Skip to content

Bump the cargo group across 1 directory with 9 updates#1

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/src-tauri/cargo-37484ab793
Open

Bump the cargo group across 1 directory with 9 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/src-tauri/cargo-37484ab793

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 3, 2026

Bumps the cargo group with 9 updates in the /src-tauri directory:

Package From To
zip 2.2.0 7.0.0
bytes 1.8.0 1.11.1
crossbeam-channel 0.5.13 0.5.15
openssl 0.10.68 0.10.75
ring 0.17.8 0.17.14
rsa 0.9.6 0.9.10
rustls 0.23.16 0.23.23
tokio 1.41.0 1.42.1
xcb 1.4.0 1.7.0

Updates zip from 2.2.0 to 7.0.0

Release notes

Sourced from zip's releases.

v7.0.0

⚠️ Breaking Changes

  • Removed the following features: getrandom, hmac, pbkdf2, sha1, zeroize.
  • Removed lzma-static and xz-static feature flags, which were deprecated synonyms of lzma and xz. (#405, #425)

🚀 Features

  • (SimpleFileOptions) const DEFAULT implementation (#474)
  • ZipWriter set_auto_large_file() method to enable large-file data descriptor when necessary (#468)

🐛 Bug Fixes

  • print previous error when failing to search another cde (#460)
  • cargo doc warnings (#472)
  • Write ZIP64 data descriptors when large_file option is true (#467)
  • Pin generic-array to an old version to work around RustCrypto/traits#2036 until next RustCrypto & aes-crypto releases (#458)

⚙️ Miscellaneous Tasks

  • Revert version bump so that release-plz will trigger
  • expose more flate2 feature flags (#476)
  • Next release will be 7.0.0
  • release v6.0.0 (#442)

Deps

  • Bump lzma-rust2 to v0.15 (#465)*] Remove lzma-static and xz-static feature flags, which are deprecated synonyms of lzma and xz. (#405, #425)

v6.0.0

🐛 Bug Fixes

  • panic when reading empty extended-timestamp field (#404) (#422)
  • Restore original file timestamp when unzipping with chrono (#46)

⚙️ Miscellaneous Tasks

  • Configure Amazon Q rules (#421)

v5.1.1

🐛 Bug Fixes

  • panic when reading empty extended-timestamp field (#404) (#422)
  • Restore original file timestamp when unzipping with chrono (#46)

⚙️ Miscellaneous Tasks

  • Configure Amazon Q rules (#421)

v5.1.0

... (truncated)

Changelog

Sourced from zip's changelog.

7.0.0 - 2025-12-05

⚠️ Breaking Changes

  • Removed the following features: getrandom, hmac, pbkdf2, sha1, zeroize.
  • Removed lzma-static and xz-static feature flags, which were deprecated synonyms of lzma and xz. (#405, #425)

🚀 Features

  • (SimpleFileOptions) const DEFAULT implementation (#474)
  • ZipWriter set_auto_large_file() method to enable large-file data descriptor when necessary (#468)

🐛 Bug Fixes

  • print previous error when failing to search another cde (#460)
  • cargo doc warnings (#472)
  • Write ZIP64 data descriptors when large_file option is true (#467)
  • Pin generic-array to an old version to work around RustCrypto/traits#2036 until next RustCrypto & aes-crypto releases (#458)

⚙️ Miscellaneous Tasks

  • Revert version bump so that release-plz will trigger
  • expose more flate2 feature flags (#476)
  • Next release will be 7.0.0
  • release v6.0.0 (#442)

Deps

  • Bump lzma-rust2 to v0.15 (#465)

6.0.0 - 2025-10-09

🚀 Features

  • Add by_index_with_options(), which can be used to ignore encryption in a file's metadata (#439) and may be used for other file-specific overrides in the future.

⚙️ Miscellaneous Tasks

  • [breaking] FileOptions::add_extra_data is now generic and accepts any AsRef<[u8]>. (#435)

5.1.1 - 2025-09-11

🐛 Bug Fixes

  • panic when reading empty extended-timestamp field (#404) (#422)
  • Restore original file timestamp when unzipping with chrono (#46)

⚙️ Miscellaneous Tasks

  • Configure Amazon Q rules (#421)

... (truncated)

Commits
  • c864a14 chore: release v7.0.0 (#482)
  • 8085fe5 fix: print previous error when failing to search another cde (#460)
  • aa8f933 chore: Revert version bump so that release-plz will trigger
  • 13005c5 ci: Fix? run apt-get update at start of miri job
  • f99a32f chore: expose more flate2 feature flags (#476)
  • 9b5dd0b feat(SimpleFileOptions): const DEFAULT implementation (#474)
  • a8a4729 ci: Fix: Miri now requires g++, not just gcc (#477)
  • 57d26a7 fix: cargo doc warnings (#472)
  • 69533f1 feat: ZipWriter set_auto_large_file() method to enable large-file data desc...
  • fadbd48 chore(deps): update lzma-rust2 requirement from 0.13 to 0.14 (#450)
  • Additional commits viewable in compare view

Updates bytes from 1.8.0 to 1.11.1

Release notes

Sourced from bytes's releases.

Bytes v1.11.1

1.11.1 (February 3rd, 2026)

  • Fix integer overflow in BytesMut::reserve

Bytes v1.11.0

1.11.0 (November 14th, 2025)

  • Bump MSRV to 1.57 (#788)

Fixed

  • fix: BytesMut only reuse if src has remaining (#803)
  • Specialize BytesMut::put::<Bytes> (#793)
  • Reserve capacity in BytesMut::put (#794)
  • Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

  • Guarantee address in slice() for empty slices. (#780)
  • Rename Vtable::to_* -> Vtable::into_* (#776)
  • Fix latest clippy warnings (#787)
  • Ignore BytesMut::freeze doctest on wasm (#790)
  • Move drop_fn of from_owner into vtable (#801)

Bytes v1.10.1

1.10.1 (March 5th, 2025)

Fixed

  • Fix memory leak when using to_vec with Bytes::from_owner (#773)

#773: tokio-rs/bytes#773

Bytes v1.10.0

1.10.0 (February 3rd, 2025)

Added

  • Add feature to support platforms without atomic CAS (#467)
  • try_get_* methods for Buf trait (#753)
  • Implement Buf::chunks_vectored for Take (#617)
  • Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

  • Remove incorrect guarantee for chunks_vectored (#754)
  • Ensure that tests pass under panic=abort (#749)

... (truncated)

Changelog

Sourced from bytes's changelog.

1.11.1 (February 3rd, 2026)

  • Fix integer overflow in BytesMut::reserve

1.11.0 (November 14th, 2025)

  • Bump MSRV to 1.57 (#788)

Fixed

  • fix: BytesMut only reuse if src has remaining (#803)
  • Specialize BytesMut::put::<Bytes> (#793)
  • Reserve capacity in BytesMut::put (#794)
  • Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

  • Guarantee address in slice() for empty slices. (#780)
  • Rename Vtable::to_* -> Vtable::into_* (#776)
  • Fix latest clippy warnings (#787)
  • Ignore BytesMut::freeze doctest on wasm (#790)
  • Move drop_fn of from_owner into vtable (#801)

1.10.1 (March 5th, 2025)

Fixed

  • Fix memory leak when using to_vec with Bytes::from_owner (#773)

1.10.0 (February 3rd, 2025)

Added

  • Add feature to support platforms without atomic CAS (#467)
  • try_get_* methods for Buf trait (#753)
  • Implement Buf::chunks_vectored for Take (#617)
  • Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

  • Remove incorrect guarantee for chunks_vectored (#754)
  • Ensure that tests pass under panic=abort (#749)

1.9.0 (November 27, 2024)

Added

  • Add Bytes::from_owner to enable externally-allocated memory (#742)

Documented

... (truncated)

Commits

Updates crossbeam-channel from 0.5.13 to 0.5.15

Release notes

Sourced from crossbeam-channel's releases.

crossbeam-channel 0.5.15

  • Fix regression introduced in 0.5.12 that can lead to a double free when dropping unbounded channel. (#1187)

crossbeam-channel 0.5.14

  • Fix stack overflow when sending large value to unbounded channel. (#1146, #1147)
  • Add Select::new_biased function. (#1150)
  • Remove inefficient spinning. (#1154)
  • Suppress buggy clippy::zero_repeat_side_effects lint in macro generated code. (#1123)
Commits
  • d35ffde Prepare for the next release
  • 6ec74ec crossbeam-channel: prevent double free on Drop (#1187)
  • ccd83ac Prepare for the next release
  • 54988eb Calculate layout in const context
  • 761d0b6 Port #1146 & #1147 to deque::Injector and queue::SegQueue
  • 8144fbb Remove optimistic spinning from Context::wait_until
  • a92f6c4 Bump peter-evans/create-pull-request from 5 to 7 (#1153)
  • 66d41a9 channel: Add new_biased constructor for biased channel selection (#1150)
  • d0d0a80 CachePadded: Use 128-byte alignment on arm64ec
  • f757eef Add comment about fixed rustc bug
  • Additional commits viewable in compare view

Updates openssl from 0.10.68 to 0.10.75

Release notes

Sourced from openssl's releases.

openssl-v0.10.75

What's Changed

New Contributors

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.74...openssl-v0.10.75

openssl-v0.10.74

What's Changed

... (truncated)

Commits
  • 09b90d0 Merge pull request #2518 from alex/bump-for-release
  • 26533f3 Release openssl v0.10.75 and openssl-sys v0.9.111
  • 395ecca Merge pull request #2517 from alex/claude/fix-ocsp-find-status-011CUqcGFNKeKJ...
  • cc26867 Fix unsound OCSP find_status handling of optional next_update field
  • 95aa8e8 Merge pull request #2513 from botovq/libressl-stable
  • e735a32 CI: bump LibreSSL 4.x branches to latest releases
  • 21ab91d Merge pull request #2510 from huwcbjones/huw/sys/evp-mac
  • d9161dc sys/evp: add EVP_MAC symbols
  • 3fd4bf2 Merge pull request #2508 from goffrie/oaep-label
  • 52022fd Implement set_rsa_oaep_label for AWS-LC/BoringSSL
  • Additional commits viewable in compare view

Updates ring from 0.17.8 to 0.17.14

Changelog

Sourced from ring's changelog.

Version 0.17.14 (2025-03-11)

Fixed a performance bug in the AVX2-based AES-GCM implementation added in ring 0.17.13. This will be another notable performance improvement for most newish x86-64 systems. The performance issue impacted not just AES-GCM.

Compatibility with GNU binutils 2.29 (used on Amazon Linux 2), and probably even earlier versions, was restored. It is expected that ring 0.17.14 will build on all the systems that 0.17.12 would build on.

Version 0.17.13 (2025-03-06)

Increased MSRV to 1.66.0 to avoid bugs in earlier versions so that we can safely use core::arch::x86_64::__cpuid and core::arch::x86::__cpuid from Rust in future releases.

AVX2-based VAES-CLMUL implementation. This will be a notable performance improvement for most newish x86-64 systems. This will likely raise the minimum binutils version supported for very old Linux distros.

Version 0.17.12 (2025-03-05)

Bug fix: briansmith/ring#2447 for denial of service (DoS).

  • Fixes a panic in ring::aead::quic::HeaderProtectionKey::new_mask() when integer overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 2**32 packets sent and/or received.

  • Fixes a panic on 64-bit targets in ring::aead::{AES_128_GCM, AES_256_GCM} when overflow checking is enabled, when encrypting/decrypting approximately 68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols like TLS and SSH are not affected by this because those protocols break large amounts of data into small chunks. Similarly, most applications will not attempt to encrypt/decrypt 64GB of data in one chunk.

Overflow checking is not enabled in release mode by default, but RUSTFLAGS="-C overflow-checks" or overflow-checks = true in the Cargo.toml profile can override this. Overflow checking is usually enabled by default in debug mode.

Commits

Updates rsa from 0.9.6 to 0.9.10

Changelog

Sourced from rsa's changelog.

0.9.10 (2026-01-06)

Fixed

  • do not panic on a prime being 1 when loading a secret key (#624)

#624: RustCrypto/RSA#624

0.9.9 (2025-11-13)

Fixed

  • Support for cryptographic operations with larger keys (#594)

#594: RustCrypto/RSA#594

0.9.8 (2025-03-12)

Added

  • Doc comments to specify the rand version (#473)

#473: RustCrypto/RSA#473

0.9.7 (2024-11-26)

Fixed

  • always validate keys in from_components
  • do not crash when handling tiny keys in PKCS1v15
Commits

Updates rustls from 0.23.16 to 0.23.23

Commits
  • 7742147 unbuffered: introduce PeerClosed state
  • 7abb149 tests/unbuffered: refactor
  • 1963cc7 Bump version to 0.23.23
  • ad5a31b tests: reuse SingleCertAndKey
  • 591c0c1 crypto: expose SingleCertAndKey
  • 82e1688 client: use SingleCertAndKey for with_client_auth_cert()
  • b0cc4df crypto: add CertifiedKey::from_der()
  • be2865a crypto: simplify SingleCertAndKey construction with OCSP
  • 82c3c2d crypto: use From impl to construct SingleCertAndKey
  • 27551e1 Move SingleCertAndKey to crypto::signer
  • Additional commits viewable in compare view

Updates tokio from 1.41.0 to 1.42.1

Release notes

Sourced from tokio's releases.

Tokio v1.42.1

This release fixes a soundness issue in the broadcast channel. The channel accepts values that are Send but !Sync. Previously, the channel called clone() on these values without synchronizing. This release fixes the channel by synchronizing calls to .clone() (Thanks Austin Bonander for finding and reporting the issue).

Fixed

  • sync: synchronize clone() call in broadcast channel (#7232)

#7232: tokio-rs/tokio#7232

Tokio v1.42.0

1.42.0 (Dec 3rd, 2024)

Added

  • io: add AsyncFd::{try_io, try_io_mut} (#6967)

Fixed

  • io: avoid ptr->ref->ptr roundtrip in RegistrationSet (#6929)
  • runtime: do not defer yield_now inside block_in_place (#6999)

Changes

  • io: simplify io readiness logic (#6966)

Documented

  • net: fix docs for tokio::net::unix::{pid_t, gid_t, uid_t} (#6791)
  • time: fix a typo in Instant docs (#6982)

#6791: tokio-rs/tokio#6791 #6929: tokio-rs/tokio#6929 #6966: tokio-rs/tokio#6966 #6967: tokio-rs/tokio#6967 #6982: tokio-rs/tokio#6982 #6999: tokio-rs/tokio#6999

Tokio v1.41.1

1.41.1 (Nov 7th, 2024)

Fixed

  • metrics: fix bug with wrong number of buckets for the histogram (#6957)
  • net: display net requirement for net::UdpSocket in docs (#6938)
  • net: fix typo in TcpStream internal comment (#6944)

#6957: tokio-rs/tokio#6957 #6938: tokio-rs/tokio#6938 #6944: tokio-rs/tokio#6944

Commits
  • f7fb0bd chore: prepare Tokio v1.42.1
  • 9faea74 Merge 'tokio-1.38.x' into 'tokio.1.42.x'
  • aa303bc chore: prepare Tokio v1.38.2 release
  • 7b6ccb5 chore: backport CI fixes
  • 4b174ce sync: fix cloning value when receiving from broadcast channel
  • bb9d570 chore: prepare Tokio v1.42.0 (#7005)
  • af9c683 tests: fix typo in build test instructions (#7004)
  • 4bc5a1a ci: allow Unicode-3.0 license for unicode-ident (#7006)
  • f8948ea runtime: do not defer yield_now inside block_in_place (#6999)
  • bce9780 time: use array::from_fn instead of manually creating array (#7000)
  • Additional commits viewable in compare view

Updates xcb from 1.4.0 to 1.7.0

Changelog

Sourced from xcb's changelog.

[1.7.0] - 2026-01-03 - to-miz, rtbo

Added

  • support for dynamic library loading (#287)
  • Connection::from_raw_conn_and_extensions_no_drop (#289)

Changed

  • XidNew::new is now safe

[1.6.0] - 2025-08-15 - various authors

Added

  • export well-known RandR output property names, this time for real

Fixed

  • fixing further unalignemnt issues (#277)
  • hand-writen damage::ReportLevel enum to handle the DamageNotifyMore bit (#280)
  • fix unsound API xcb::Connection::connect_to_fd* (#283)

[1.5.0] - 2024-11-09 - various authors

Added

  • UnknownError and no more panic for failed resolution (#266)
  • unsafe public API to resolve FFI events and errors (#266)
  • Reply::as_raw (#267)
  • GetModifierMappingReply::keycodes_per_modifier is public (#271)

Fixed

  • Compilation warnings (#275)
Commits
  • 7b4580f Merge pull request #292 from rtbo/release-1.7.0
  • 7451d01 release 1.7.0
  • c75fd5a Merge pull request #291 from rtbo/tiny-xlib-dev-dep
  • 4d0d079 make tiny-xlib a dev-dependency
  • f515cd8 Merge pull request #287 from to-miz/dyn
  • 73562c7 all-extensions feature to ease CI testing
  • d58a37c simplify dl feature conditional compilation
  • df931fc revert opengl_window to static linking only
  • 5c7b617 add example opengl_window_dl
  • a57f772 fix features syntax and dependencies
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the cargo group across 1 directory with 9 updates
6cf388d 
Bumps the cargo group with 9 updates in the /src-tauri directory:

| Package | From | To |
| --- | --- | --- |
| [zip](https://github.com/zip-rs/zip2) | `2.2.0` | `7.0.0` |
| [bytes](https://github.com/tokio-rs/bytes) | `1.8.0` | `1.11.1` |
| [crossbeam-channel](https://github.com/crossbeam-rs/crossbeam) | `0.5.13` | `0.5.15` |
| [openssl](https://github.com/rust-openssl/rust-openssl) | `0.10.68` | `0.10.75` |
| [ring](https://github.com/briansmith/ring) | `0.17.8` | `0.17.14` |
| [rsa](https://github.com/RustCrypto/RSA) | `0.9.6` | `0.9.10` |
| [rustls](https://github.com/rustls/rustls) | `0.23.16` | `0.23.23` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.41.0` | `1.42.1` |
| [xcb](https://github.com/rust-x-bindings/rust-xcb) | `1.4.0` | `1.7.0` |



Updates `zip` from 2.2.0 to 7.0.0
- [Release notes](https://github.com/zip-rs/zip2/releases)
- [Changelog](https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md)
- [Commits](zip-rs/zip2@v2.2.0...v7.0.0)

Updates `bytes` from 1.8.0 to 1.11.1
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.8.0...v1.11.1)

Updates `crossbeam-channel` from 0.5.13 to 0.5.15
- [Release notes](https://github.com/crossbeam-rs/crossbeam/releases)
- [Changelog](https://github.com/crossbeam-rs/crossbeam/blob/master/CHANGELOG.md)
- [Commits](crossbeam-rs/crossbeam@crossbeam-channel-0.5.13...crossbeam-channel-0.5.15)

Updates `openssl` from 0.10.68 to 0.10.75
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.68...openssl-v0.10.75)

Updates `ring` from 0.17.8 to 0.17.14
- [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md)
- [Commits](https://github.com/briansmith/ring/commits)

Updates `rsa` from 0.9.6 to 0.9.10
- [Changelog](https://github.com/RustCrypto/RSA/blob/v0.9.10/CHANGELOG.md)
- [Commits](RustCrypto/RSA@v0.9.6...v0.9.10)

Updates `rustls` from 0.23.16 to 0.23.23
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.16...v/0.23.23)

Updates `tokio` from 1.41.0 to 1.42.1
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.41.0...tokio-1.42.1)

Updates `xcb` from 1.4.0 to 1.7.0
- [Changelog](https://github.com/rust-x-bindings/rust-xcb/blob/main/CHANGELOG.md)
- [Commits](rust-x-bindings/rust-xcb@v1.4.0...v1.7.0)

---
updated-dependencies:
- dependency-name: zip
  dependency-version: 7.0.0
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: bytes
  dependency-version: 1.11.1
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: crossbeam-channel
  dependency-version: 0.5.15
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.75
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: ring
  dependency-version: 0.17.14
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rsa
  dependency-version: 0.9.10
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rustls
  dependency-version: 0.23.23
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: tokio
  dependency-version: 1.42.1
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: xcb
  dependency-version: 1.7.0
  dependency-type: indirect
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Feb 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants