Skip to content

build(deps): Bump the cargo-minor-patch group across 1 directory with 10 updates#378

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/cargo-minor-patch-4dce2ac510
Open

build(deps): Bump the cargo-minor-patch group across 1 directory with 10 updates#378
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/cargo-minor-patch-4dce2ac510

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the cargo-minor-patch group with 10 updates in the / directory:

Package From To
arc-swap 1.9.1 1.9.2
aws-lc-rs 1.17.0 1.17.3
bytes 1.12.0 1.12.1
clap 4.6.1 4.6.2
ryu-js 1.0.2 1.0.3
time 0.3.51 0.3.53
tokio 1.52.3 1.53.0
toml 1.1.2+spec-1.1.0 1.1.3+spec-1.1.0
uuid 1.23.4 1.24.0
regex 1.12.4 1.13.1

Updates arc-swap from 1.9.1 to 1.9.2

Changelog

Sourced from arc-swap's changelog.

1.9.2

  • Document RefCnt must not panic (#208).
Commits

Updates aws-lc-rs from 1.17.0 to 1.17.3

Release notes

Sourced from aws-lc-rs's releases.

aws-lc-rs v1.17.3

What's Changed

  • Add public API to check AWS-LC and FIPS versions by @​prasden in aws/aws-lc-rs#1167
    • awslc_version() returns the linked AWS-LC library version (e.g., "5.1.0"), resolved at runtime. fips_version() returns the AWS-LC FIPS release-branch version as Some(version), or None when unavailable. Note that fips_version() is independent of try_fips_mode().
  • Clarify representations of PqdsaKeyPair in serialized forms by @​Mark-Simulacrum in aws/aws-lc-rs#1174
    • Documents how to use PqdsaKeyPair::from_seed in a FIPS setting, and notes that key pairs constructed from the expanded form cannot be re-serialized to PKCS#8 (which contains just the seed).

Build Improvements

  • Fix TARGET_* env leakage into host builds by @​justsmth in aws/aws-lc-rs#1171
    • Per the cc-rs convention, TARGET_CC/TARGET_CXX/TARGET_CFLAGS are now only applied when cross-compiling, and HOST_* variables are honored for native builds. Previously, when aws-lc-sys appeared as both a dependency and a build-dependency in a cross build, the cross toolchain's flags leaked into the host-side build.
  • Restore cc default flags in memcmp probe; only fail build on confirmed bug by @​justsmth in aws/aws-lc-rs#1173
    • Fixes build failures under RPM hardened build flags (Fedora/RHEL/Rocky rpmbuild defaults): the memcmp probe (GCC bug 95189 check) now retains cc's computed target default flags (e.g., -fPIC) while still excluding user CFLAGS. The check also only runs for GCC versions that may contain the bug, and a probe that fails to build only warns -- the build only fails when the miscompilation is actually demonstrated.

Issues Being Closed

Other Merged PRs

New Contributors

Full Changelog: aws/aws-lc-rs@v1.17.1...v1.17.3

[!NOTE] aws-lc-rs v1.17.2 has been yanked. It failed to compile with the fips feature when aws-lc-fips-sys resolved to v0.13.15 (or earlier), since that version lacks functions needed by the new version APIs. v1.17.3 is identical to v1.17.2 aside from requiring aws-lc-fips-sys v0.13.16.

aws-lc-rs v1.17.1

🎉 AWS-LC FIPS v3 Module Has Been Validated

The AWS-LC FIPS v3 module has been awarded FIPS 140-3 validation by NIST's CMVP:

Seek guidance from a local FIPS compliance expert regarding requirements for your deployment environments. Please consult the Security Policies associated with our certificates if you have questions.

aws-lc-fips-sys (utilized via the fips feature of aws-lc-rs) currently uses the validated FIPS v3 module.

  • In the upcoming aws-lc-rs v1.18.0 release, we plan to switch aws-lc-fips-sys to our FIPS v4 branch.

What's Changed

  • Support linking against a system-installed AWS-LC:

... (truncated)

Commits
  • 9232f4d Prepare aws lc fips sys v0.13.16 (#1180)
  • d722b90 Prepare aws-lc-rs v1.17.2 (#1178)
  • 33cbbac Add public API to check AWS-LC and FIPS versions (#1167)
  • f031b06 Clarify PqdsaKeyPair serialized formats (#1174)
  • deeff57 build(deps): bump actions/setup-go from 6 to 7 (#1177)
  • aac7333 Prepare aws-lc-sys v0.43.0 (#1176)
  • 6e92439 fix: restore cc default flags in memcmp probe; only fail build on confirmed b...
  • 997202f ci: only run push-triggered workflows on main (#1163)
  • e017679 fix: memcmp probe PIE mismatch and TARGET_* env leakage into host builds (#1171)
  • 5336e79 ci: fix cross windows-gnu pre-build wine dpkg conflict (#1172)
  • Additional commits viewable in compare view

Updates bytes from 1.12.0 to 1.12.1

Release notes

Sourced from bytes's releases.

Bytes v1.12.1

1.12.1 (July 8th, 2026)

Fixed

  • Properly handle when Box::new panics (#837)
Changelog

Sourced from bytes's changelog.

1.12.1 (July 8th, 2026)

Fixed

  • Properly handle when Box::new panics (#837)
Commits

Updates clap from 4.6.1 to 4.6.2

Release notes

Sourced from clap's releases.

v4.6.2

[4.6.2] - 2026-07-15

Fixes

  • (help) Say alias when there is only one
Changelog

Sourced from clap's changelog.

[4.6.2] - 2026-07-15

Fixes

  • (help) Say alias when there is only one
Commits
  • 0fe0be3 chore: Release
  • 480af9d docs: Update changelog
  • 2b3ddd0 Merge pull request #6340 from liskin/fix-completion-escape
  • 7ffe739 fix(complete): Do not suggest options after "--"
  • d47fc4f test(complete): Options suggested after escape (--)
  • See full diff in compare view

Updates ryu-js from 1.0.2 to 1.0.3

Release notes

Sourced from ryu-js's releases.

v1.0.3

Breaking Changes

  • Minimum rust version has been bumped from 1.64.0 to 1.71.0.

Bug Fixes

Internal Improvements

New Contributors

Full Changelog: boa-dev/ryu-js@v1.0.2...v1.0.3

Changelog

Sourced from ryu-js's changelog.

# 1.0.3 (2026-07-05)

Breaking Changes

  • Minimum rust version has been bumped from 1.64.0 to 1.71.0.

Bug Fixes

Internal Improvements

Commits

Updates time from 0.3.51 to 0.3.53

Release notes

Sourced from time's releases.

v0.3.53

See the changelog for details.

v0.3.52

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.53 [2026-07-01]

There are no publicly-facing changes in this release. It solely works around the cookie crate relying on an implementation detail of time that was never part of the public API (and thus subject to semver guarantees). The internal API has been reverted to the extent necessary for cookie to compile. This measure is temporary; the internal change will be re-applied in an yet-to-be-determined future release.

0.3.52 [2026-06-30]

Fixed

  • Subsecond values in the time! macro are parsed using the textual representation, ensuring accuracy. Previously, they were parsed using the floating point representation, which could result in a loss of precision and even invalid values.
  • The date! macro could previously create an invalid value that would then panic at compile time. The macro now emits a proper error instead.
  • When parsing an invalid format description, an edge case would inadvertently panic. This now returns an error as intended.

Added

  • Support default values when parsing
Commits
  • 0ae2f84 v0.3.53 release
  • cea8c96 Avoid issue with cookie crate temporarily
  • 55e1f2b Require private type to properly seal traits
  • 7cf4780 v0.3.52 release
  • 0e5b04f Fix trusted publishing workflow
  • 6e4140a Support default values when parsing
  • 10ac36a Add more doctests to Timestamp
  • 6b0d468 Restore lexer depth on the unclosed-bracket error path
  • 0abc06d Add trusted publishing
  • 43cf0c0 Preferentially group shards by target
  • Additional commits viewable in compare view

Updates tokio from 1.52.3 to 1.53.0

Release notes

Sourced from tokio's releases.

Tokio v1.53.0

1.53.0 (July 17th, 2026)

Added

  • fs: implement From<OwnedFd> and From<OwnedHandle> for File (#8266)
  • metrics: add task schedule latency metric (#7986)
  • net: add SocketAddr methods to Unix sockets (#8144)

Changed

  • io: add #[inline] to IO trait impls for in-memory types (#8242)
  • net: implement UCred::pid on FreeBSD (#8086)
  • net: support Nuttx target os (#8259)
  • signal: refactor global variables on Windows (#8231)
  • sync: mpsc::{Receiver,UnboundedReceiver} now drops waker on drop, even if there are still senders (#8095)
  • taskdump: support taskdumps on s390x (#8192)
  • time: add #[track_caller] to timeout_at() (#8077)
  • time: consolidate mutex locks on spurious poll (#8124)
  • time: defer waker clone on spurious poll (#8107)
  • time: move lazy-registration state into Sleep (#8132)
  • tracing: remove unnecessary span clone (#8126)

Fixed

  • io: do not treat zero-length reads as EOF in Chain (#8251)
  • net: use getpeereid for QNX peer credentials (#8270)
  • runtime: avoid illegal state in FastRand (#8078)
  • sync: wake mpsc receiver when a queued reserve[_many] returns permits (#8260)
  • taskdump: skip double wake on Trace::capture/Trace::trace_with (#8043)
  • time: avoid stack overflow in runtime constructor (#8093)
  • time (alt timer): ensure timers stay in the same runtime after .reset() (#8169)

IO uring (unstable)

  • fs: use io-uring for fs::try_exists (#8080)
  • fs: use io-uring for renaming files (#7800)
  • rt: flush io-uring CQE in case of CQE overflow (#8277)

Documented

  • docs: clarify cancel safety wording (#8181)
  • fs: clarify create_dir_all succeeds if path exists (#8149)
  • io: add warning about stdout reordering with multiple handles (#8276)
  • net: document pipe try_read*/try_write* readiness behavior (#8032)
  • runtime: document interaction with fork() (#8202)
  • sync: clarify broadcast lagging semantics (#8239)
  • sync: document memory ordering guarantees for Semaphore (#8119)
  • task: explain why yield_now defers its waker (#8254)
  • time: add panic docs to timeout_at() (#8077)

... (truncated)

Commits

Updates toml from 1.1.2+spec-1.1.0 to 1.1.3+spec-1.1.0

Commits

Updates uuid from 1.23.4 to 1.24.0

Release notes

Sourced from uuid's releases.

v1.24.0

What's Changed

New Contributors

Full Changelog: uuid-rs/uuid@v1.23.5...v1.24.0

v1.23.5

What's Changed

New Contributors

Full Changelog: uuid-rs/uuid@v1.23.4...v1.23.5

Commits
  • 6a8aeab Merge pull request #896 from uuid-rs/cargo/v1.24.0
  • e6db8ec prepare for 1.24.0 release
  • 606f236 Merge pull request #892 from weifanglab/main
  • ab848db feat(fmt): support encoding into MaybeUninit buffers
  • 5dc6b3d Merge pull request #895 from uuid-rs/cargo/v1.23.5
  • 5a7dfe5 prepare for 1.23.5 release
  • 9b4bfc8 Merge pull request #894 from geeknoid/main
  • 5acc5a5 perf: Optimize UUID hex parsing and formatting
  • 6fa1a1e feat(fmt): support encoding into MaybeUninit buffers
  • 1e5d867 Merge pull request #891 from frostyplanet/doc
  • Additional commits viewable in compare view

Updates regex from 1.12.4 to 1.13.1

Changelog

Sourced from regex's changelog.

1.13.1 (2026-07-15)

This is a release that fixes a bug where incorrect regex match offsets could be reported. Note that this doesn't impact whether a match occurs or not, just where it occurs. The match offsets are still valid for slicing, they just may not refer to the correct leftmost-first match. See #1364 for (many) more details.

Bug fixes:

  • #1354: Fixes previously unsound reverse suffix and inner optimizations.

1.13.0 (2026-07-09)

This release includes a new API, a regex! macro, for lazy compilation of a regex from a string literal. If you use regexes a lot, it's likely you've already written one exactly like it. The new macro can be used like this:

use regex::regex;
fn is_match(line: &str) -> bool {
// The regex will be compiled approximately once and reused automatically.
// This avoids the footgun of using Regex::new here, which would
// guarantee that it would be compiled every time this routine is called.
// This would likely make this routine much slower than it needs to be.
regex!(r"bar|baz").is_match(line)
}
let hay = "
path/to/foo:54:Blue Harvest
path/to/bar:90:Something, Something, Something, Dark Side
path/to/baz:3:It's a Trap!
";
let matches = hay.lines().filter(|line| is_match(line)).count();
assert_eq!(matches, 2);

Improvements:

  • #709: Add a new regex! macro for efficient and automatic reuse of a compiled regex.
Commits
  • 2b52759 1.13.1, redux
  • 40e9823 1.13.1
  • 75fcb96 changelog: 1.13.1
  • 64ad0b6 automata: fix bug in reverse suffix/inner optimization
  • fa91c31 automata: fix a bug caught by Codex review
  • 30390ec automata: formatting tweaks
  • 821a8eb automata: refactor reverse suffix/inner search slightly
  • 10afd70 automata: expose the extracted literals for inner literal extraction
  • 8c34f41 automata: avoid reverse suffix optimization for non-leftmost-first
  • 5524f02 test: add regression tests for failed reverse suffix/inner optimizations
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Rust implementation work. labels Jul 16, 2026
@dependabot
dependabot Bot requested a review from jeremi as a code owner July 16, 2026 17:54
@dependabot dependabot Bot added rust Rust implementation work. dependencies Pull requests that update a dependency file labels Jul 16, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fe5fae7429

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.lock
[[package]]
name = "arc-swap"
version = "1.9.1"
version = "1.9.2"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add the required DCO sign-off

The root /workspace/registry-stack/AGENTS.md says “Every commit needs a DCO sign-off: git commit -s,” but git log -1 --format=full 27079afe8d79a89f56af87f0cb43d36bf11e0205 has no Signed-off-by: trailer. In repositories that enforce DCO, this commit cannot merge as-is even though the lockfile change is mechanical, so please recreate or amend it with -s.

Useful? React with 👍 / 👎.

Comment thread Cargo.lock Outdated
[[package]]
name = "aws-lc-rs"
version = "1.17.0"
version = "1.17.1"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Add security notes for the AWS-LC bump

The root /workspace/registry-stack/AGENTS.md requires explicit review notes for changes to signing or credential issuance; this lockfile line updates aws-lc-rs, which crates/registry-platform-crypto/src/lib.rs uses for RSA signing and crates/registry-notary-server/src/state_plane/sensitive.rs uses for AEAD/HMAC state protection. The commit body only carries Dependabot release notes, so reviewers lack the required repo-specific security note/validation for the affected crypto paths; please add that note before merging.

Useful? React with 👍 / 👎.

@dependabot
dependabot Bot force-pushed the dependabot/cargo/cargo-minor-patch-4dce2ac510 branch from fe5fae7 to 5432ba0 Compare July 16, 2026 19:22
… 10 updates

Bumps the cargo-minor-patch group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [arc-swap](https://github.com/vorner/arc-swap) | `1.9.1` | `1.9.2` |
| [aws-lc-rs](https://github.com/aws/aws-lc-rs) | `1.17.0` | `1.17.3` |
| [bytes](https://github.com/tokio-rs/bytes) | `1.12.0` | `1.12.1` |
| [clap](https://github.com/clap-rs/clap) | `4.6.1` | `4.6.2` |
| [ryu-js](https://github.com/boa-dev/ryu-js) | `1.0.2` | `1.0.3` |
| [time](https://github.com/time-rs/time) | `0.3.51` | `0.3.53` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.52.3` | `1.53.0` |
| [toml](https://github.com/toml-rs/toml) | `1.1.2+spec-1.1.0` | `1.1.3+spec-1.1.0` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.23.4` | `1.24.0` |
| [regex](https://github.com/rust-lang/regex) | `1.12.4` | `1.13.1` |



Updates `arc-swap` from 1.9.1 to 1.9.2
- [Changelog](https://github.com/vorner/arc-swap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/arc-swap/commits)

Updates `aws-lc-rs` from 1.17.0 to 1.17.3
- [Release notes](https://github.com/aws/aws-lc-rs/releases)
- [Commits](aws/aws-lc-rs@v1.17.0...v1.17.3)

Updates `bytes` from 1.12.0 to 1.12.1
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.12.0...v1.12.1)

Updates `clap` from 4.6.1 to 4.6.2
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.6.1...clap_complete-v4.6.2)

Updates `ryu-js` from 1.0.2 to 1.0.3
- [Release notes](https://github.com/boa-dev/ryu-js/releases)
- [Changelog](https://github.com/boa-dev/ryu-js/blob/main/CHANGELOG.md)
- [Commits](boa-dev/ryu-js@v1.0.2...v1.0.3)

Updates `time` from 0.3.51 to 0.3.53
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](time-rs/time@v0.3.51...v0.3.53)

Updates `tokio` from 1.52.3 to 1.53.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.52.3...tokio-1.53.0)

Updates `toml` from 1.1.2+spec-1.1.0 to 1.1.3+spec-1.1.0
- [Commits](toml-rs/toml@toml-v1.1.2...toml-v1.1.3)

Updates `uuid` from 1.23.4 to 1.24.0
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](uuid-rs/uuid@v1.23.4...v1.24.0)

Updates `regex` from 1.12.4 to 1.13.1
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](rust-lang/regex@1.12.4...1.13.1)

---
updated-dependencies:
- dependency-name: arc-swap
  dependency-version: 1.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: aws-lc-rs
  dependency-version: 1.17.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: bytes
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: clap
  dependency-version: 4.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: regex
  dependency-version: 1.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo-minor-patch
- dependency-name: ryu-js
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: time
  dependency-version: 0.3.53
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: tokio
  dependency-version: 1.52.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: toml
  dependency-version: 1.1.3+spec-1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: uuid
  dependency-version: 1.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/cargo/cargo-minor-patch-4dce2ac510 branch from 5432ba0 to 6770582 Compare July 18, 2026 03:26

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 67705826eb

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.lock
[[package]]
name = "arc-swap"
version = "1.9.1"
version = "1.9.2"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add the required DCO sign-off

For this replacement commit, git log -1 --format='%(trailers)' 868cbfc1a63e07678aa2f63e207af2093befb8b5 is empty. I checked .github/workflows/dco.yml, and the PR workflow fails every commit in the PR range that lacks a Signed-off-by: ... <...> trailer, matching the root AGENTS.md DCO rule, so this commit cannot merge until it is recreated with git commit -s or an equivalent trailer.

Useful? React with 👍 / 👎.

Comment thread Cargo.lock
[[package]]
name = "aws-lc-rs"
version = "1.17.0"
version = "1.17.3"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Record security review for the AWS-LC bump

This bump changes aws-lc-rs/aws-lc-sys; I checked the current call sites and crates/registry-platform-crypto/src/lib.rs uses it for RSA signing/verification while crates/registry-notary-server/src/state_plane/sensitive.rs uses it for AES-GCM/HMAC state protection. The root AGENTS.md requires explicit review notes for signing, credential issuance, and audit-integrity-sensitive changes, but this 868cbfc commit message contains only upstream Dependabot release notes, so reviewers still lack the repo-specific security validation before merging.

Useful? React with 👍 / 👎.

Comment thread Cargo.lock
[[package]]
name = "ryu-js"
version = "1.0.2"
version = "1.0.3"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Re-run the ryu-js vetting before bumping it

This changes the locked ryu-js version/checksum, but release/notes/dependency-vetting-ryu-js.md explicitly lists that as a review trigger and notes the crate feeds canonical JSON bytes used by crypto, manifests, hashes, signatures, and configuration artifacts. Without updating that vetting evidence or otherwise recording the repeat review against 1.0.3, this lockfile-only bump violates the documented control for a security-sensitive canonicalization dependency.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Rust implementation work.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants