Skip to content

build(deps): bump rustls-webpki from 0.104.0-alpha.6 to 0.104.0-alpha.7#117

Merged
djc merged 1 commit intomainfrom
dependabot/cargo/rustls-webpki-0.104.0-alpha.7
Apr 29, 2026
Merged

build(deps): bump rustls-webpki from 0.104.0-alpha.6 to 0.104.0-alpha.7#117
djc merged 1 commit intomainfrom
dependabot/cargo/rustls-webpki-0.104.0-alpha.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026

Bumps rustls-webpki from 0.104.0-alpha.6 to 0.104.0-alpha.7.

Release notes

Sourced from rustls-webpki's releases.

0.104.0-alpha.7

  • Fix reachable panic in parsing a CRL. This was reported to us as GHSA-82j2-j2ch-gfr8. Users who don't use CRLs are not affected.
  • For name constraints on URI names, we incorrectly processed excluded subtrees in a way which inverted the desired meaning. See rustls/webpki#471. This was a case missing in the fix for GHSA-965h-392x-2mh5.

What's Changed

Full Changelog: rustls/webpki@v/0.104.0-alpha.6...v/0.104.0-alpha.7

Commits
  • d3b9a6d Improve tests for padding of BitStringFlags
  • 1ab78e1 Correct validation of BIT STRING constraints
  • 0a011f7 Adjust imports for tests
  • c6996cf Bump version to 0.104.0-alpha.7
  • 4ad751f Actually fail closed for URI matching against excluded subtrees
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump rustls-webpki from 0.104.0-alpha.6 to 0.104.0-alpha.7
385c506 
Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.104.0-alpha.6 to 0.104.0-alpha.7.
- [Release notes](https://github.com/rustls/webpki/releases)
- [Commits](rustls/webpki@v/0.104.0-alpha.6...v/0.104.0-alpha.7)

---
updated-dependencies:
- dependency-name: rustls-webpki
  dependency-version: 0.104.0-alpha.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Apr 29, 2026
@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented Apr 29, 2026

Merging this PR will not alter performance

✅ 4 untouched benchmarks

Comparing dependabot/cargo/rustls-webpki-0.104.0-alpha.7 (385c506) with main (98e23c4)

Open in CodSpeed

@djc djc added this pull request to the merge queue Apr 29, 2026
Merged via the queue into main with commit cac9eed Apr 29, 2026
9 checks passed
@djc djc deleted the dependabot/cargo/rustls-webpki-0.104.0-alpha.7 branch April 29, 2026 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@djc djc djc approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@djc