chore(deps): update cargo non-major dependencies

[dd-octo-sts]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
allocator-api2	dependencies	minor	0.2 → 0.4
allocator-api2	dependencies	minor	0.2.21 → 0.4.0
allocator-api2	dev-dependencies	minor	0.2 → 0.4
anyhow	dependencies	patch	1.0.93 → 1.0.102
anyhow	dependencies	patch	1.0.98 → 1.0.102
arbitrary	dependencies	patch	1.4.1 → 1.4.2
arc-swap	dependencies	minor	1.7.1 → 1.8.2
backtrace	dependencies	patch	=0.3.74 → =0.3.76
bolero	dev-dependencies	patch	0.13.0 → 0.13.4
bolero	dependencies	patch	0.13.0 → 0.13.4
cadence	dependencies	minor	1.5.0 → 1.7.0
cargo-platform	dependencies	minor	=0.1.7 → =0.3.2
cargo_metadata	dependencies	minor	0.18 → 0.23
cargo_metadata	dependencies	minor	0.18.1 → 0.23.0
cbindgen	dependencies	patch	0.29.0 → 0.29.2
cc	dependencies	patch	1.2.17 → 1.2.56
cc	build-dependencies	patch	1.2.17 → 1.2.56
chrono	dependencies	patch	0.4.38 → 0.4.44
clap	dependencies	patch	4.5.20 → 4.5.60
clap	dev-dependencies	patch	4.5.20 → 4.5.60
clap	dependencies	patch	4.5.39 → 4.5.60
cmake	dependencies	patch	0.1.51 → 0.1.57
const_format	dependencies	patch	0.2.34 → 0.2.35
constcat	dependencies	minor	0.4.1 → 0.6.0
criterion (source)	dev-dependencies	minor	0.5.1 → 0.8.0
criterion (source)	dev-dependencies	minor	0.5 → 0.8
crossbeam-queue (source)	dependencies	patch	0.3.11 → 0.3.12
cxx (source)	dependencies	patch	1.0.192 → 1.0.194
cxx-build (source)	build-dependencies	patch	1.0.192 → 1.0.194
either	dependencies	minor	1.13.0 → 1.15.0
env_logger	dev-dependencies	minor	0.10 → 0.11
env_logger	dependencies	minor	0.10 → 0.11
fastrand	dependencies	minor	2.1.1 → 2.3.0
faststr	dependencies	patch	0.2.32 → 0.2.34
flate2	dependencies	patch	1.1.1 → 1.1.9
flate2	dev-dependencies	patch	1.1.1 → 1.1.9
futures (source)	dependencies	patch	0.3.31 → 0.3.32
futures (source)	dev-dependencies	patch	0.3.31 → 0.3.32
futures-core (source)	dependencies	patch	0.3.31 → 0.3.32
futures-test (source)	dev-dependencies	patch	0.3.31 → 0.3.32
futures-util (source)	dependencies	patch	0.3.31 → 0.3.32
goblin	dev-dependencies	minor	0.9.3 → 0.10.0
hashbrown	dependencies	minor	0.15 → 0.16
http	dependencies	minor	1.1.0 → 1.4.0
http	dev-dependencies	minor	1.1.0 → 1.4.0
http	dev-dependencies	minor	1.3.1 → 1.4.0
http-body-util	dependencies	patch	0.1.2 → 0.1.3
httparse	dependencies	minor	1.9.5 → 1.10.1
httparse	dev-dependencies	minor	1.9.5 → 1.10.1
httpmock	dev-dependencies	patch	0.8.0-alpha.1 → 0.8.3
httpmock	dependencies	patch	0.8.0-alpha.1 → 0.8.3
httpmock	dev-dependencies	minor	0.6 → 0.8
humantime	dependencies	minor	2.1.0 → 2.3.0
hyper (source)	workspace.dependencies	minor	1.6.0 → 1.8.1
hyper-rustls	dependencies	patch	0.27.3 → 0.27.7
hyper-util (source)	workspace.dependencies	patch	0.1.17 → 0.1.20
indexmap	dependencies	minor	2.12.1 → 2.13.0
indexmap	dev-dependencies	minor	2.12.1 → 2.13.0
libc	dependencies	patch	0.2.178 → 0.2.182
libc	dev-dependencies	patch	0.2.178 → 0.2.182
libfuzzer-sys	dependencies	patch	0.4.10 → 0.4.12
log	dependencies	patch	0.4.27 → 0.4.29
manual_future	dependencies	patch	0.1.1 → 0.1.4
md5	dependencies	minor	0.7.0 → 0.8.0
memfd	dependencies	patch	0.6.4 → 0.6.5
microseh	dependencies	minor	0.1.1 → 0.2.0
mockall	dependencies	minor	0.13.1 → 0.14.0
nix	dependencies	minor	0.29 → 0.31
object	dependencies	minor	0.31.0 → 0.38.0
octocrab	dependencies	minor	0.44 → 0.49
opentelemetry (source)	dev-dependencies	minor	0.17.0 → 0.31.0
opentelemetry (source)	dependencies	minor	0.17.0 → 0.31.0
opentelemetry-jaeger (source)	dev-dependencies	minor	0.16.0 → 0.22.0
parking_lot	dependencies	patch	0.12.3 → 0.12.5
percent-encoding	dependencies	patch	2.3.1 → 2.3.2
pin-project	dependencies	patch	1.1.7 → 1.1.11
portable-atomic	dependencies	minor	1.9.0 → 1.13.1
priority-queue	dependencies	minor	2.1.1 → 2.7.0
proc-macro2	dependencies	patch	1.0.89 → 1.0.106
proptest (source)	dev-dependencies	minor	1.5.0 → 1.10.0
protoc-bin-vendored	build-dependencies	minor	3.1.0 → 3.2.0
pyo3	dependencies	minor	0.27.2 → 0.28.0
quick-xml	dependencies	minor	0.37 → 0.39
quote	dependencies	patch	1.0.37 → 1.0.45
rand (source)	dependencies	minor	0.8.5 → 0.10.0
rand (source)	dev-dependencies	minor	0.8.5 → 0.10.0
rand (source)	dependencies	minor	0.8 → 0.10
rand (source)	dependencies	minor	0.8.3 → 0.10.0
rand (source)	dev-dependencies	minor	0.8 → 0.10
regex	dependencies	minor	1.11.1 → 1.12.3
regex	dev-dependencies	minor	1.11.1 → 1.12.3
regex-automata (source)	dependencies	patch	0.4.8 → 0.4.14
reqwest	dependencies	patch	0.13.1 → 0.13.2
rlimit	dev-dependencies	minor	0.9 → 0.11
rmp	dependencies	patch	0.8.14 → 0.8.15
rmp-serde	dependencies	patch	1.3.0 → 1.3.1
rmp-serde	dev-dependencies	patch	1.3.0 → 1.3.1
rmpv	dependencies	patch	1.3.0 → 1.3.1
rustix	dependencies	patch	1.1.3 → 1.1.4
rustls	dependencies	patch	0.23.31 → 0.23.37
rustls-native-certs	dependencies	patch	0.8.1 → 0.8.3
schemars (source)	dependencies	minor	0.8.21 → 0.9.0
sendfd	dependencies	patch	0.4.3 → 0.4.4
serde_bytes	dependencies	patch	0.11.15 → 0.11.19
serde_bytes	dev-dependencies	patch	0.11.15 → 0.11.19
serde_json	dev-dependencies	patch	1.0.132 → 1.0.149
serde_json	dependencies	patch	1.0.132 → 1.0.149
serde_json	dependencies	patch	1.0.140 → 1.0.149
serde_with	dependencies	minor	3.11.0 → 3.17.0
serial_test	dev-dependencies	minor	3.2.0 → 3.4.0
sha2	dependencies	patch	0.10.8 → 0.10.9
simd-json	dependencies	minor	=0.14 → =0.17.0
strum	dev-dependencies	minor	0.26 → 0.28
strum	dependencies	minor	0.26.2 → 0.28.0
symbolic-common	dependencies	minor	12.12.0 → 12.17.2
symbolic-demangle	dependencies	minor	12.12.0 → 12.17.2
syn	dependencies	patch	2.0.87 → 2.0.117
sysinfo	dependencies	minor	0.29.8 → 0.38.0
tar	dependencies	patch	0.4.43 → 0.4.44
tempfile (source)	dependencies	minor	3.23.0 → 3.26.0
tempfile (source)	dev-dependencies	minor	3.23.0 → 3.26.0
tempfile (source)	dev-dependencies	minor	3.20.0 → 3.26.0
thiserror	dependencies	patch	2.0.17 → 2.0.18
thiserror	dependencies	patch	1.0.68 → 1.0.69
tokio (source)	dev-dependencies	minor	1.49.0 → 1.50.0
tokio (source)	dependencies	minor	1.49.0 → 1.50.0
tokio (source)	dependencies	minor	1.45.1 → 1.50.0
tokio-rustls	dependencies	patch	0.26.0 → 0.26.4
tokio-serde	dev-dependencies	minor	0.8 → 0.9
tokio-serde	dependencies	minor	0.8 → 0.9
tokio-util (source)	dependencies	patch	0.7.12 → 0.7.18
toml	dependencies	minor	0.8 → 0.9
toml	dependencies	minor	0.8.19 → 0.9.0
toml	dependencies	minor	0.8.22 → 0.9.0
tracing-appender (source)	dependencies	patch	0.2.3 → 0.2.4
tracing-opentelemetry	dependencies	minor	0.17.2 → 0.32.0
trybuild	dev-dependencies	patch	1.0.101 → 1.0.116
url	dependencies	patch	2.5.4 → 2.5.8
url	dependencies	patch	=2.5.2 → =2.5.8
uuid	dependencies	minor	1.11.0 → 1.21.0
winapi	dependencies	minor	=0.2.8 → =0.3.9
windows	dependencies	minor	0.51.1 → 0.62.0
windows	dependencies	minor	0.59.0 → 0.62.0
windows	dev-dependencies	minor	0.59.0 → 0.62.0
windows	dependencies	minor	0.51.0 → 0.62.0
windows-sys	dependencies	minor	0.52 → 0.61
windows-sys	dependencies	minor	0.52.0 → 0.61.0
windows-sys	dependencies	minor	0.48.0 → 0.61.0
zip	dependencies	minor	4.0.0 → 4.6.1

---

Release Notes

zakarumych/allocator-api2 (allocator-api2)

v0.4.0

Added

• Implementation of Allocator for &mut A as it was added to core
• Implementation Default for vec::IntoIter
• Suffixed methods to SliceExt

Changed

• Use core::error::Error under "fresh-rust" feature even without "std" feature.
• Serialize for Box<T, A> is relaxed to accept T: ?Sized
• serde_core crate is used instead of serde to remove dependency on serde_derive when some other crate enables "derive" feture in serde

dtolnay/anyhow (anyhow)

v1.0.102

Compare Source

• Remove backtrace dependency (#​438, #​439, #​440, #​441, #​442)

v1.0.101

Compare Source

• Add #[inline] to anyhow::Ok helper (#​437, thanks @​Ibitier)

v1.0.100

Compare Source

• Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#​426)

v1.0.99

Compare Source

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#​420)

v1.0.98

Compare Source

• Add self.into_boxed_dyn_error() and self.reallocate_into_boxed_dyn_error_without_backtrace() methods for anyhow::Error (#​415)

v1.0.97

Compare Source

• Documentation improvements

v1.0.96

Compare Source

• Documentation improvements

v1.0.95

Compare Source

• Add Error::from_boxed (#​401, #​402)

v1.0.94

Compare Source

• Documentation improvements

rust-fuzz/arbitrary (arbitrary)

v1.4.2

Compare Source

Released 2025-08-13.

Added

• Added formal MSRV policy: "We reserve the right to increment the MSRV on minor
  releases, however we will strive to only do it deliberately and for good
  reasons." The current MSRV is 1.63.0.
• Added an Arbitrary implementation for core::cmp::Reverse.

Changed

• Landed a handful of changes to the code generated by #[derive(Arbitrary)]
  that speed up compilation.

Fixed

• Better documented bias and behavior when running out of entropy, fixed some
  outdated and incorrect docs related to this.

---

vorner/arc-swap (arc-swap)

v1.8.2

Compare Source

• Proper gate of Pin (since 1.39 - we are not using only Pin, but also
  Pin::into_inner, #​197).

v1.8.1

Compare Source

• Some more careful orderings (#​195).

v1.8.0

Compare Source

• Support for Pin (#​185, #​183).
• Fix (hopefully) crash on ARM (#​164).
• Fix Miri check (#​186, #​156).
• Fix support for Rust 1.31.0.
• Some minor clippy lints.

rust-lang/backtrace-rs (backtrace)

v0.3.76

Compare Source

Behavior

• Fix inverted polarity of "full printing" logic in #​726:
  Previously we used to do the opposite of what you would expect.

Platform Support

• Windows: Removed hypothetical soundness risk from padding bytes in #​737
• Fuchsia: Added appropriate alignment checks during Elf_Nhdr parsing in #​725
• Cygwin: Added support in #​704
• Windows (32-bit Arm): Restore support in #​685
• NuttX (32-bit Arm): Use builtin _Unwind_GetIP in #​692
• RTEMS: Enable libunwind in #​682

Dependencies

• Update cpp_demangle to 0.5 in #​732
• Update memchr to 2.7.6 in #​734
• Switch from windows-targets to windows-link in #​727
• Update ruzstd to 0.8.1 in #​718
• Update object to 0.37 in #​718
• Update addr2line to 0.25 in #​718

v0.3.75

Compare Source

What's Changed

• Add support for symbolicating APK/ZIP-embedded libraries on Android in #​662
• Support zstd-compressed ELF sections in #​626
• Recognize windows-sys signatures as "C" or "system" depending on cfg in #​677
• Enable libunwind for rtems in #​682
• MSRV is now 1.79

New Contributors

• @​thesummer made their first contribution in #​682
• @​sudoBash418 made their first contribution in #​662
• @​MarcoIeni made their first contribution in #​684
• @​madsmtm made their first contribution in #​681

Full Changelog: rust-lang/backtrace-rs@0.3.74...0.3.75

56quarters/cadence (cadence)

v1.7.0

Compare Source

• Fix an issue with BufferedUdpMetricSink stats not being updated per
  #​227. Thanks to @​danielnorberg
  for this contribution.
• Update the minimum supported Rust version to 1.70 (from 1.60) since 1.60 is
  unreliable in CI.

v1.6.0

Compare Source

• Fix an issue with MultiLineWriter where buffering could cause metrics to
  be emitted out of order per #​218.
  Thanks to @​dwhjames for this fix.
• Add a replace_writer method to MultiLineWriter to allow broken writers to
  be replaced (such as connection oriented writers like TCP streams)
  per #​215.
  Thanks to @​dwhjames for this contribution.

rust-lang/cargo (cargo-platform)

v0.3.0

Compare Source

oli-obk/cargo_metadata (cargo_metadata)

v0.23.1

Compare Source

Changed

• Stabilized build_directory

v0.23.0

Compare Source

Added

• Added FeatureName and PackageName newtype wrappers.

v0.22.0

Compare Source

Added

• Added pub fn env_remove<K: Into<OsString>>(&mut self, key: K) -> &mut MetadataCommand to MetadataCommand.
• Added export of cargo_platform at crate's root module.

Changed

• Updated dependencies:
  • camino from 1.0.7 to 1.1.10
  • cargo_platform from 0.2.0 to 0.3.0
  • derive_builder from 0.12 to 0.20
  • semver from 1.0.7 to 1.0.26
  • serde_json from 1.0.118 to 1.0.142
  • serde from 1.0.136 to 1.0.219
  • thiserror from 2.0.3 to 2.0.12
• Made Dependency's source member the same type as Package's source member: Option<Source>.

v0.21.0

Compare Source

v0.20.0

Compare Source

v0.19.2

Compare Source

v0.19.1

Compare Source

v0.19.0

Compare Source

Added

• Re-exported semver crate directly.
• Added implementation of std::ops::Index<&PackageId> for Resolve.
• Added pub fn is_kind(&self, name: TargetKind) -> bool to Target.
• Added derived implementations of PartialEq, Eq and Hash for Metadata and its members' types.
• Added default fields to PackageBuilder.
• Added pub fn new(name:version:id:path:) -> Self to PackageBuilder for providing all required fields upfront.

Changed

• Bumped MSRV from 1.42.0 to 1.56.0.
• Made parse_stream more versatile by accepting anything that implements Read.
• Converted TargetKind and CrateType to an enum representation.

Removed

• Removed re-exports for BuildMetadata and Prerelease from semver crate.
• Removed .is_lib(…), .is_bin(…), .is_example(…), .is_test(…), .is_bench(…), .is_custom_build(…), and .is_proc_macro(…) from Target (in favor of adding .is_kind(…)).

Fixed

• Added missing manifest_path field to Artifact. Fixes #​187.

mozilla/cbindgen (cbindgen)

v0.29.2

Compare Source

• Request serde's std feature to avoid issues with newer toml versions.

v0.29.1

Compare Source

• cf13c2b enum: Track dependencies properly in enumerations.
  * 307d1e9 constant: Handle cfg in associated constants.
  * 0902d02 Remove "display" feature from the toml crate
  * 9068410 Fix incorrect detection of duplicated constants
  * 451e768 docs: Correct after_include type in example config (fix)
  * aff68c6 cargo update
  * 09666f6 Update toml to 0.9

rust-lang/cc-rs (cc)

v1.2.56

Compare Source

Other

• Regenerate target info (#​1676)
• Fix clang-cl target when cross-compiling (#​1670)

v1.2.55

Compare Source

Other

• Regenerate target info (#​1667)
• Fix RUSTFLAGS typo in test-linker-plugin-lto (#​1665)
• Disable PIC for armv7-sony-vita-newlibeabihf (#​1664)

v1.2.54

Compare Source

Other

• Fix x86_64-unknown-linux-gnuasan parsing (#​1661)
• Regenerate target info (#​1660)

v1.2.53

Compare Source

Other

• Add missing RISC-V targets (#​1657)

v1.2.52

Compare Source

Other

• Fix contradictory doc for CC compiler in crate doc (#​1650)
• Have CUDA compilaion check for sbsa-linux when targeting aarch64. (#​1647)
• Update link for -Cdwarf-version; Remove -Z (stabilized in 1.88) (#​1648)
• Fix Build::env_tool to check for .exe on windows (#​1646)

v1.2.51

Compare Source

Other

• Regenerate target info (#​1642)
• Update Readmes (#​1641)

v1.2.50

Compare Source

Other

• Add tests for OUT_DIR escape for '..' file paths (#​1631)
• Fix #​283: Make warnings(false) actually suppress compiler warnings (#​1633)

v1.2.49

Compare Source

Other

• Fix run_output to prevent infinite blocking (#​1627)
• Fix detect_family deadlock (#​1626)
• Fix link in new debug_str doc comment (#​1625)
• Support more of Cargo's debug levels with Build::debug_str (#​1624)

v1.2.48

Compare Source

Other

• Regenerate target info (#​1620)

v1.2.47

Compare Source

Other

• add helenos linker identifications (#​1615)

v1.2.46

Compare Source

Other

• Add Visual Studio 2026 support (#​1609)

v1.2.45

Compare Source

Other

• Regenerate target info (#​1606)
• Use a default check for the "env" variable in apple_sdk_name (#​1605)

v1.2.44

Compare Source

Other

• Fix debug assertion for env/abi mismatch (#​1604)
• Update CHANGELOG for version 1.2.43 (#​1602)
• Stop passing an invalid target to llvm-mingw's cross-compilation wrappers (#​1495)

v1.2.43

Compare Source

Other

• Fix debug assertion for env/abi mismatch (#​1604)
• Update CHANGELOG for version 1.2.43 (#​1602)
• Stop passing an invalid target to llvm-mingw's cross-compilation wrappers (#​1495)

v1.2.42

Compare Source

Other

• Fix check-semver-checks (#​1600)
• minor improvement for docs (#​1598)
• Fix linker-plugin-lto: use -flto=thin (#​1594)
• Disable check-buildstd for armv7k-apple-watchos (#​1599)
• Add elf abi to ppc64 targets (#​1596)

v1.2.41

Compare Source

Other

• Allow using VCToolsVersion to request a specific msvc version (#​1589)
• Regenerate target info (#​1592)
• Regenerate windows sys bindings (#​1591)
• Update windows-bindgen requirement from 0.64 to 0.65 (#​1590)
• Fix get_base_archiver_variant for clang-cl: use --print-search-dirs (#​1587)

v1.2.40

Compare Source

Other

• Reorder changelog and remove duplicate Unreleased section (#​1579)
• Prefer clang if linker-plugin-lto specified (#​1573)
• Fix building for Mac Catalyst (#​1577)
• Improve ESP microcontroller targets (#​1574)

v1.2.39

Compare Source

Other

• Fix cross compilation to xtensa-esp32s3-espidf (#​1569)
• Fix autodetect_wasi_compiler: support non utf-8 path (#​1568)
• Regenerate target info (#​1567)
• Fix rustcflags mapping: require -Clinker-plugin-lto for -flto (#​1564)
• Use $WASI_SDK_PATH on WASI targets by default (#​1562)
• Fix atomicity violations in concurrent cache operations (#​1559)

v1.2.38

Compare Source

Other

• updated the following local packages: find-msvc-tools

v1.2.37

Compare Source

Other

• Fix errmsg in RustcCodegenFlags::set_rustc_flag (#​1551)
• propagate stack protector to Linux C compilers (#​1550)
• Extract new fn run_commands_in_parallel (#​1549)

v1.2.36

Compare Source

Other

• Regenerate windows sys bindings (#​1548)
• Update windows-bindgen requirement from 0.62 to 0.63 (#​1547)
• Add fn get_ucrt_dir for find-msvc-tools (#​1546)
• Regenerate target info (#​1544)
• fix publish.yml (#​1543)
• Replace periods with underscores as well when parsing env variables (#​1541)

v1.2.35

Compare Source

Fixed

• fix building for aarch64-apple-visionos-sim on nightly (#​1534)
• fix tests apple_sdkroot_wrong (#​1530)

Other

• Regenerate target info (#​1536)
• Optimize Tool::to_command (#​1535)
• Extract find-msvc-tools (#​1531)
• Add prefer_clang_cl_over_msvc (#​1516)

v1.2.34

Compare Source

Fixed

• add -mcpu=mvp and -mmutable-globals for wasm32v1-none (#​1524)

Other

• Optimize parse_version in find_tools.rs (#​1527)
• Fallback to manually searching for tool dir (#​1526)

v1.2.33

Compare Source

Other

• Regenerate target info (#​1521)
• [win][arm64ec] Add testing for Arm64EC Windows (#​1512)
• Fix parsing of nigthly targets (#​1517)
• [win][arm64ec] Fix finding assembler and setting is_arm for Arm64EC (#​1511)

v1.2.32

Compare Source

Fixed

• fix new clippy lint introduced in rust 1.89.0 (#​1509)

Other

• clarify cargo default if no rerun emitted (#​1508)
• extract compile_objects_sequential (#​1507)
• Windows find_tools: add support for finding Clang (#​1506)
• Add m68k-unknown-linux-gnu cross-compile target (#​1505)

v1.2.31

Compare Source

Other

• Add doc for using sccache/ccache etc (#​1502)
• ability to statically link against C++ stdlib (#​1497)
• Add instructions on using sccache (#​1503)
• Add support for recognizing some architectures supported by GCC, but not LLVM. (#​1500)

v1.2.30

Compare Source

Other

• define _REENTRANT by default (#​1496)

v1.2.29

Compare Source

Other

• Fix target parsing for powerpc (#​1490)

v1.2.28

Compare Source

Other

• Recognize mlibc environment (#​1488)
• Fix clippy warnings about not using variables in format! strings (#​1489)

v1.2.27

Compare Source

Other

• Regenerate windows sys bindings (#​1485)
• Update windows-bindgen requirement from 0.61 to 0.62 (#​1484)
• Regenerate target info (#​1483)

v1.2.26

Compare Source

Other

• Also set SDKROOT when building apple platforms (#​1475)
• use windows 2022 in CI (#​1479)
• Detect -Wslash-u-filename warning on clang-cl (#​1477)

v1.2.25

Compare Source

Other

• make powerp64 use powerpc64-linux-gnu prefix (#​1474)

v1.2.24

Compare Source

Other

• Regenerate windows sys bindings (#​1471)

v1.2.23

Compare Source

Other

• support "vxworks" and "nto" OSes on get_base_archiver_variant (#​1456)

v1.2.22

Compare Source

Other

• Add flags method to cc::Build for adding multiple flags (#​1466)

v1.2.21

Compare Source

Other

• Fix wasm32-unknown-unknown by passing -c (#​1424)

v1.2.20

Compare Source

Other

• Regenerate target info (#​1461)
• Fix parser.rs on latest rustc nightly (#​1459)

v1.2.19

Compare Source

Other

• Fix musl compilation: Add musl as a prefix fallback (#​1455)

v1.2.18

Compare Source

Other

• Regenerate target info (#​1450)
• Use std::thread::available_parallelism for determining the default number of jobs (#​1447)
• Fix mips64-openwrt-linux-musl parsing (#​1449)
• Use compiler prefix x86_64-linux-musl (#​1443)

chronotope/chrono (chrono)

v0.4.44: 0.4.44

Compare Source

What's Changed

• docs: match MSRV with Cargo.toml contents by @​coryan in #​1772
• Add track_caller to non-deprecated functions by @​svix-jplatte in #​1774

v0.4.43: 0.4.43

Compare Source

What's Changed

• Install extra components for lint workflow by @​djc in #​1741
• Upgrade windows-bindgen to 0.64 by @​djc in #​1742
• Improve windows-bindgen setup by @​djc in #​1744
• Drop stabilized feature doc_auto_cfg by @​djc in #​1745
• Faster RFC 3339 parsing by @​djc in #​1748
• Update windows-bindgen requirement from 0.64 to 0.65 by @​dependabot[bot] in #​1751
• add NaiveDate::abs_diff by @​Kinrany in #​1752
• Add feature gated defmt support. by @​pebender in #​1747
• Drop deny lints, eager Debug impls are a mixed blessing by @​djc in #​1753
• chore: minor improvement for docs by @​spuradage in #​1756
• Added doctest for the NaiveDate years_since fun

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[dd-octo-sts]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: .github/actions/clippy-annotation-reporter/Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path .github/actions/clippy-annotation-reporter/Cargo.toml --package anyhow@1.0.98 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path bin_tests/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path builder/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-ffe/Cargo.toml --package chrono@0.4.38 --precise 0.4.44
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-ipc/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-ipc/tarpc/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-live-debugger/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-profiling-replayer/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-sidecar/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-alloc/Cargo.toml --package allocator-api2@0.2.21 --precise 0.4.0
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-common/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-crashtracker-ffi/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-crashtracker/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-data-pipeline/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-library-config-ffi/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-library-config/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-profiling-ffi/Cargo.toml --package allocator-api2@0.2.21 --precise 0.4.0
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-profiling/Cargo.toml --package allocator-api2@0.2.21 --precise 0.4.0
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-telemetry/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-trace-normalization/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-trace-obfuscation/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-trace-stats/Cargo.toml --package criterion@0.5.1 --precise 0.8.2
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-trace-utils/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path spawn_worker/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path tools/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path tools/sidecar_mockgen/Cargo.toml --package object@0.31.1 --precise 0.38.1
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --package hyper@1.6.0 --precise 1.8.1
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path build-common/Cargo.toml --package cbindgen@0.29.0 --precise 0.29.2
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-ffe-ffi/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-ipc-macros/Cargo.toml --package quote@1.0.37 --precise 1.0.45
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-ipc/plugins/Cargo.toml --package futures@0.3.31 --precise 0.3.32
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-live-debugger-ffi/Cargo.toml --package log@0.4.27 --precise 0.4.29
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-remote-config/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-sidecar-ffi/Cargo.toml --package http@1.1.0 --precise 1.4.0
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-sidecar-macros/Cargo.toml --package quote@1.0.37 --precise 1.0.45
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path datadog-tracer-flare/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-common-ffi/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-data-pipeline-ffi/Cargo.toml --package httpmock@0.8.0-alpha.1 --precise 0.8.3
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-ddsketch/Cargo.toml --package protoc-bin-vendored@3.1.0 --precise 3.2.0
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-dogstatsd-client/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-libunwind-sys/Cargo.toml --package cc@1.2.17 --precise 1.2.56
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-log/Cargo.toml --package chrono@0.4.38 --precise 0.4.44
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-profiling-protobuf/Cargo.toml --package bolero@0.13.0 --precise 0.13.4
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-telemetry-ffi/Cargo.toml --package libc@0.2.178 --precise 0.2.182
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-tinybytes/Cargo.toml --package proptest@1.5.0 --precise 1.10.0
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: libdd-trace-normalization/fuzz/Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-trace-normalization/fuzz/Cargo.toml --package libfuzzer-sys@0.4.10 --precise 0.4.12
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path libdd-trace-protobuf/Cargo.toml --package protoc-bin-vendored@3.1.0 --precise 3.2.0
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path tests/spawn_from_lib/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path tools/cc_utils/Cargo.toml --package anyhow@1.0.93 --precise 1.0.102
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

[github-actions]

📚 Documentation Check Results

✅ No documentation warnings found!

📦 clippy-annotation-reporter - ✅ No warnings

📦 libdd-alloc - ✅ No warnings

📦 libdd-common - ✅ No warnings

📦 libdd-crashtracker - ✅ No warnings

📦 libdd-data-pipeline - ✅ No warnings

📦 libdd-library-config - ✅ No warnings

📦 libdd-profiling - ✅ No warnings

📦 libdd-telemetry - ✅ No warnings

📦 libdd-trace-normalization - ✅ No warnings

📦 libdd-trace-obfuscation - ✅ No warnings

📦 libdd-trace-stats - ✅ No warnings

📦 libdd-trace-utils - ✅ No warnings

---

Updated: 2026-03-05 20:01:17 UTC | Commit: b58a853 | missing-docs job results

[github-actions]

🔒 Cargo Deny Results

⚠️ 3 issue(s) found, showing only errors (advisories, bans, sources)

📦 clippy-annotation-reporter - 3 error(s)

Show output

error[vulnerability]: Integer overflow in `BytesMut::reserve`
   ┌─ /home/runner/work/libdatadog/libdatadog/.github/actions/clippy-annotation-reporter/Cargo.lock:26:1
   │
26 │ bytes 1.10.1 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0007
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0007
   ├ In the unique reclaim path of `BytesMut::reserve`, the condition
     ```rs
     if v_capacity >= new_cap + offset
     ```
     uses an unchecked addition. When `new_cap + offset` overflows `usize` in release builds, this condition may incorrectly pass, causing `self.cap` to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as `spare_capacity_mut()` then trust this corrupted `cap` value and may create out-of-bounds slices, leading to UB.
     
     This behavior is observable in release builds (integer overflow wraps), whereas debug builds panic due to overflow checks.
     
     ## PoC
     
     ```rs
     use bytes::*;
     
     fn main() {
         let mut a = BytesMut::from(&b"hello world"[..]);
         let mut b = a.split_off(5);
     
         // Ensure b becomes the unique owner of the backing storage
         drop(a);
     
         // Trigger overflow in new_cap + offset inside reserve
         b.reserve(usize::MAX - 6);
     
         // This call relies on the corrupted cap and may cause UB & HBO
         b.put_u8(b'h');
     }
     ```
     
     # Workarounds
     
     Users of `BytesMut::reserve` are only affected if integer overflow checks are configured to wrap. When integer overflow is configured to panic, this issue does not apply.
   ├ Announcement: https://github.com/advisories/GHSA-434x-w66g-qw3r
   ├ Solution: Upgrade to >=1.11.1 (try `cargo update -p bytes`)
   ├ bytes v1.10.1
     ├── h2 v0.4.13
     │   └── hyper v1.6.0
     │       ├── httpmock v0.8.3
     │       │   └── (dev) clippy-annotation-reporter v0.1.0
     │       ├── hyper-rustls v0.27.6
     │       │   └── octocrab v0.49.5
     │       │       └── clippy-annotation-reporter v0.1.0 (*)
     │       ├── hyper-timeout v0.5.2
     │       │   └── octocrab v0.49.5 (*)
     │       ├── hyper-util v0.1.13
     │       │   ├── httpmock v0.8.3 (*)
     │       │   ├── hyper-rustls v0.27.6 (*)
     │       │   ├── hyper-timeout v0.5.2 (*)
     │       │   └── octocrab v0.49.5 (*)
     │       └── octocrab v0.49.5 (*)
     ├── headers v0.4.1
     │   └── httpmock v0.8.3 (*)
     ├── http v1.3.1
     │   ├── (dev) clippy-annotation-reporter v0.1.0 (*)
     │   ├── h2 v0.4.13 (*)
     │   ├── headers v0.4.1 (*)
     │   ├── headers-core v0.3.0
     │   │   └── headers v0.4.1 (*)
     │   ├── http-body v1.0.1
     │   │   ├── http-body-util v0.1.3
     │   │   │   ├── httpmock v0.8.3 (*)
     │   │   │   └── octocrab v0.49.5 (*)
     │   │   ├── hyper v1.6.0 (*)
     │   │   ├── hyper-util v0.1.13 (*)
     │   │   ├── octocrab v0.49.5 (*)
     │   │   └── tower-http v0.6.4
     │   │       └── octocrab v0.49.5 (*)
     │   ├── http-body-util v0.1.3 (*)
     │   ├── httpmock v0.8.3 (*)
     │   ├── hyper v1.6.0 (*)
     │   ├── hyper-rustls v0.27.6 (*)
     │   ├── hyper-util v0.1.13 (*)
     │   ├── octocrab v0.49.5 (*)
     │   └── tower-http v0.6.4 (*)
     ├── http-body v1.0.1 (*)
     ├── http-body-util v0.1.3 (*)
     ├── httpmock v0.8.3 (*)
     ├── hyper v1.6.0 (*)
     ├── hyper-util v0.1.13 (*)
     ├── octocrab v0.49.5 (*)
     ├── tokio v1.45.1
     │   ├── clippy-annotation-reporter v0.1.0 (*)
     │   ├── h2 v0.4.13 (*)
     │   ├── httpmock v0.8.3 (*)
     │   ├── hyper v1.6.0 (*)
     │   ├── hyper-rustls v0.27.6 (*)
     │   ├── hyper-timeout v0.5.2 (*)
     │   ├── hyper-util v0.1.13 (*)
     │   ├── octocrab v0.49.5 (*)
     │   ├── tokio-rustls v0.26.2
     │   │   └── hyper-rustls v0.27.6 (*)
     │   ├── tokio-util v0.7.15
     │   │   ├── h2 v0.4.13 (*)
     │   │   └── tower v0.5.2
     │   │       ├── octocrab v0.49.5 (*)
     │   │       └── tower-http v0.6.4 (*)
     │   └── tower v0.5.2 (*)
     ├── tokio-util v0.7.15 (*)
     └── tower-http v0.6.4 (*)

error[vulnerability]: Marvin Attack: potential key recovery through timing sidechannels
    ┌─ /home/runner/work/libdatadog/libdatadog/.github/actions/clippy-annotation-reporter/Cargo.lock:177:1
    │
177 │ rsa 0.9.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2023-0071
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0071
    ├ ### Impact
      Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.
      
      ### Patches
      No patch is yet available, however work is underway to migrate to a fully constant-time implementation.
      
      ### Workarounds
      The only currently available workaround is to avoid using the `rsa` crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.
      
      ### References
      This vulnerability was discovered as part of the "[Marvin Attack]", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.
      
      [Marvin Attack]: https://people.redhat.com/~hkario/marvin/
    ├ Announcement: https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643
    ├ Solution: No safe upgrade is available!
    ├ rsa v0.9.10
      └── jsonwebtoken v10.3.0
          └── octocrab v0.49.5
              └── clippy-annotation-reporter v0.1.0

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/.github/actions/clippy-annotation-reporter/Cargo.lock:227:1
    │
227 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      └── simple_asn1 v0.6.3
          └── jsonwebtoken v10.3.0
              └── octocrab v0.49.5
                  └── clippy-annotation-reporter v0.1.0

advisories FAILED, bans ok, sources ok

📦 libdd-alloc - ✅ No issues

📦 libdd-common - ✅ No issues

📦 libdd-crashtracker - ✅ No issues

📦 libdd-data-pipeline - ✅ No issues

📦 libdd-library-config - ✅ No issues

📦 libdd-profiling - ✅ No issues

📦 libdd-telemetry - ✅ No issues

📦 libdd-trace-normalization - ✅ No issues

📦 libdd-trace-obfuscation - ✅ No issues

📦 libdd-trace-stats - ✅ No issues

📦 libdd-trace-utils - ✅ No issues

---

Updated: 2026-03-05 20:04:56 UTC | Commit: b58a853 | dependency-check job results