deps: bump the rust-minor group across 1 directory with 10 updates

[dependabot]

Bumps the rust-minor group with 10 updates in the / directory:

Package	From	To
rustls	0.23.36	0.23.38
webpki-roots	1.0.6	1.0.7
env_logger	0.11.9	0.11.10
clap	4.5.59	4.6.1
libc	0.2.182	0.2.185
ureq	3.2.0	3.3.0
toml	1.0.2+spec-1.1.0	1.1.2+spec-1.1.0
minijinja	2.15.1	2.19.0
getrandom	0.4.1	0.4.2
tempfile	3.25.0	3.27.0

Updates rustls from 0.23.36 to 0.23.38

Commits

• 6b116bc Bump version of rustls
• a1da268 client: allow skipping selected ALPN validation
• 5b3ef11 Fix ambiguous panic! warning
• 0f0fbf5 Fix clippy::result_large_err
• 7e99b52 Update semver-compatible dependencies
• 4b455b8 Bump version of rustls
• 245963b Add ML-KEM-1024 key encapsulation mechanism
• e1886fd Take semver-compatible updates
• 86ad94b Refresh verify-bench certificates
• 4df9216 Do not "warm up" aws-lc-rs RNG in other benchmarks
• Additional commits viewable in compare view

Updates webpki-roots from 1.0.6 to 1.0.7

Release notes

Sourced from webpki-roots's releases.

1.0.7

For their April 2026 root store changes, Mozilla has made more changes than usual:

These changes are part of Mozilla’s ongoing root store maintenance under the Mozilla Root Store Policy (MRSP), including §7.4 (Root CA Lifecycles) and §7.5.3 (Transition Plans). They reflect a combination of lifecycle-based transitions, CA operator requests, and alignment with intended certificate usage, including retiring older or less suitable root certificates, enforcing clear separation of trust purposes (e.g., TLS vs. S/MIME), and reducing unnecessary trust surface in the Web PKI ecosystem. Collectively, these actions help to ensure that root certificates are relied upon only for their intended and actively maintained use cases, or are retired in accordance with established distrust timelines.

This removes:

• CN=Certigna O=Dhimyotis
• CN=COMODO Certification Authority O=COMODO CA Limited
• CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com
• CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com
• CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com
• CN=FIRMAPROFESIONAL CA ROOT-A WEB O=Firmaprofesional SA
• CN=GTS Root R2 O=Google Trust Services LLC
• CN=QuoVadis Root CA 2 O=QuoVadis Limited
• CN=QuoVadis Root CA 3 O=QuoVadis Limited
• CN=Secure Global CA O=SecureTrust Corporation
• CN=SecureTrust CA O=SecureTrust Corporation
• CN=SwissSign Gold CA - G2 O=SwissSign AG
• CN=TeliaSonera Root CA v1 O=TeliaSonera
• CN=Trustwave Global Certification Authority O=Trustwave Holdings, Inc.
• CN=Trustwave Global ECC P256 Certification Authority O=Trustwave Holdings, Inc.
• CN=Trustwave Global ECC P384 Certification Authority O=Trustwave Holdings, Inc.
• O=certSIGN OU=certSIGN ROOT CA

See their announcement for more details.

What's Changed

• Take semver-compatible dependency updates by @​djc in rustls/webpki-roots#116
• Take semver-compatible dependency updates by @​djc in rustls/webpki-roots#117
• Take semver-compatible updates by @​ctz in rustls/webpki-roots#118
• Prepare 1.0.7 by @​djc in rustls/webpki-roots#120
• Update dependencies by @​djc in rustls/webpki-roots#119

Full Changelog: rustls/webpki-roots@v/1.0.6...v/1.0.7

Commits

• be94846 Update dependencies (#119)
• 76476f9 Prepare 1.0.7 (#120)
• ed392f4 Take semver-compatible updates (#118)
• ec8b744 Take semver-compatible dependency updates (#117)
• 84a0c23 Take semver-compatible dependency updates (#116)
• See full diff in compare view

Updates env_logger from 0.11.9 to 0.11.10

Release notes

Sourced from env_logger's releases.

v0.11.10

[0.11.10] - 2026-03-23

Internal

• Update dependencies

Changelog

Sourced from env_logger's changelog.

[0.11.10] - 2026-03-23

Internal

• Update dependencies

Commits

• 41320bf chore: Release
• de8c74f docs: Update changelog
• d550741 docs(gh): Add sponsor link
• 458b075 chore(deps): Update Rust Stable to v1.94 (#401)
• 8bc3fc3 Merge pull request #400 from epage/update
• 143fa64 chore: Upgrade incompatible
• b687a24 chore: Upgrade compatible
• 8cf1ba9 Merge pull request #397 from rust-cli/renovate/crate-ci-typos-1.x
• 094ecf7 Merge pull request #396 from rust-cli/renovate/crate-ci-committed-1.x
• 34ad626 chore(deps): Update pre-commit hook crate-ci/typos to v1.44.0
• Additional commits viewable in compare view

Updates clap from 4.5.59 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

v4.5.60

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

[4.6.0] - 2026-03-12

Compatibility

• Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

• Update dependencies

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates libc from 0.2.182 to 0.2.185

Release notes

Sourced from libc's releases.

0.2.185

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

0.2.184

MSRV

This release increases the MSRV of libc to 1.65. With this update, you can now always use the core::ffi::c_* types with libc definitions, since libc has been changed to reexport from core rather than redefining them. (This usually worked before but had edge cases.) (#4972)

Added

• BSD: Add IP_MINTTL to bsd (#5026)
• Cygwin: Add TIOCM_DSR (#5031)
• FreeBSD: Added xfile structe and file descriptor types (#5002)
• Linux: Add CAN netlink bindings (#5011)
• Linux: Add struct ethhdr (#4239)
• Linux: Add struct ifinfomsg (#5012)
• Linux: Define max_align_t for riscv64 (#5029)
• NetBSD: Add missing CLOCK_ constants (#5020)
• NuttX: Add _SC_HOST_NAME_MAX (#5004)
• VxWorks: Add flock and F_*LCK constants (#4043)
• WASI: Add all _SC_* sysconf constants (#5023)

Deprecated

The remaining fixed-width integer aliases, __uint128_t, __uint128, __int128_t, and __int128, have been deprecated. Use i128 and u128 instead. (#4343)

Fixed

• breaking Redox: Fix signal action constant types (#5009)
• EspIDF: Correct the value of DT_* constants (#5034)
• Redox: Fix locale values and add RTLD_NOLOAD, some TCP constants (#5025)
• Various: Use Padding::new(<zeroed>) rather than Padding::uninit() (#5036)

Changed

• potentially breaking Linux: Add new fields to struct ptrace_syscall_info (#4966)

... (truncated)

Changelog

Sourced from libc's changelog.

0.2.185 - 2026-04-13

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

0.2.184 - 2026-04-01

MSRV

This release increases the MSRV of libc to 1.65. With this update, you can now always use the core::ffi::c_* types with libc definitions, since libc has been changed to reexport from core rather than redefining them. (This usually worked before but had edge cases.) (#4972)

Added

• BSD: Add IP_MINTTL to bsd (#5026)
• Cygwin: Add TIOCM_DSR (#5031)
• FreeBSD: Added xfile structe and file descriptor types (#5002)
• Linux: Add CAN netlink bindings (#5011)
• Linux: Add struct ethhdr (#4239)
• Linux: Add struct ifinfomsg (#5012)
• Linux: Define max_align_t for riscv64 (#5029)
• NetBSD: Add missing CLOCK_ constants (#5020)
• NuttX: Add _SC_HOST_NAME_MAX (#5004)
• VxWorks: Add flock and F_*LCK constants (#4043)
• WASI: Add all _SC_* sysconf constants (#5023)

Deprecated

The remaining fixed-width integer aliases, __uint128_t, __uint128, __int128_t, and __int128, have been deprecated. Use i128 and u128 instead. (#4343)

Fixed

• breaking Redox: Fix signal action constant types (#5009)
• EspIDF: Correct the value of DT_* constants (#5034)
• Redox: Fix locale values and add RTLD_NOLOAD, some TCP constants (#5025)
• Various: Use Padding::new(<zeroed>) rather than Padding::uninit() (#5036)

... (truncated)

Commits

• 71d5bfc libc: Release 0.2.185
• 1027d1c Revert "ci: Pin nightly to 2026-04-01"
• 0e9c6e5 redox: Add semaphore functions
• 24ef457 feat: add back support for gnu windows x86 in ci
• aa75caf horizon: Change POLL constants from c_short to c_int
• b7eda5a hexagon: add missing constants and fix types for linux-musl
• d4613f9 newlib/espidf: Add espidf_picolibc cfg for picolibc O_* flag values
• c89fd76 Fix typo in Padding comments
• b3264b2 hexagon: decouple time64 types from musl symbol redirects
• db1ebee ci: Pin nightly to 2026-04-01
• Additional commits viewable in compare view

Updates ureq from 3.2.0 to 3.3.0

Changelog

Sourced from ureq's changelog.

3.3.0

• Bump MSRV 1.71 -> 1.85, edition 2024 #1167

3.2.1

• Switch archived utf-8 crate for utf8-zero #1163

Commits

• b2adbf0 3.3.0
• 7662219 Bump MSRV 1.71 -> 1.85, edition 2024
• eb51f2c 3.2.1
• ad49981 Bump deps to fix cargo-deny RUSTSEC
• 08785cb Switch out utf-8 crate with utf8-zero
• 9ef2153 Clarify that json feature is disabled by default
• eb2539d Fix misleading unsafe wording in crate docs
• b45d3d2 Fix cargo-deny advisory failures
• See full diff in compare view

Updates toml from 1.0.2+spec-1.1.0 to 1.1.2+spec-1.1.0

Commits

• a3d0047 chore: Release
• cc37615 docs: Update changelog
• 7f5e9e1 fix(parser): Consolidate invalid unquoted key into one error (#1138)
• 52feb90 fix(parser): Consolidate invalid unquoted key into one error
• aad85d4 chore(deps): Update j178/prek-action action to v2 (#1136)
• 8b1ac44 chore(deps): Update compatible (dev) (#1135)
• 9effd79 chore(deps): Update j178/prek-action action to v2
• 9db8aad chore: Release
• e55a663 docs: Update changelog
• c11d7d7 Optimisations (#1133)
• Additional commits viewable in compare view

Updates minijinja from 2.15.1 to 2.19.0

Release notes

Sourced from minijinja's releases.

2.17.0

Release Notes

• Added 'c' (character) format type support for format filters and str.format-style formatting. #868
• Added prebuilt minijinja-cli release targets for aarch64-pc-windows-msvc (Windows ARM64) and armv7-unknown-linux-gnueabihf.
• Fixed strict and semi-strict undefined handling so string-coercing filter/function arguments also fail for nested Rest<String> and Vec<String> conversions. #877
• Fixed Python CI/build compatibility with newer maturin by moving stripping from global config to release wheel build arguments.

Install minijinja-cli 2.17.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/minijinja/releases/download/minijinja-go/v2.17.0/minijinja-cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/mitsuhiko/minijinja/releases/download/minijinja-go/v2.17.0/minijinja-cli-installer.ps1 | iex"

Download minijinja-cli 2.17.0

File	Platform	Checksum
minijinja-cli-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
minijinja-cli-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
minijinja-cli-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
minijinja-cli-i686-pc-windows-msvc.zip	x86 Windows	checksum
minijinja-cli-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
minijinja-cli-aarch64-unknown-linux-gnu.tar.xz	ARM64 Linux	checksum
minijinja-cli-i686-unknown-linux-gnu.tar.xz	x86 Linux	checksum
minijinja-cli-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum
minijinja-cli-armv7-unknown-linux-gnueabihf.tar.xz	ARMv7 Linux	checksum
minijinja-cli-aarch64-unknown-linux-musl.tar.xz	ARM64 MUSL Linux	checksum
minijinja-cli-i686-unknown-linux-musl.tar.xz	x86 MUSL Linux	checksum
minijinja-cli-x86_64-unknown-linux-musl.tar.xz	x64 MUSL Linux	checksum

2.16.0

Release Notes

• Added musllinux wheel builds for Python release artifacts.
• Fixed |escape to honor custom formatters. #861
• Aligned undefined behavior handling in the Go port with Rust.
• Removed non-Rust keys and values filters from the Go port for parity. #863

Install minijinja-cli 2.16.0

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from minijinja's changelog.

2.19.0

• Fixed strict undefined behavior for comparison operators (such as ==), string concatenation (~), and undefined needles in the in operator to better match Jinja2. #886 #888
• Fixed the default filter in strict undefined mode so an explicitly passed undefined fallback argument errors instead of being treated like a missing argument. #887

2.18.0

• Added keyword argument support (width, first, blank) to the indent filter for Jinja2 compatibility in Rust and Go. #864
• Added support for dotted integer lookup (for example foo.0) in Rust and Go for Jinja compatibility. #881
• Added support for dotted filter and test names (including foo . bar . baz) for Jinja compatibility. #879
• Fixed string escape handling to preserve unknown escapes (such as \s) for Jinja compatibility in Rust and Go. #880
• Improved generic performance across template parsing, compilation, and rendering.
• Fixed minijinja-cabi ownership and pointer-safety issues that could leak mj_value values on error paths.
• Added high-priority minijinja-cabi APIs for callback-based functions/filters/tests, globals, loaders, path joining, auto-escape configuration, and fuel limits.
• Switched minijinja-cabi header maintenance to manual source-based syncing and removed cbindgen-based generation tooling.
• Added lightweight C smoke tests for minijinja-cabi (via make -C minijinja-cabi test) with coverage across all exported C ABI functions, and wired them into top-level testing and CI.
• Added render_captured and render_captured_to methods on Template which return a Captured type holding the rendered output and the template state.
• Added into_output method on Captured to consume and return the output string.
• Deprecated render_and_return_state, eval_to_state, and render_to_write in favor of the new render_captured / render_captured_to / Captured API.

2.17.1

• Re-release of 2.17.0 to fix release automation.
• Switched npm publishing to trusted publishing (OIDC/provenance) and removed token-based auth from CI.
• Prevented duplicate crates.io publish attempts by skipping slash-prefixed tags in crates publishing.

2.17.0

• Added 'c' (character) format type support for format filters and str.format-style formatting. #868
• Added prebuilt minijinja-cli release targets for aarch64-pc-windows-msvc (Windows ARM64) and armv7-unknown-linux-gnueabihf.
• Fixed strict and semi-strict undefined handling so string-coercing filter/function arguments also fail for nested Rest<String> and Vec<String> conversions. #877
• Fixed Python CI/build compatibility with newer maturin by moving stripping from global config to release wheel build arguments.

2.16.0

• Added musllinux wheel builds for Python release artifacts.
• Fixed |escape to honor custom formatters. #861
• Aligned undefined behavior handling in the Go port with Rust.
• Removed non-Rust keys and values filters from the Go port for parity. #863

Commits

• f15dc1e chore(release): 2.19.0
• e04d276 fix(undefined): align strict undefined behavior with Jinja2
• 92f114d release 2.18.0
• 80d30a7 refactor(vendor): prune unused self_cell API surface
• 50ce37a fix: typos
• 24891e1 feat(filters): add kwargs support to indent filter for Jinja2 parity
• 4cca670 refactor: deprecate render_to_write in favor of render_captured_to
• ac88f8e fix: correct typo render_capturedd_to -> render_captured_to
• 710137b chore: remove dead_code allow and unused MutBorrow from vendored self_cell
• 39d00e6 feat: Added new capture methods for state
• Additional commits viewable in compare view

Updates getrandom from 0.4.1 to 0.4.2

Changelog

Sourced from getrandom's changelog.

0.4.2 - 2026-03-03

Changed

• Bump r-efi dependency to v6 #814

Fixed

• Read errno only when it is set #810
• Check the return value of ProcessPrng on Windows #811

#810: rust-random/getrandom#810 #811: rust-random/getrandom#811 #814: rust-random/getrandom#814

Commits

• 4d82673 Release v0.4.2 (#821)
• 158fdd4 build(deps): bump the all-deps group with 3 updates (#818)
• 5b0adcc changelog: fix Motor OS PR link (#816)
• f19d321 changelog: move version links to relevant sections (#815)
• b83c779 Avoid accessing errno on unexpected return values. (#810)
• 3d1b151 Update r-efi to v6 (#814)
• 73c17f7 windows: check return value of ProcessPrng (#811)
• 7589557 Update Cargo.lock (#809)
• 6dfd5cb Unify lazy types (#804)
• 5e6b022 Update Cargo.lock (#806)
• Additional commits viewable in compare view

Updates tempfile from 3.25.0 to 3.27.0

Changelog

Sourced from tempfile's changelog.

3.27.0

This release adds TempPath::try_from_path and deprecates TempPath::from_path.

Prior to this release, TempPath::from_path made no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:

let tmp_path = TempPath::from_path("foo")
std::env::set_current_dir("/some/other/path").unwrap();
drop(tmp_path);

Now:

1. TempPath::from_path will attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to call std::env::current_dir, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.
2. The TempPath::try_from_path behaves exactly like TempPath::from_path, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).

Neither function attempt to verify the existence of the file in question.

Thanks to @​meng-xu-cs for reporting this issue.

3.26.0

• Support NamedTempFile::persist on RedoxOS (#393) (thanks to @​Andy-Python-Programmer).

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions