 2025-07-20

Deprecated

  • Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

  • Enable WeightedIndex<usize> (de)serialization (#1646)
Commits

Updates tar from 0.4.43 to 0.4.46

Release notes

Sourced from tar's releases.

0.4.46

Security

See also GHSA-3cv2-h65g-fgmm

Other changes

New Contributors

Full Changelog: composefs/tar-rs@0.4.45...0.4.46

Commits
  • fc459c1 Release 0.4.46
  • 43e05a8 ci: Add crates.io trusted publishing workflow
  • bba5666 Update repo links
  • cd94c46 docs: Document TOCTOU / concurrent-mutation threat model
  • 1b4997c builder: Expand docs for follow_symlinks and append_dir_all
  • bab14dd archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm)
  • 2349b49 Add support of absolute paths
  • 39d0311 Update some links
  • 59d803e Update astral-tokio-tar requirement from 0.5 to 0.6
  • 8296b9a ci: Fix and re-enable reverse dependency testing (#444)
  • Additional commits viewable in compare view

Updates wasmtime-wasi from 43.0.0 to 44.0.2

Release notes

Sourced from wasmtime-wasi's releases.

v44.0.2

44.0.2

Released 2026-05-21.

Fixed

v44.0.1

44.0.1

Released 2026-04-30.

Fixed

  • Panic when allocating a table exceeding the size of the host's address space. GHSA-p8xm-42r7-89xg

v44.0.0

44.0.0

Released 2026-04-20.

Added

  • The wasmtime CLI now supports a -g flag which runs a built-in wasm program to host a gdbstub-compatible server (can be connected to with LLDB) to debug guest programs. #12756 #12771 #12856 #12859

  • Wasmtime now has experimental support for the map<K, V> type in the component model. #12216

  • Wasmtime's C API now supports wasm tag types. #12763 #12803

  • Wasmtime's C API now supports exceptions. #12861

  • Wasmtime's C API has more support for the GC proposal. #12914 #12915

... (truncated)

Changelog

Sourced from wasmtime-wasi's changelog.

44.0.2

Released 2026-05-21.

Fixed


44.0.1

Released 2026-04-30.

Fixed

  • Panic when allocating a table exceeding the size of the host's address space. GHSA-p8xm-42r7-89xg

44.0.0

Released 2026-04-20.

Added

  • The wasmtime CLI now supports a -g flag which runs a built-in wasm program to host a gdbstub-compatible server (can be connected to with LLDB) to debug guest programs. #12756 #12771 #12856 #12859

  • Wasmtime now has experimental support for the map<K, V> type in the component model. #12216

  • Wasmtime's C API now supports wasm tag types. #12763 #12803

  • Wasmtime's C API now supports exceptions. #12861

  • Wasmtime's C API has more support for the GC proposal. #12914 #12915

... (truncated)

Commits

Updates aws-sdk-dynamodb from 1.53.0 to 1.54.0

Commits

Updates quinn-proto from 0.11.8 to 0.11.15

Release notes

Sourced from quinn-proto's releases.

quinn-proto 0.11.14

@​jxs reported a denial of service issue in quinn-proto 5 days ago:

We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.

Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.

What's Changed

quinn-proto 0.11.11

What's Changed

Commits
  • a7499b8 Bump versions for release
  • 7c1970f proto: yield error on too many gaps in assembler
  • fe5ac49 congestion: avoid double-reducing CUBIC fast convergence
  • c1e903b fix(quinn): handle overdue timers without polling the async timer
  • b3b20e1 quinn-udp: allow to use windows-sys 0.61
  • 6f03ca3 quinn-proto: drop Initials silently when saturated
  • 41c8527 quinn: fix ref count logic for ConnectionRef and EndpointRef
  • 73ea1dd Remove RecvStreams from blocked_readers on stop
  • cf16bfd Early return in RecvStream::drop()
  • af2e4e5 Fix the (pre-existing) rightward drift by inverting conditions
  • Additional commits viewable in compare view

Updates time from 0.3.36 to 0.3.52

Release notes

Sourced from time's releases.

v0.3.52

See the changelog for details.

v0.3.51

See the changelog for details.

v0.3.49

See the changelog for details.

v0.3.48

See the changelog for details.

v0.3.47

See the changelog for details.

v0.3.46

See the changelog for details.

v0.3.45

See the changelog for details.

v0.3.44

See the changelog for details.

v0.3.43

See the changelog for details.

v0.3.42

See the changelog for details.

v0.3.41

See the changelog for details.

v0.3.40

See the changelog for details.

v0.3.39

See the changelog for details.

v0.3.38

See the changelog for details.

v0.3.37

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.52 [2026-06-30]

Fixed

  • Subsecond values in the time! macro are parsed using the textual representation, ensuring accuracy. Previously, they were parsed using the floating point representation, which could result in a loss of precision and even invalid values.
  • The date! macro could previously create an invalid value that would then panic at compile time. The macro now emits a proper error instead.
  • When parsing an invalid format description, an edge case would inadvertently panic. This now returns an error as intended.

Added

  • Support default values when parsing

0.3.51 [2026-06-22]

Fixed

  • time compiles with macros enabled. This version is otherwise identical to v0.3.50.

0.3.50 [2026-06-22] [YANKED]

This version was yanked because it would not compile when the macros feature was enabled.

Added

  • Timestamp type

Fixed

  • [year] in a runtime-parsed version 3 format description when the large-dates feature is not enabled now succeeds. This previously failed due to a missing #[cfg].

Performance

  • Further gains when parsing with the non-deprecated parts of the RFC 2822 well-known format
  • Gains when formatting with the ISO 8601 well-known format
  • Date arithmetic is improved in common situations

0.3.49 [2026-06-13]

Fixed

  • Due to a long-standing bug in the Rust compiler, v0.3.48 caused a number of crates to stop compiling. A patch has been added that avoids triggering the bug.

0.3.48 [2026-06-12] [YANKED]

... (truncated)

Commits
  • 7cf4780 v0.3.52 release
  • 0e5b04f Fix trusted publishing workflow
  • 6e4140a Support default values when parsing
  • 10ac36a Add more doctests to Timestamp
  • 6b0d468 Restore lexer depth on the unclosed-bracket error path
  • 0abc06d Add trusted publishing
  • 43cf0c0 Preferentially group shards by target
  • 749c0ad Bump number of shards for ordinary build
  • 24e6985 Run some CI steps in parallel
  • 0eda8a2 Shard powerset type checking
  • Additional commits viewable in compare view

Updates rand from 0.9.2 to 0.9.4

Changelog

Sourced from rand's changelog.

[0.9.3] — 2026-02-11

This release back-ports a fix from v0.10. See also #1763.

Changes

  • Deprecate feature log (#1764)
  • Replace usages of doc_auto_cfg (#1764)

#1763: rust-random/rand#1763

[0.9.2] — 2025-07-20

Deprecated

  • Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

  • Enable WeightedIndex<usize> (de)serialization (#1646)
Commits

Updates rand from 0.9.2 to 0.9.4

Changelog

Sourced from rand's changelog.

[0.9.3] — 2026-02-11

This release back-ports a fix from v0.10. See also #1763.

Changes

  • Deprecate feature log (#1764)
  • Replace usages of doc_auto_cfg (#1764)

#1763: rust-random/rand#1763

[0.9.2] — 2025-07-20

Deprecated

  • Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

  • Enable WeightedIndex<usize> (de)serialization (#1646)
Commits

Updates openssl from 0.10.72 to 0.10.81

Release notes

Sourced from openssl's releases.

openssl-v0.10.80

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.79...openssl-v0.10.80

openssl-v0.10.79

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79

openssl-v0.10.78

What's Changed

... (truncated)

Commits
  • 35be7ae Release openssl 0.10.80 and openssl-sys 0.9.116 (#2639)
  • 19eceb2 Fix output buffer overflow in cipher_update_inplace for AES key-wrap-with-pad...
  • b460eb3 Prefer Homebrew openssl@4 and stop looking for openssl@1.1 (#2633)

Bumps the cargo group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [rpassword](https://github.com/conradkleinespel/rpassword) | `7.3.1` | `7.5.0` |
| [openssl](https://github.com/rust-openssl/rust-openssl) | `0.10.74` | `0.10.80` |
| [rand](https://github.com/rust-random/rand) | `0.9.1` | `0.9.3` |
| [tar](https://github.com/composefs/tar-rs) | `0.4.43` | `0.4.46` |
| [wasmtime-wasi](https://github.com/bytecodealliance/wasmtime) | `43.0.0` | `44.0.2` |
| [aws-sdk-dynamodb](https://github.com/awslabs/aws-sdk-rust) | `1.53.0` | `1.54.0` |
| [quinn-proto](https://github.com/quinn-rs/quinn) | `0.11.8` | `0.11.15` |
| [time](https://github.com/time-rs/time) | `0.3.36` | `0.3.52` |

Bumps the cargo group with 1 update in the /examples/http-rust directory: [rand](https://github.com/rust-random/rand).
Bumps the cargo group with 1 update in the /examples/open-ai-rust directory: [rand](https://github.com/rust-random/rand).
Bumps the cargo group with 6 updates in the /examples/spin-timer directory:

| Package | From | To |
| --- | --- | --- |
| [openssl](https://github.com/rust-openssl/rust-openssl) | `0.10.72` | `0.10.81` |
| [rand](https://github.com/rust-random/rand) | `0.9.0` | `0.9.4` |
| [aws-sdk-dynamodb](https://github.com/awslabs/aws-sdk-rust) | `1.58.0` | `1.59.0` |
| [tracing-subscriber](https://github.com/tokio-rs/tracing) | `0.3.19` | `0.3.20` |
| [quinn-proto](https://github.com/quinn-rs/quinn) | `0.11.10` | `0.11.15` |
| [time](https://github.com/time-rs/time) | `0.3.41` | `0.3.52` |

Bumps the cargo group with 1 update in the /examples/spin-wagi-http/http-rust directory: [rand](https://github.com/rust-random/rand).
Bumps the cargo group with 2 updates in the /examples/vault-variable-test directory: [bytes](https://github.com/tokio-rs/bytes) and [rand](https://github.com/rust-random/rand).
Bumps the cargo group with 1 update in the /tests/manual/pg-ssl-root-certs directory: [rand](https://github.com/rust-random/rand).


Updates `rpassword` from 7.3.1 to 7.5.0
- [Release notes](https://github.com/conradkleinespel/rpassword/releases)
- [Commits](conradkleinespel/rpassword@v7.3.1...v7.5.0)

Updates `openssl` from 0.10.74 to 0.10.80
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.74...openssl-v0.10.80)

Updates `rand` from 0.9.1 to 0.9.3
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.3/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.1...0.9.3)

Updates `tar` from 0.4.43 to 0.4.46
- [Release notes](https://github.com/composefs/tar-rs/releases)
- [Commits](composefs/tar-rs@0.4.43...0.4.46)

Updates `wasmtime-wasi` from 43.0.0 to 44.0.2
- [Release notes](https://github.com/bytecodealliance/wasmtime/releases)
- [Changelog](https://github.com/bytecodealliance/wasmtime/blob/v44.0.2/RELEASES.md)
- [Commits](bytecodealliance/wasmtime@v43.0.0...v44.0.2)

Updates `aws-sdk-dynamodb` from 1.53.0 to 1.54.0
- [Release notes](https://github.com/awslabs/aws-sdk-rust/releases)
- [Commits](https://github.com/awslabs/aws-sdk-rust/commits)

Updates `quinn-proto` from 0.11.8 to 0.11.15
- [Release notes](https://github.com/quinn-rs/quinn/releases)
- [Commits](quinn-rs/quinn@quinn-proto-0.11.8...quinn-proto-0.11.15)

Updates `time` from 0.3.36 to 0.3.52
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](time-rs/time@v0.3.36...v0.3.52)

Updates `rand` from 0.9.2 to 0.9.4
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.3/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.1...0.9.3)

Updates `rand` from 0.9.2 to 0.9.4
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.3/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.1...0.9.3)

Updates `openssl` from 0.10.72 to 0.10.81
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.74...openssl-v0.10.80)

Updates `rand` from 0.9.0 to 0.9.4
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.3/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.1...0.9.3)

Updates `aws-sdk-dynamodb` from 1.58.0 to 1.59.0
- [Release notes](https://github.com/awslabs/aws-sdk-rust/releases)
- [Commits](https://github.com/awslabs/aws-sdk-rust/commits)

Updates `tracing-subscriber` from 0.3.19 to 0.3.20
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](tokio-rs/tracing@tracing-subscriber-0.3.19...tracing-subscriber-0.3.20)

Updates `quinn-proto` from 0.11.10 to 0.11.15
- [Release notes](https://github.com/quinn-rs/quinn/releases)
- [Commits](quinn-rs/quinn@quinn-proto-0.11.8...quinn-proto-0.11.15)

Updates `time` from 0.3.41 to 0.3.52
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](time-rs/time@v0.3.36...v0.3.52)

Updates `rand` from 0.9.2 to 0.9.4
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.3/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.1...0.9.3)

Updates `bytes` from 1.5.0 to 1.12.0
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.5.0...v1.12.0)

Updates `rand` from 0.9.2 to 0.9.4
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.3/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.1...0.9.3)

Updates `rand` from 0.9.2 to 0.9.4
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.3/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.1...0.9.3)

---
updated-dependencies:
- dependency-name: rpassword
  dependency-version: 7.5.0
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.80
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: rand
  dependency-version: 0.9.3
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: tar
  dependency-version: 0.4.46
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: wasmtime-wasi
  dependency-version: 44.0.2
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: aws-sdk-dynamodb
  dependency-version: 1.54.0
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: quinn-proto
  dependency-version: 0.11.15
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: time
  dependency-version: 0.3.52
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rand
  dependency-version: 0.9.4
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rand
  dependency-version: 0.9.4
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.81
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: rand
  dependency-version: 0.9.4
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: aws-sdk-dynamodb
  dependency-version: 1.59.0
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: tracing-subscriber
  dependency-version: 0.3.20
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: quinn-proto
  dependency-version: 0.11.15
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: time
  dependency-version: 0.3.52
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rand
  dependency-version: 0.9.4
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: bytes
  dependency-version: 1.12.0
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rand
  dependency-version: 0.9.4
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rand
  dependency-version: 0.9.4
  dependency-type: indirect
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants