Skip to content

build(deps): bump the patch group across 2 directories with 8 updates#486

Merged
Benoît Cortier (CBenoit) merged 7 commits intomasterfrom
dependabot/cargo/patch-3376e1ac84
May 8, 2026
Merged

build(deps): bump the patch group across 2 directories with 8 updates#486
Benoît Cortier (CBenoit) merged 7 commits intomasterfrom
dependabot/cargo/patch-3376e1ac84

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps the patch group with 7 updates in the / directory:

Package From To
reqwest 0.13.2 0.13.3
digest 0.11.2 0.11.3
pbkdf2 0.13.0-rc.10 0.13.0
signature 3.0.0-rc.10 3.0.0
pkcs8 0.11.0-rc.11 0.11.0
rfc6979 0.5.0-rc.5 0.5.0
embed-resource 3.0.8 3.0.9

Bumps the patch group with 1 update in the /ffi/wasm directory: wasm-bindgen-test.

Updates reqwest from 0.13.2 to 0.13.3

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.
Commits

Updates digest from 0.11.2 to 0.11.3

Commits
  • 2fb9ed8 Release digest v0.11.3 (#2402)
  • 086cf38 digest: add TryCustomizedInit trait (#2395)
  • 9488e7e signature v3.0.0 (#2400)
  • 2917d19 build(deps): bump the all-deps group across 1 directory with 4 updates (#2398)
  • 7b029ba signature: add AsyncVerifier, AsyncMultipartVerifier, `AsyncDigestVerifie...
  • c6d4dd7 elliptic-curve v0.14.0-rc.32 (#2399)
  • f2069a2 elliptic-curve: bump pkcs8 to v0.11 (#2397)
  • 8250383 elliptic-curve: bump pkcs8 to v0.11.0-rc.12 (#2396)
  • 54e464f signature: remove long-winded intro section in rustdoc (#2392)
  • 5cb62a4 signature: enable/fix workspace-level lints; reformat docs (#2391)
  • Additional commits viewable in compare view

Updates pbkdf2 from 0.13.0-rc.10 to 0.13.0

Commits

Updates signature from 3.0.0-rc.10 to 3.0.0

Commits
  • 9488e7e signature v3.0.0 (#2400)
  • 2917d19 build(deps): bump the all-deps group across 1 directory with 4 updates (#2398)
  • 7b029ba signature: add AsyncVerifier, AsyncMultipartVerifier, `AsyncDigestVerifie...
  • c6d4dd7 elliptic-curve v0.14.0-rc.32 (#2399)
  • f2069a2 elliptic-curve: bump pkcs8 to v0.11 (#2397)
  • 8250383 elliptic-curve: bump pkcs8 to v0.11.0-rc.12 (#2396)
  • 54e464f signature: remove long-winded intro section in rustdoc (#2392)
  • 5cb62a4 signature: enable/fix workspace-level lints; reformat docs (#2391)
  • 375378f elliptic-curve: consistent PKCS#8 / SEC1 naming in secret_key.rs (#2388)
  • 30a48ab elliptic-curve: add mul_by_generator(_vartime) benchmarks (#2389)
  • Additional commits viewable in compare view

Updates pkcs8 from 0.11.0-rc.11 to 0.11.0

Commits

Updates rfc6979 from 0.5.0-rc.5 to 0.5.0

Commits

Updates embed-resource from 3.0.8 to 3.0.9

Commits

Updates wasm-bindgen-test from 0.3.68 to 0.3.71

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the patch group across 2 directories with 8 updates
cf33bc9 
Bumps the patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.13.2` | `0.13.3` |
| [digest](https://github.com/RustCrypto/traits) | `0.11.2` | `0.11.3` |
| [pbkdf2](https://github.com/RustCrypto/password-hashes) | `0.13.0-rc.10` | `0.13.0` |
| [signature](https://github.com/RustCrypto/traits) | `3.0.0-rc.10` | `3.0.0` |
| [pkcs8](https://github.com/RustCrypto/formats) | `0.11.0-rc.11` | `0.11.0` |
| [rfc6979](https://github.com/RustCrypto/signatures) | `0.5.0-rc.5` | `0.5.0` |
| [embed-resource](https://github.com/nabijaczleweli/rust-embed-resource) | `3.0.8` | `3.0.9` |

Bumps the patch group with 1 update in the /ffi/wasm directory: [wasm-bindgen-test](https://github.com/wasm-bindgen/wasm-bindgen).


Updates `reqwest` from 0.13.2 to 0.13.3
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.13.2...v0.13.3)

Updates `digest` from 0.11.2 to 0.11.3
- [Commits](RustCrypto/traits@digest-v0.11.2...digest-v0.11.3)

Updates `pbkdf2` from 0.13.0-rc.10 to 0.13.0
- [Commits](RustCrypto/password-hashes@pbkdf2-v0.13.0-rc.10...pbkdf2-v0.13.0)

Updates `signature` from 3.0.0-rc.10 to 3.0.0
- [Commits](RustCrypto/traits@signature-v3.0.0-rc.10...signature-v3.0.0)

Updates `pkcs8` from 0.11.0-rc.11 to 0.11.0
- [Commits](RustCrypto/formats@pkcs8/v0.11.0-rc.11...pkcs8/v0.11.0)

Updates `rfc6979` from 0.5.0-rc.5 to 0.5.0
- [Commits](RustCrypto/signatures@rfc6979/v0.5.0-rc.5...rfc6979/v0.5.0)

Updates `embed-resource` from 3.0.8 to 3.0.9
- [Release notes](https://github.com/nabijaczleweli/rust-embed-resource/releases)
- [Commits](nabijaczleweli/rust-embed-resource@v3.0.8...v3.0.9)

Updates `wasm-bindgen-test` from 0.3.68 to 0.3.71
- [Release notes](https://github.com/wasm-bindgen/wasm-bindgen/releases)
- [Changelog](https://github.com/wasm-bindgen/wasm-bindgen/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wasm-bindgen/wasm-bindgen/commits)

---
updated-dependencies:
- dependency-name: reqwest
  dependency-version: 0.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
- dependency-name: digest
  dependency-version: 0.11.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
- dependency-name: pbkdf2
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
- dependency-name: signature
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
- dependency-name: pkcs8
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
- dependency-name: rfc6979
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
- dependency-name: embed-resource
  dependency-version: 3.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
- dependency-name: wasm-bindgen-test
  dependency-version: 0.3.71
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 8, 2026
@dependabot dependabot Bot mentioned this pull request May 8, 2026
Closed
CBenoit
Benoît Cortier (CBenoit) reviewed May 8, 2026
View reviewed changes
Comment thread picky/Cargo.toml
CBenoit
Benoît Cortier (CBenoit) reviewed May 8, 2026
View reviewed changes
Comment thread picky/Cargo.toml Outdated
CBenoit
Benoît Cortier (CBenoit) reviewed May 8, 2026
View reviewed changes
Comment thread picky-krb/Cargo.toml Outdated
CBenoit
Benoît Cortier (CBenoit) reviewed May 8, 2026
View reviewed changes
Comment thread picky/Cargo.toml Outdated
@CBenoit Benoît Cortier (CBenoit) enabled auto-merge (squash) May 8, 2026 12:33
@CBenoit
Copy link
Copy Markdown
Member

Benoît Cortier (CBenoit) commented May 8, 2026

Copilot Investigate the compilation errors: https://github.com/Devolutions/picky-rs/actions/runs/25555600954/job/75014323589?pr=486

auto-merge was automatically disabled May 8, 2026 12:37

Head branch was pushed to by a user without write access

Copy link
Copy Markdown
Contributor

Copilot AI commented May 8, 2026

Copilot Investigate the compilation errors: https://github.com/Devolutions/picky-rs/actions/runs/25555600954/job/75014323589?pr=486

The ffi/wasm/Cargo.lock still had pbkdf2 locked to 0.13.0-rc.10, while picky's direct dependency was updated to 0.13.0 stable. With --locked, Cargo couldn't reconcile the two versions. Fixed in 564c255 by running cargo update -p pbkdf2 in ffi/wasm/ to update the lockfile to 0.13.0.

@CBenoit Benoît Cortier (CBenoit) enabled auto-merge (squash) May 8, 2026 12:44
@CBenoit
Copy link
Copy Markdown
Member

Benoît Cortier (CBenoit) commented May 8, 2026

Copilot CI is still failing: https://github.com/Devolutions/picky-rs/actions/runs/25555941709/job/75015936638?pr=486

Also run, locally to verify the compilation is working.

@CBenoit
Fix compilation errors: add crypto-common dep back, bump rsa to rc.18…
cc4b273 
… for pkcs8 0.11.0 compat

Agent-Logs-Url: https://github.com/Devolutions/picky-rs/sessions/069b99f5-0610-4109-bd7b-f8ba35c6581c

Co-authored-by: CBenoit <3809077+CBenoit@users.noreply.github.com>
auto-merge was automatically disabled May 8, 2026 13:23

Head branch was pushed to by a user without write access

Copy link
Copy Markdown
Contributor

Copilot AI commented May 8, 2026

Copilot CI is still failing: https://github.com/Devolutions/picky-rs/actions/runs/25555941709/job/75015936638?pr=486

Also run, locally to verify the compilation is working.

Two issues were causing the failures (fixed in cc4b273):

  1. unresolved import crypto_commoncrypto-common was removed from picky/Cargo.toml's direct dependencies entirely, but key/mod.rs and jose/jwe.rs both use crypto_common::Generate as _. Added it back as a plain crypto-common = "0.2" dep outside the pin block.

  2. rsa + pkcs8 0.11.0 incompatibilityrsa 0.10.0-rc.17 uses pkcs8::Error::KeyMalformed as a unit variant, but in the stable pkcs8 0.11.0 it became KeyMalformed(KeyError) (tuple). Bumped rsa to =0.10.0-rc.18 which was updated for pkcs8 0.11.0 compatibility. Lock files updated accordingly.

Verified locally with cargo check --locked --workspace --all-features — no errors.

@CBenoit Benoît Cortier (CBenoit) enabled auto-merge (squash) May 8, 2026 14:32
@CBenoit Benoît Cortier (CBenoit) merged commit cea4919 into master May 8, 2026
11 checks passed
@CBenoit Benoît Cortier (CBenoit) deleted the dependabot/cargo/patch-3376e1ac84 branch May 8, 2026 14:36
@devolutionsbot devolutionsbot mentioned this pull request May 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CBenoit Benoît Cortier (CBenoit) Awaiting requested review from CBenoit

1 more reviewer

Copilot code review Copilot Copilot left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@CBenoit Benoît Cortier (CBenoit)

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CBenoit