Skip to content

chore(deps): Bump the rust-security-and-maintenance group with 9 updates#93

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/rust-security-and-maintenance-d4da4f9c56
Open

chore(deps): Bump the rust-security-and-maintenance group with 9 updates#93
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/rust-security-and-maintenance-d4da4f9c56

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown

Bumps the rust-security-and-maintenance group with 9 updates:

Package From To
aes-gcm 0.10.3 0.11.0
scrypt 0.11.0 0.12.0
getrandom 0.2.17 0.4.3
ureq 2.12.1 3.3.0
tree-sitter 0.25.10 0.26.10
axum 0.7.9 0.8.9
syn 2.0.117 2.0.118
quote 1.0.45 1.0.46
trybuild 1.0.116 1.0.118

Updates aes-gcm from 0.10.3 to 0.11.0

Commits

Updates scrypt from 0.11.0 to 0.12.0

Commits

Updates getrandom from 0.2.17 to 0.4.3

Changelog

Sourced from getrandom's changelog.

0.4.3 - 2026-06-17

Added

  • wasm64-unknown-unknown target support for wasm_js backend #848

Changed

  • Drop wasip2 and wasip3 dependencies in favor of manual bindings #830

#830: rust-random/getrandom#830 #848: rust-random/getrandom#848

0.4.2 - 2026-03-03

Changed

  • Bump r-efi dependency to v6 #814

Fixed

  • Read errno only when it is set #810
  • Check the return value of ProcessPrng on Windows #811

#810: rust-random/getrandom#810 #811: rust-random/getrandom#811 #814: rust-random/getrandom#814

0.4.1 - 2026-02-03

Fixed

  • Documentation build on docs.rs #801

#801: rust-random/getrandom#801

0.4.0 - 2026-02-02

Added

  • RawOsError type alias #739
  • SysRng behind new feature sys_rng #751
  • WASIp3 support #779
  • extern_impl opt-in backend #786 #794
  • Motor OS support #797

Changed

  • Use Edition 2024 and MSRV 1.85 #749

#739: rust-random/getrandom#739 #749: rust-random/getrandom#749 #751: rust-random/getrandom#751 #779: rust-random/getrandom#779

... (truncated)

Commits

Updates ureq from 2.12.1 to 3.3.0

Changelog

Sourced from ureq's changelog.

3.3.0

  • Bump MSRV 1.71 -> 1.85, edition 2024 #1167

3.2.1

  • Switch archived utf-8 crate for utf8-zero #1163

3.2.0

  • Strip Content-Encoding/Content-Length headers after decompression #1156
  • Timeout per resolved ip for try_connect #1152
  • Fix body header bug on redirect #1140
  • ureq-proto 0.5.3 to fix unsolicited 100-continue #1139
  • Make socks5:// locally resolve before calling proxy #1138
  • Add socks5h:// which DOESN'T locally resolve before calling proxy #1138

3.1.4

  • Set content-type with new Multipart form #1133

3.1.3

  • Fix short read with multi-byte charset #1131
  • Replace rustls-pemfile usage with rustls-pki-types #1122
  • Support for env NO_PROXY and proxy config #1118
  • Experimental multi-part form support #1102

3.1.2

  • Fix bug when query is after host "example.com?query" #1115

3.1.1

  • Fix regression in MSRV (hold back native-tls) #1113
  • Fix edge case regression when setting request header Content-Length: 0 #1109

3.1.0

DECISION: webpki-roots and webpki-root-certs goes from pre-release (0.26) to stable release (1.0.0). This is potentially a big change for ureq users. We release this as semver minor.

  • Bump all deps to latest #1104
  • Fixes to CONNECT to follow spec #1103
  • Send Content-Length for File #1100
  • native-tls transport capture and surface underlying errors #1093
  • Bump webpki-roots/webpki-root-certs to 1.0.0 #1089
  • Bump rustls-platform-verifier to 0.6.0 #1089
  • Allow the license CDLA-Permissive-2.0 #1089

... (truncated)

Commits
  • b2adbf0 3.3.0
  • 7662219 Bump MSRV 1.71 -> 1.85, edition 2024
  • eb51f2c 3.2.1
  • ad49981 Bump deps to fix cargo-deny RUSTSEC
  • 08785cb Switch out utf-8 crate with utf8-zero
  • 9ef2153 Clarify that json feature is disabled by default
  • eb2539d Fix misleading unsafe wording in crate docs
  • b45d3d2 Fix cargo-deny advisory failures
  • 852b804 3.2.0
  • 378f768 Update deny.toml given current dependencies
  • Additional commits viewable in compare view

Updates tree-sitter from 0.25.10 to 0.26.10

Release notes

Sourced from tree-sitter's releases.

v0.26.10

What's Changed

Full Changelog: tree-sitter/tree-sitter@v0.26.9...v0.26.10

v0.26.9

What's Changed

Full Changelog: tree-sitter/tree-sitter@v0.26.8...v0.26.9

v0.26.8

What's Changed

... (truncated)

Commits
  • 3fc4cd2 release v0.26.10
  • 568aee0 test(query): regression test for anchored siblings inside a parent
  • 2efce10 fix(query): skip passthrough steps when checking for fallible step splitting
  • e8b9639 fix(query): avoid overriding states not seeking immediate match with states s...
  • 576564d fix(query): take anchors between siblings into account for fallible step spli...
  • fbf3049 fix(dsl): forbid invalid field names
  • 99bc36b build(deps): bump wasmtime-c-api to v36.0.12
  • 1ef1048 fix(build): use std helper rather than passing -std=c11 flag
  • a61be4a fix(lib): address strict aliasing violations in TreeCursor type
  • be8f380 fix(cli): highlight test did not properly check for spans on later rows
  • Additional commits viewable in compare view

Updates axum from 0.7.9 to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

  • added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
  • changed: Update minimum rust version to 1.80 (#3620)
  • fixed: Set connect endpoint on correct field in MethodRouter (#3656)
  • fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

axum v0.8.8

  • Clarify documentation for Router::route_layer (#3567)

#3567: tokio-rs/axum#3567

axum v0.8.7

  • Relax implicit Send / Sync bounds on RouterAsService, RouterIntoService (#3555)
  • Make it easier to visually scan for default features (#3550)
  • Fix some documentation typos

#3550: tokio-rs/axum#3550 #3555: tokio-rs/axum#3555

axum v0.8.5

  • fixed: Reject JSON request bodies with trailing characters after the JSON document (#3453)
  • added: Implement OptionalFromRequest for Multipart (#3220)
  • added: Getter methods Location::{status_code, location}
  • added: Support for writing arbitrary binary data into server-sent events (#3425)]
  • added: middleware::ResponseAxumBodyLayer for mapping response body to axum::body::Body (#3469)
  • added: impl FusedStream for WebSocket (#3443)
  • changed: The sse module and Sse type no longer depend on the tokio feature (#3154)
  • changed: If the location given to one of Redirects constructors is not a valid header value, instead of panicking on construction, the IntoResponse impl now returns an HTTP 500, just like Json does when serialization fails (#3377)
  • changed: Update minimum rust version to 1.78 (#3412)

#3154: tokio-rs/axum#3154 #3220: tokio-rs/axum#3220 #3377: tokio-rs/axum#3377 #3412: tokio-rs/axum#3412 #3425: tokio-rs/axum#3425 #3443: tokio-rs/axum#3443 #3453: tokio-rs/axum#3453 #3469: tokio-rs/axum#3469

axum v0.8.4

  • added: Router::reset_fallback (#3320)
  • added: WebSocketUpgrade::selected_protocol (#3248)
  • fixed: Panic location for overlapping method routes (#3319)
  • fixed: Don't leak a tokio task when using serve without graceful shutdown (#3129)

... (truncated)

Commits

Updates syn from 2.0.117 to 2.0.118

Release notes

Sourced from syn's releases.

2.0.118

  • Documentation improvements
Commits
  • f033ef1 Release 2.0.118
  • 45f65f7 Wrap long lint attributes
  • b3f9bf8 Mirror PR 1975 from readme to crate-level rustdoc
  • 97dc117 Wrap PR 1975 to 80 columns
  • 0085b7a Lint repr_transparent_non_zst_fields has been removed
  • 9fc1c9d Update test suite to nightly-2026-06-12
  • 504bcc7 Update test suite to nightly-2026-06-09
  • 353d20b Update test suite to nightly-2026-06-06
  • f257a16 Update test suite to nightly-2026-05-25
  • b706e6e Update test suite to nightly-2026-05-13
  • Additional commits viewable in compare view

Updates quote from 1.0.45 to 1.0.46

Release notes

Sourced from quote's releases.

1.0.46

Commits
  • bc4caf2 Release 1.0.46
  • dc0e304 Format with rustfmt
  • 712114c Drop arrow from syntax of quote_spanned_with_expanded_span
  • f93ab8a Eliminate quote_spanned_with_expanded_span_as_expr macro
  • 1ff3951 Eliminate __quote_spanned macro
  • 64e913a Unify quote_spanned definitions
  • 2978e8b Wrap comment to 80 columns
  • 7f311a0 Fix PR 329 fat arrow spacing
  • 313a8a2 Remove unneeded get_span from PR 329
  • 0b33821 Merge pull request #329 from Noratrieb/avoid-repeat-expand
  • Additional commits viewable in compare view

Updates trybuild from 1.0.116 to 1.0.118

Release notes

Sourced from trybuild's releases.

1.0.118

  • Normalize cargo registry paths for any registry source (#331, thanks @​devjgm)
  • Limit custom registry to new normalization level (#334)

1.0.117

  • Better error message when TRYBUILD env var is wrong (#332, thanks @​tisonkun)
Commits
  • 7ce4c26 Release 1.0.118
  • b359f4a Update to 2024 edition
  • 3551315 Merge pull request #334 from dtolnay/customregistry
  • 5209787 Limit custom registry to new normalization level
  • 528223c Merge pull request 331 from devjgm/greg/trybuild-custom-registry-normalization
  • 69689b3 Update actions/upload-artifact@v6 -> v7
  • 333eb00 Release 1.0.117
  • 820b8a5 Merge pull request #332 from tisonkun/patch-1
  • 7e9d0a6 Update actions/checkout@v6 -> v7
  • 8dd2668 Better error message when TRYBUILD env var is wrong
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the rust-security-and-maintenance group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [aes-gcm](https://github.com/RustCrypto/AEADs) | `0.10.3` | `0.11.0` |
| [scrypt](https://github.com/RustCrypto/password-hashes) | `0.11.0` | `0.12.0` |
| [getrandom](https://github.com/rust-random/getrandom) | `0.2.17` | `0.4.3` |
| [ureq](https://github.com/algesten/ureq) | `2.12.1` | `3.3.0` |
| [tree-sitter](https://github.com/tree-sitter/tree-sitter) | `0.25.10` | `0.26.10` |
| [axum](https://github.com/tokio-rs/axum) | `0.7.9` | `0.8.9` |
| [syn](https://github.com/dtolnay/syn) | `2.0.117` | `2.0.118` |
| [quote](https://github.com/dtolnay/quote) | `1.0.45` | `1.0.46` |
| [trybuild](https://github.com/dtolnay/trybuild) | `1.0.116` | `1.0.118` |


Updates `aes-gcm` from 0.10.3 to 0.11.0
- [Commits](RustCrypto/AEADs@aes-gcm-v0.10.3...aes-gcm-v0.11.0)

Updates `scrypt` from 0.11.0 to 0.12.0
- [Commits](RustCrypto/password-hashes@scrypt-v0.11.0...scrypt-v0.12.0)

Updates `getrandom` from 0.2.17 to 0.4.3
- [Changelog](https://github.com/rust-random/getrandom/blob/master/CHANGELOG.md)
- [Commits](rust-random/getrandom@v0.2.17...v0.4.3)

Updates `ureq` from 2.12.1 to 3.3.0
- [Changelog](https://github.com/algesten/ureq/blob/main/CHANGELOG.md)
- [Commits](algesten/ureq@2.12.1...3.3.0)

Updates `tree-sitter` from 0.25.10 to 0.26.10
- [Release notes](https://github.com/tree-sitter/tree-sitter/releases)
- [Commits](tree-sitter/tree-sitter@v0.25.10...v0.26.10)

Updates `axum` from 0.7.9 to 0.8.9
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](tokio-rs/axum@axum-v0.7.9...axum-v0.8.9)

Updates `syn` from 2.0.117 to 2.0.118
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](dtolnay/syn@2.0.117...2.0.118)

Updates `quote` from 1.0.45 to 1.0.46
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](dtolnay/quote@1.0.45...1.0.46)

Updates `trybuild` from 1.0.116 to 1.0.118
- [Release notes](https://github.com/dtolnay/trybuild/releases)
- [Commits](dtolnay/trybuild@1.0.116...1.0.118)

---
updated-dependencies:
- dependency-name: aes-gcm
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-security-and-maintenance
- dependency-name: scrypt
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-security-and-maintenance
- dependency-name: getrandom
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-security-and-maintenance
- dependency-name: ureq
  dependency-version: 3.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: rust-security-and-maintenance
- dependency-name: tree-sitter
  dependency-version: 0.26.10
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-security-and-maintenance
- dependency-name: axum
  dependency-version: 0.8.9
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-security-and-maintenance
- dependency-name: syn
  dependency-version: 2.0.118
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-security-and-maintenance
- dependency-name: quote
  dependency-version: 1.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-security-and-maintenance
- dependency-name: trybuild
  dependency-version: 1.0.118
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-security-and-maintenance
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 12, 2026
@dependabot dependabot Bot requested a review from RNT56 as a code owner July 12, 2026 08:34
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants