Skip to content

chore(deps): bump the validation-deps group across 1 directory with 17 updates#199

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/validation/local_ping_pong_openssl/validation-deps-8f61738007
Open

chore(deps): bump the validation-deps group across 1 directory with 17 updates#199
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/validation/local_ping_pong_openssl/validation-deps-8f61738007

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026

Bumps the validation-deps group with 12 updates in the /validation/local_ping_pong_openssl directory:

Package From To
rustls 0.23.38 0.23.39
openssl 0.10.77 0.10.78
bitflags 2.11.0 2.11.1
cc 1.2.60 1.2.61
ecdsa 0.17.0-rc.16 0.17.0-rc.17
hybrid-array 0.4.10 0.4.11
libc 0.2.185 0.2.186
p256 0.14.0-rc.8 0.14.0-rc.9
p384 0.14.0-rc.8 0.14.0-rc.9
rustls-pki-types 1.14.0 1.14.1
rustls-webpki 0.103.11 0.103.13
wasip2 1.0.2+wasi-0.2.9 1.0.3+wasi-0.2.9

Updates rustls from 0.23.38 to 0.23.39

Commits
  • 0541605 Cargo: version 0.23.38 -> 0.23.39
  • 860798e Cargo: update semver compat deps
  • 7b37468 Take semver-compatible dependency updates
  • 6134204 Adapt to updated nightly features
  • d4b3ec5 Apply suggestions from clippy 1.95
  • See full diff in compare view

Updates openssl from 0.10.77 to 0.10.78

Release notes

Sourced from openssl's releases.

openssl-v0.10.78

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.77...openssl-v0.10.78

Commits
  • a6debf5 Release openssl v0.10.78 and openssl-sys v0.9.114 (#2609)
  • 09b425e Check derive output buffer length on OpenSSL 1.1.x (#2606)
  • 826c388 Error for short out in MdCtxRef::digest_final() (#2608)
  • 1d10902 Validate callback-returned lengths in PSK and cookie trampolines (#2607)
  • 5af6895 Reject oversized length returns from password callback trampoline (#2605)
  • 718d07f fix inverted bounds assertion in AES key unwrap (#2604)
  • 53cc69d Add support for LibreSSL 4.3.x (#2603)
  • 0b41e79 Fix dangling stack pointer in custom extension add callback (#2599)
  • cbdedf8 Avoid panic for overlong OIDs (#2598)
  • 1fc51ef openssl 4 support (#2591)
  • Additional commits viewable in compare view

Updates bitflags from 2.11.0 to 2.11.1

Release notes

Sourced from bitflags's releases.

2.11.1

What's Changed

New Contributors

Full Changelog: bitflags/bitflags@2.11.0...2.11.1

Changelog

Sourced from bitflags's changelog.

2.11.1

What's Changed

New Contributors

Full Changelog: bitflags/bitflags@2.11.0...2.11.1

Commits
  • 4ed9ffa Merge pull request #482 from KodrAus/cargo/2.11.1
  • c53cd57 prepare for 2.11.1 release
  • a44410a Merge pull request #481 from KodrAus/docs/clarifications
  • 3d671b9 update more compile error messages
  • 5f3adad fix up compile error messages
  • 780765d fix up contains and intersection docs
  • 97b7607 clarify self and other in method docs
  • 88a7a18 Merge pull request #477 from DanielEScherzer/patch-1
  • f0e4646 example_generated.rs: add missing third slash for doc comment
  • a31c96f Merge pull request #478 from DanielEScherzer/beta-bless
  • Additional commits viewable in compare view

Updates cc from 1.2.60 to 1.2.61

Release notes

Sourced from cc's releases.

cc-v1.2.61

Other

  • fix OutputKind::Capture documentation (#1705)
Changelog

Sourced from cc's changelog.

1.2.61 - 2026-04-24

Other

  • fix OutputKind::Capture documentation (#1705)
Commits
  • 360f691 chore(cc): release v1.2.61 (#1707)
  • 17a2788 Bump taiki-e/install-action from 2.75.16 to 2.75.17 (#1706)
  • da52db7 command_helpers.rs: fix OutputKind::Capture documentation (#1705)
  • ee64d58 Bump taiki-e/install-action from 2.75.4 to 2.75.5 (#1703)
  • 78cf7e4 CI: Hash-pin all actions, apply other suggestions from zizmor (#1702)
  • See full diff in compare view

Updates ecdsa from 0.17.0-rc.16 to 0.17.0-rc.17

Commits

Updates elliptic-curve from 0.14.0-rc.30 to 0.14.0-rc.31

Commits
  • b397bd3 elliptic-curve v0.14.0-rc.31 (#2386)
  • 4aa20fa elliptic-curve: shorten name of mul_by_generator_and_mul_add_vartime (#2385)
  • ac069b2 elliptic-curve: add MulByGeneratorVartime to bounds (#2384)
  • 403d4d1 build(deps): bump the all-deps group with 3 updates (#2383)
  • 45489da elliptic-curve: add MulByGeneratorVartime trait (#2381)
  • b48dd1e elliptic-curve: MulVartime fixups (#2380)
  • d4c0d46 elliptic-curve: add ops::MulVartime trait and bound Scalar (#2379)
  • 4f084d3 elliptic-curve: use *Vartime as a suffix (#2378)
  • caa9638 elliptic-curve: add VartimeBasepointTable (#2374)
  • ac67970 elliptic-curve: add PointWithBasepointTable trait (#2376)
  • See full diff in compare view

Updates hybrid-array from 0.4.10 to 0.4.11

Changelog

Sourced from hybrid-array's changelog.

0.4.11 (2026-04-24)

Added

  • HPKE Hybrid KEM sizes (#218)

Removed

  • Clone bounds on Box/Vec conversions (#209)

#209: RustCrypto/hybrid-array#209 #218: RustCrypto/hybrid-array#218

Commits

Updates libc from 0.2.185 to 0.2.186

Release notes

Sourced from libc's releases.

0.2.186

Added

  • Apple: Add KEVENT_FLAG_* constants (#5070)
  • Linux: Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE (#5060)

Changed

  • CI: Migrate FreeBSD CI from Cirrus CI to GitHub Actions (#5058)
Changelog

Sourced from libc's changelog.

0.2.186 - 2026-04-24

Added

  • Apple: Add KEVENT_FLAG_* constants (#5070)
  • Linux: Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE (#5060)

Changed

  • CI: Migrate FreeBSD CI from Cirrus CI to GitHub Actions (#5058)
Commits
  • 42620ff [0.2] libc: Release 0.2.186
  • 9db2eaa apple: add KEVENT_FLAG_* constants
  • 3840939 Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE for linux
  • f697deb chore: migrate from Cirrus CI to GHA
  • See full diff in compare view

Updates openssl-sys from 0.9.113 to 0.9.114

Release notes

Sourced from openssl-sys's releases.

openssl-sys-v0.9.114

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-sys-v0.9.113...openssl-sys-v0.9.114

Commits
  • a6debf5 Release openssl v0.10.78 and openssl-sys v0.9.114 (#2609)
  • 09b425e Check derive output buffer length on OpenSSL 1.1.x (#2606)
  • 826c388 Error for short out in MdCtxRef::digest_final() (#2608)
  • 1d10902 Validate callback-returned lengths in PSK and cookie trampolines (#2607)
  • 5af6895 Reject oversized length returns from password callback trampoline (#2605)
  • 718d07f fix inverted bounds assertion in AES key unwrap (#2604)
  • 53cc69d Add support for LibreSSL 4.3.x (#2603)
  • 0b41e79 Fix dangling stack pointer in custom extension add callback (#2599)
  • cbdedf8 Avoid panic for overlong OIDs (#2598)
  • 1fc51ef openssl 4 support (#2591)
  • Additional commits viewable in compare view

Updates p256 from 0.14.0-rc.8 to 0.14.0-rc.9

Commits

Updates p384 from 0.14.0-rc.8 to 0.14.0-rc.9

Commits

Updates primefield from 0.14.0-rc.8 to 0.14.0-rc.9

Commits

Updates primeorder from 0.14.0-rc.8 to 0.14.0-rc.9

Commits

Updates rustls-pki-types from 1.14.0 to 1.14.1

Release notes

Sourced from rustls-pki-types's releases.

1.14.1

Parsing PEM will now error for PEM sections larger than 256 MB in size, to avoid running out of memory during parsing. The limit was chosen based on historical data from large certificate revocation lists from the web PKI.

What's Changed

Commits
  • bb3c1da Adjust PEM size limit to account for huge CRLs
  • 20bcfe1 Bump version to 1.14.1
  • b796d3d pem: error for sections that are too large
  • 422d8cf Update ECH reference to RFC 9849
  • 14ce65c Remove mention of rustls-pemfile from docs
  • See full diff in compare view

Updates rustls-webpki from 0.103.11 to 0.103.13

Release notes

Sourced from rustls-webpki's releases.

0.103.13

  • Fix reachable panic in parsing a CRL. This was reported to us as GHSA-82j2-j2ch-gfr8. Users who don't use CRLs are not affected.
  • For name constraints on URI names, we incorrectly processed excluded subtrees in a way which inverted the desired meaning. See rustls/webpki#471. This was a case missing in the fix for GHSA-965h-392x-2mh5.

What's Changed

Full Changelog: rustls/webpki@v/0.103.12...v/0.103.13

0.103.12

This release fixes two bugs in name constraint enforcement:

  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

What's Changed

Full Changelog: rustls/webpki@v/0.103.11...v/0.103.12

Commits
  • 2879b2c Prepare 0.103.13
  • 2c49773 Improve tests for padding of BitStringFlags
  • 4e3c0b3 Correct validation of BIT STRING constraints
  • 39c91d2 Actually fail closed for URI matching against excluded subtrees
  • 27131d4 Bump version to 0.103.12
  • 6ecb876 Clean up stuttery enum variant names
  • 318b3e6 Ignore wildcard labels when matching name constraints
  • 1219622 Rewrite constraint matching to avoid permissive catch-all branch
  • See full diff in compare view

Updates typenum from 1.19.0 to 1.20.0

Release notes

Sourced from typenum's releases.

v1.20.0

Commits

  • 77b877d: remove deprecated features, replace build script with pre-generated tests (#237) (Cathal) #237
  • 4d5f26b: Add tuple operations (#242) (grenewode) #242
  • c755e2f: Version 1.20.0 (Paho Lurie-Gregg)
Changelog

Sourced from typenum's changelog.

1.20.0 (2026-04-18)

  • [removed] Removed no_std feature flag (deprecated since 1.3.0)
  • [removed] Removed force_unix_path_separator feature flag (deprecated since 1.17.0)
  • [changed] Replaced build.rs script with pre-generated test files
  • [added] Indexing into tuples
  • [changed] MSRV now 1.41.0
Commits

Updates wasip2 from 1.0.2+wasi-0.2.9 to 1.0.3+wasi-0.2.9

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the validation-deps group across 1 directory with 1…
932bb2b 
…7 updates

Bumps the validation-deps group with 12 updates in the /validation/local_ping_pong_openssl directory:

| Package | From | To |
| --- | --- | --- |
| [rustls](https://github.com/rustls/rustls) | `0.23.38` | `0.23.39` |
| [openssl](https://github.com/rust-openssl/rust-openssl) | `0.10.77` | `0.10.78` |
| [bitflags](https://github.com/bitflags/bitflags) | `2.11.0` | `2.11.1` |
| [cc](https://github.com/rust-lang/cc-rs) | `1.2.60` | `1.2.61` |
| [ecdsa](https://github.com/RustCrypto/signatures) | `0.17.0-rc.16` | `0.17.0-rc.17` |
| [hybrid-array](https://github.com/RustCrypto/hybrid-array) | `0.4.10` | `0.4.11` |
| [libc](https://github.com/rust-lang/libc) | `0.2.185` | `0.2.186` |
| [p256](https://github.com/RustCrypto/elliptic-curves) | `0.14.0-rc.8` | `0.14.0-rc.9` |
| [p384](https://github.com/RustCrypto/elliptic-curves) | `0.14.0-rc.8` | `0.14.0-rc.9` |
| [rustls-pki-types](https://github.com/rustls/pki-types) | `1.14.0` | `1.14.1` |
| [rustls-webpki](https://github.com/rustls/webpki) | `0.103.11` | `0.103.13` |
| [wasip2](https://github.com/bytecodealliance/wasi-rs) | `1.0.2+wasi-0.2.9` | `1.0.3+wasi-0.2.9` |



Updates `rustls` from 0.23.38 to 0.23.39
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.38...v/0.23.39)

Updates `openssl` from 0.10.77 to 0.10.78
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.77...openssl-v0.10.78)

Updates `bitflags` from 2.11.0 to 2.11.1
- [Release notes](https://github.com/bitflags/bitflags/releases)
- [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md)
- [Commits](bitflags/bitflags@2.11.0...2.11.1)

Updates `cc` from 1.2.60 to 1.2.61
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md)
- [Commits](rust-lang/cc-rs@cc-v1.2.60...cc-v1.2.61)

Updates `ecdsa` from 0.17.0-rc.16 to 0.17.0-rc.17
- [Commits](RustCrypto/signatures@ecdsa/v0.17.0-rc.16...ecdsa/v0.17.0-rc.17)

Updates `elliptic-curve` from 0.14.0-rc.30 to 0.14.0-rc.31
- [Commits](RustCrypto/traits@elliptic-curve-v0.14.0-rc.30...elliptic-curve-v0.14.0-rc.31)

Updates `hybrid-array` from 0.4.10 to 0.4.11
- [Changelog](https://github.com/RustCrypto/hybrid-array/blob/master/CHANGELOG.md)
- [Commits](RustCrypto/hybrid-array@v0.4.10...v0.4.11)

Updates `libc` from 0.2.185 to 0.2.186
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.186/CHANGELOG.md)
- [Commits](rust-lang/libc@0.2.185...0.2.186)

Updates `openssl-sys` from 0.9.113 to 0.9.114
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-sys-v0.9.113...openssl-sys-v0.9.114)

Updates `p256` from 0.14.0-rc.8 to 0.14.0-rc.9
- [Commits](RustCrypto/elliptic-curves@p256/v0.14.0-rc.8...p256/v0.14.0-rc.9)

Updates `p384` from 0.14.0-rc.8 to 0.14.0-rc.9
- [Commits](RustCrypto/elliptic-curves@p384/v0.14.0-rc.8...p384/v0.14.0-rc.9)

Updates `primefield` from 0.14.0-rc.8 to 0.14.0-rc.9
- [Commits](RustCrypto/elliptic-curves@primefield/v0.14.0-rc.8...primefield/v0.14.0-rc.9)

Updates `primeorder` from 0.14.0-rc.8 to 0.14.0-rc.9
- [Commits](RustCrypto/elliptic-curves@primeorder/v0.14.0-rc.8...primeorder/v0.14.0-rc.9)

Updates `rustls-pki-types` from 1.14.0 to 1.14.1
- [Release notes](https://github.com/rustls/pki-types/releases)
- [Commits](rustls/pki-types@v/1.14.0...v/1.14.1)

Updates `rustls-webpki` from 0.103.11 to 0.103.13
- [Release notes](https://github.com/rustls/webpki/releases)
- [Commits](rustls/webpki@v/0.103.11...v/0.103.13)

Updates `typenum` from 1.19.0 to 1.20.0
- [Release notes](https://github.com/paholg/typenum/releases)
- [Changelog](https://github.com/paholg/typenum/blob/main/CHANGELOG.md)
- [Commits](paholg/typenum@v1.19.0...v1.20.0)

Updates `wasip2` from 1.0.2+wasi-0.2.9 to 1.0.3+wasi-0.2.9
- [Commits](bytecodealliance/wasi-rs@wasip2-1.0.2...wasip2-1.0.3)

---
updated-dependencies:
- dependency-name: rustls
  dependency-version: 0.23.39
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: openssl
  dependency-version: 0.10.78
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: bitflags
  dependency-version: 2.11.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: cc
  dependency-version: 1.2.61
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: ecdsa
  dependency-version: 0.17.0-rc.17
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: elliptic-curve
  dependency-version: 0.14.0-rc.31
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: hybrid-array
  dependency-version: 0.4.11
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: libc
  dependency-version: 0.2.186
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: openssl-sys
  dependency-version: 0.9.114
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: p256
  dependency-version: 0.14.0-rc.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: p384
  dependency-version: 0.14.0-rc.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: primefield
  dependency-version: 0.14.0-rc.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: primeorder
  dependency-version: 0.14.0-rc.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: rustls-pki-types
  dependency-version: 1.14.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: rustls-webpki
  dependency-version: 0.103.13
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
- dependency-name: typenum
  dependency-version: 1.20.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: validation-deps
- dependency-name: wasip2
  dependency-version: 1.0.3+wasi-0.2.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: validation-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Apr 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants