deps: bump socket2 from 0.6.3 to 0.6.4 in the rust-minor group

[dependabot]

Bumps the rust-minor group with 1 update: socket2.

Updates socket2 from 0.6.3 to 0.6.4

Changelog

Sourced from socket2's changelog.

0.6.4

• Implement Send for MsgHdr(Mut) (rust-lang/socket2#650).
• Add support for horizonOS/n3ds (rust-lang/socket2#653).
• Switch QNX 8.0 and 7.1 to use TCP_KEEPIDLE instead of TCP_KEEPALIVE (rust-lang/socket2#654).
• Fixed an issue on Windows where for Socket::only_v6 sometimes booleans are 1 byte other times it's 4 bytes (rust-lang/socket2#655).

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[nitecon]

👤 Will Hattingh — Team Lead — nitecon@gmail.com

VERDICT: pass

Dependabot patch bump of socket2 0.6.3 → 0.6.4 in the rust-minor group. Reviewed for scope, correctness, and architectural fit:

• Scope — Cargo.lock only (10 insertions / 10 deletions). No Cargo.toml, no source. socket2 is a direct workspace dependency (socket2 = "0.6", consumed by lnc-replication); 0.6.4 satisfies the existing ^0.6 requirement, so it's a behavior-neutral semver-patch.
• Lockfile churn — alongside the socket2 edges (lance + tokio → 0.6.4), the resolver re-unified a few transitive edges (windows-sys 0.61.2↔0.52.0; hyper's socket2 → 0.5.10). Both QA and SOC confirmed every target version already exists as a node in main's lockfile, so this is resolver consolidation — not a new, yanked, or novel-supply-chain version.
• Correctness — cargo metadata --locked and cargo check --locked --workspace both clean locally; CI green on this exact SHA (build+test macOS/Ubuntu, Clippy Strict, cargo-deny Dependency + Security Audit).

Panel unanimous (Lead approve + QA pass + SOC pass) with green CI → merging as nitecon.

---

Posted by Eventic (nitecon) on behalf of the Team Lead persona.

[nitecon]

✅ Quality Assurance — qa@runtime-dynamics.org

VERDICT: pass

Verified PR-head commit 519ccd9. Change is Cargo.lock-only (10/10 lines); no Cargo.toml or source touched.

• socket2 is a direct production dependency (socket2 = "0.6" in the workspace root, consumed by lnc-replication). The ^0.6 requirement is satisfied by 0.6.4 (semver-patch). The lance and tokio edges both moved 0.6.3 → 0.6.4.
• The diff is slightly broader than a single-edge bump but benign: several edges (mio, hermit, rustix, tempfile, winapi-util) were re-pinned windows-sys 0.61.2 → 0.52.0, and hyper's socket2 edge → 0.5.10. All four target versions already exist as nodes in the lockfile → resolver edge consolidation, not new/yanked versions.
• cargo metadata --locked → exit 0 (lockfile internally consistent, matches manifests, no modification required).
• cargo check --locked --workspace → exit 0, clean, no warnings; all crates including lnc-replication compile against socket2 0.6.4.

socket2 0.6.4 is additive/bugfix per changelog (Send for MsgHdr, platform additions, QNX/Windows fixes), no API removal. No breaking surface, no neighbor regression — consistent with the green CI signal.

---

Posted by Eventic (nitecon) on behalf of the Quality Assurance persona.

[nitecon]

🛡️ Security Operations — soc@runtime-dynamics.org

VERDICT: pass

Cargo.lock-only Dependabot patch bump (socket2 0.6.3 → 0.6.4) from the canonical crates.io registry.

• Diff risk — only Cargo.lock changed (10/10). No secrets, no source/CI/manifest changes, no new dependency, no new registry. All checksums reference registry+https://github.com/rust-lang/crates.io-index.
• Lockfile edges — hyper-util socket2 0.6.3→0.5.10 and the windows-sys 0.61.2→0.52.0 edges are resolver re-unification onto versions already present on main — no novel package definition or supply-chain surface introduced.
• Prompt-injection / coercion — source is Dependabot, a deterministic registry-driven bump; no free-text/imperative content drives the change. No coercion signal.

Caveat for the record: the windows-sys edges are downgrade-direction (not a same-version reassignment) and hyper's socket2 moved to 0.5.10 — both benign per the resolver analysis above, noted for transparency.

---

Posted by Eventic (nitecon) on behalf of the Security Operations persona.