Build(deps): upgrade workspace dependencies to latest versions#347
Merged
sd-collins merged 4 commits intomasterfrom Apr 23, 2026
Merged
Build(deps): upgrade workspace dependencies to latest versions#347sd-collins merged 4 commits intomasterfrom
sd-collins merged 4 commits intomasterfrom
Conversation
- Bump rand to 0.10, reqwest to 0.13, toml to 1.1, strum to 0.28 - Refresh Cargo.lock to pull aws-lc-sys 0.40, rustls-webpki 0.103.13, rand 0.9.4 (clears RUSTSEC-2026-0044/0045/0046/0047/0048/0049/0097/0098) - Adapt oauth2 token generation to rand 0.10 API (SysRng + RngExt) - Collapse reqwest TLS features onto the consolidated \`rustls\` feature (rustls-platform-verifier replaces the old native-roots selector) and drop the redundant \`rustls-native-certs\` crate feature - Update deny.toml skip list for the refreshed dependency graph
sd-collins
force-pushed
the
deps/upgrade-latest
branch
from
30ae50e to
5ec1542
Compare
MichaelOultram-pexip
approved these changes
Apr 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refresh all workspace dependencies to their current latest versions and clear the outstanding RustSec advisories against the transitive graph.
Security
aws-lc-sys0.40,rustls-webpki0.103.13,rand0.9.4, clearing RUSTSEC-2026-0044/0045/0046/0047/0048/0049/0097/0098.Major-version bumps
rand0.9 → 0.10:OsRngis nowSysRngand.random()lives onRngExt;generate_token_idkeeps its panic-on-OS-RNG-failure behaviour viaUnwrapErr(SysRng).reqwest0.12 → 0.13: TLS features were collapsed. The oldrustls-tls-native-roots/rustls-tlsselectors are gone — the singlerustlsfeature now pulls inrustls-platform-verifier, which delegates trust to the OS store.formandqueryare now opt-in features and are enabled explicitly. The redundantrustls-native-certscrate feature has been dropped;default = ["rustls"].toml0.9 → 1.1,strum0.27 → 0.28, plus minor bumps acrosstokio,chrono,hyper,clap,uuid,serde_with,console.deny.toml
cpufeatures 0.2.17andthiserror/thiserror-impl1.0.69 (pulled in viarustls-platform-verifier→jnion non-Apple/Windows targets); removed the obsoletewinnow 0.7.15entry.