Skip to content

chore(deps): bump the patch-updates group across 1 directory with 7 updates#601

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/patch-updates-da57893aed
Closed

chore(deps): bump the patch-updates group across 1 directory with 7 updates#601
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/patch-updates-da57893aed

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the patch-updates group with 7 updates in the / directory:

Package From To
rand 0.10.1 0.10.2
uuid 1.23.3 1.23.4
jiff 0.2.28 0.2.31
quinn 0.11.9 0.11.11
rustls 0.23.40 0.23.41
mdns-sd 0.20.0 0.20.1
bytes 1.12.0 1.12.1

Updates rand from 0.10.1 to 0.10.2

Changelog

Sourced from rand's changelog.

[0.10.2] — 2026-07-02

Fixes

  • Fix possible memory safety violation due to deserialization of UniformChar from bad source (#1790)

Changes

  • Document required output order of fn partial_shuffle and apply #[must_use] (#1769)
  • Avoid usage of unsafe in contexts where non-local memory corruption could invalidate contract (#1791)

#1769: rust-random/rand#1769 #1790: rust-random/rand#1790 #1791: rust-random/rand#1791

Commits

Updates uuid from 1.23.3 to 1.23.4

Release notes

Sourced from uuid's releases.

v1.23.4

What's Changed

New Contributors

Full Changelog: uuid-rs/uuid@v1.23.3...v1.23.4

Commits
  • 3296d64 Merge pull request #890 from uuid-rs/cargo/v1.23.4
  • cba53d0 prepare for 1.23.4 release
  • e347af4 Merge pull request #889 from frostyplanet/main
  • e9bf55c doc: Fix broken link warnings
  • 5351af4 doc: Enable feature flag label for docs.rs
  • 1e6a966 Merge pull request #888 from uuid-rs/KodrAus-patch-1
  • c9619f6 fix up name of fuzz script in readme
  • See full diff in compare view

Updates jiff from 0.2.28 to 0.2.31

Changelog

Sourced from jiff's changelog.

0.2.31 (2026-06-29)

This release fixes a minor bug in tests that prevents the crate from running through standard build processes in Linux distributions downstream.

  • #594: Fix imports in recently added tests.

0.2.30 (2026-06-29)

This release fixes a safety soundness bug in Jiff's lower level printing APIs. There is also a nice performance improvement to civil::Date::weekday, which also improves downstread routines like civil::Date::nth_weekday and datetime<-->timestamp conversions in some cases.

Enhancements:

  • #591: Improve the performance of weekday calculations from Gregorian dates by 30-50%.

Bug fixes:

  • #592: Fix safety soundness bug when using a non-empty String destination buffer with lower level printing APIs inside of jiff::fmt.

0.2.29 (2026-06-20)

This release adds support for [defmt], which is a highly efficient logging framework that targets resource-constrained devices, like microcontrollers.

Enhancements:

  • #505: Add support for the defmt crate by implementing defmt::Format on the principle public types in Jiff.
  • #584: Add Zoned::UNIX_EPOCH as a constant.
  • #587: Change the Debug output for civil::ISOWeekDate to match the Debug output style of other primitive datetime types.

Bug fixes:

  • #525: Fix a bug that prevented time zone lookups when using an on-disk time zone database on Windows.
  • #539:

... (truncated)

Commits

Updates quinn from 0.11.9 to 0.11.11

Release notes

Sourced from quinn's releases.

quinn-proto 0.11.11

What's Changed

Commits
  • a7499b8 Bump versions for release
  • 7c1970f proto: yield error on too many gaps in assembler
  • fe5ac49 congestion: avoid double-reducing CUBIC fast convergence
  • c1e903b fix(quinn): handle overdue timers without polling the async timer
  • b3b20e1 quinn-udp: allow to use windows-sys 0.61
  • 6f03ca3 quinn-proto: drop Initials silently when saturated
  • 41c8527 quinn: fix ref count logic for ConnectionRef and EndpointRef
  • 73ea1dd Remove RecvStreams from blocked_readers on stop
  • cf16bfd Early return in RecvStream::drop()
  • af2e4e5 Fix the (pre-existing) rightward drift by inverting conditions
  • Additional commits viewable in compare view

Updates rustls from 0.23.40 to 0.23.41

Commits
  • 642a103 ci: drop Taplo job
  • 752c144 Drop nightly clippy tests
  • 8d8611a Fix new clippy::useless-borrows-in-formatting
  • ebf3297 Fix new clippy::manual_clear
  • 46808e7 ci: sync cargo-check-external-types nightly
  • 041a8d2 Cargo deny: allow RUSTSEC-2026-0173
  • 62e220e Take semver-compatible dependency updates
  • 3c14696 Upgrade to hickory-resolver 0.26
  • 848a2cc connect-tests: delete ech.rs
  • 5ce9cac Bump version to 0.23.41
  • Additional commits viewable in compare view

Updates mdns-sd from 0.20.0 to 0.20.1

Release notes

Sourced from mdns-sd's releases.

v0.20.1

This is a small feature and maintenance release.

New features

  • Add IfKind::Predicate and a new IfPredicate type, allowing interfaces to be selected with a custom predicate function (e.g. matching by interface name pattern). (#474, commit fd72146)

What's Changed

New Contributors

Full Changelog: keepsimple1/mdns-sd@v0.20.0...v0.20.1

Changelog

Sourced from mdns-sd's changelog.

Version 0.20.1 (2026-06-28)

This is a small feature and maintenance release.

New features

  • Add IfKind::Predicate and a new IfPredicate type, allowing interfaces to be selected with a custom predicate function (e.g. matching by interface name pattern). (#474, commit fd72146)

Other changes

  • chore(deps): update dependencies. (#454, commit 06bdad1)

All changes

  • fd72146 2026-06-22 Add IfPredicate for more flexible interface filtering (#474) (MAlba124)
  • 06bdad1 2026-06-16 chore(deps): update (#454) (CosminPerRam)

Thanks and welcome our new contributor @​MAlba124 !

Commits

Updates bytes from 1.12.0 to 1.12.1

Release notes

Sourced from bytes's releases.

Bytes v1.12.1

1.12.1 (July 8th, 2026)

Fixed

  • Properly handle when Box::new panics (#837)
Changelog

Sourced from bytes's changelog.

1.12.1 (July 8th, 2026)

Fixed

  • Properly handle when Box::new panics (#837)
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jul 8, 2026
@forkwright

Copy link
Copy Markdown
Owner

cargo deny fails on this group: error[duplicate]: found 2 duplicate entries for crate 'flume' (plus transitive windows-* duplicates). One of the 7 patch bumps splits flume into two versions, which the bans policy rejects. Held — not merging red per policy. Needs the culprit bump excluded from the group (dependabot will regroup) or a scoped deny skip once the benign-vs-real split is confirmed. Low priority vs. the current lifecycle keystone; revisiting after.

…pdates

Bumps the patch-updates group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [rand](https://github.com/rust-random/rand) | `0.10.1` | `0.10.2` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.23.3` | `1.23.4` |
| [jiff](https://github.com/BurntSushi/jiff) | `0.2.28` | `0.2.31` |
| [quinn](https://github.com/quinn-rs/quinn) | `0.11.9` | `0.11.11` |
| [rustls](https://github.com/rustls/rustls) | `0.23.40` | `0.23.41` |
| [mdns-sd](https://github.com/keepsimple1/mdns-sd) | `0.20.0` | `0.20.1` |
| [bytes](https://github.com/tokio-rs/bytes) | `1.12.0` | `1.12.1` |



Updates `rand` from 0.10.1 to 0.10.2
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@0.10.1...0.10.2)

Updates `uuid` from 1.23.3 to 1.23.4
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](uuid-rs/uuid@v1.23.3...v1.23.4)

Updates `jiff` from 0.2.28 to 0.2.31
- [Release notes](https://github.com/BurntSushi/jiff/releases)
- [Changelog](https://github.com/BurntSushi/jiff/blob/master/CHANGELOG.md)
- [Commits](BurntSushi/jiff@jiff-static-0.2.28...jiff-static-0.2.31)

Updates `quinn` from 0.11.9 to 0.11.11
- [Release notes](https://github.com/quinn-rs/quinn/releases)
- [Commits](quinn-rs/quinn@quinn-0.11.9...quinn-0.11.11)

Updates `rustls` from 0.23.40 to 0.23.41
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.40...v/0.23.41)

Updates `mdns-sd` from 0.20.0 to 0.20.1
- [Release notes](https://github.com/keepsimple1/mdns-sd/releases)
- [Changelog](https://github.com/keepsimple1/mdns-sd/blob/main/CHANGELOG.md)
- [Commits](keepsimple1/mdns-sd@v0.20.0...v0.20.1)

Updates `bytes` from 1.12.0 to 1.12.1
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.12.0...v1.12.1)

---
updated-dependencies:
- dependency-name: bytes
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: jiff
  dependency-version: 0.2.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: mdns-sd
  dependency-version: 0.20.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: quinn
  dependency-version: 0.11.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: rand
  dependency-version: 0.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: rustls
  dependency-version: 0.23.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: uuid
  dependency-version: 1.23.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/patch-updates-da57893aed branch from eda10c3 to 21d1d7d Compare July 8, 2026 23:07
@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 13, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/patch-updates-da57893aed branch July 13, 2026 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant