Bump the production-dependencies group with 22 updates by dependabot[bot] · Pull Request #111 · privy-io/rust-sdk

dependabot · 2026-04-27T08:40:50Z

Bumps the production-dependencies group with 22 updates:

Package	From	To
reqwest	`0.12.28`	`0.13.2`
regress	`0.10.5`	`0.11.1`
tokio	`1.50.0`	`1.52.1`
uuid	`1.22.0`	`1.23.1`
base64	`0.21.7`	`0.22.1`
sha2	`0.10.9`	`0.11.0`
hpke	`0.12.0`	`0.13.0`
rand	`0.8.5`	`0.9.2`
spki	`0.7.3`	`0.8.0`
der	`0.7.10`	`0.8.0`
lru	`0.16.3`	`0.17.0`
jsonwebtoken	`9.3.1`	`10.3.0`
tracing-subscriber	`0.3.22`	`0.3.23`
rand_chacha	`0.3.1`	`0.9.0`
solana-sdk	`3.0.0`	`4.0.1`
solana-rpc-client	`3.1.10`	`3.1.14`
solana-system-interface	`2.0.0`	`3.1.0`
bincode	`1.3.3`	`3.0.0`
secp256k1	`0.30.0`	`0.31.1`
sha3	`0.10.8`	`0.11.0`
progenitor	`0.11.2`	`0.12.0`
progenitor-client	`0.11.2`	`0.12.0`

Updates reqwest from 0.12.28 to 0.13.2

Release notes

Sourced from reqwest's releases.

v0.13.2

tl;dr

Fix HTTP/2 and native-tls ALPN feature combinations.

Fix HTTP/3 to send h3 ALPN.

(wasm) fix RequestBuilder::json() from override previously set content-type.

What's Changed

chore(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in seanmonstar/reqwest#2921

Update readme for 0.13 by @VojtaStanek in seanmonstar/reqwest#2926

fix http2 feature is not enabled for "native-tls" by @fox0 in seanmonstar/reqwest#2927

chore(deps): remove unused webpki-roots and rustls-native-certs by @seanmonstar in seanmonstar/reqwest#2932

docs: native-tls-alpn has changed to native-tls-no-alpn by @seanmonstar in seanmonstar/reqwest#2940

Specify h3 alpn for http3 connector by @passcod in seanmonstar/reqwest#2929

update copyright year to 2026 by @taozui472 in seanmonstar/reqwest#2943

fix(json): custom content-type overidden by json method for wasm by @Narendran-KT in seanmonstar/reqwest#2908

chore: upgrade wasm-streams to v0.5 by @xangelix in seanmonstar/reqwest#2958

chore(ci): add windows and linux arm64 to ci by @dennisameling in seanmonstar/reqwest#2960

New Contributors

@VojtaStanek made their first contribution in seanmonstar/reqwest#2926

@fox0 made their first contribution in seanmonstar/reqwest#2927

@passcod made their first contribution in seanmonstar/reqwest#2929

@taozui472 made their first contribution in seanmonstar/reqwest#2943

@Narendran-KT made their first contribution in seanmonstar/reqwest#2908

@xangelix made their first contribution in seanmonstar/reqwest#2958

@dennisameling made their first contribution in seanmonstar/reqwest#2960

Full Changelog: seanmonstar/reqwest@v0.13.1...v0.13.2

v0.13.1

What's Changed

http3: depend on quinn/rustls-aws-lc-rs to avoid ring dependency by @djc in seanmonstar/reqwest#2917

fix rustls on android by @seanmonstar in seanmonstar/reqwest#2918

Full Changelog: seanmonstar/reqwest@v0.13.0...v0.13.1

v0.13.0

Breaking changes

rustls is now the default TLS backend, instead of native-tls.

rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)

rustls-tls has been renamed to rustls.

rustls roots features removed, rustls-platform-verifier is used by default.

To use different roots, call tls_certs_only(your_roots).

native-tls now includes ALPN. To disable, use native-tls-no-alpn.

query and form are now crate features, disabled by default.

Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.2

Fix HTTP/2 and native-tls ALPN feature combinations.

Fix HTTP/3 to send h3 ALPN.

(wasm) fix RequestBuilder::json() from override previously set content-type.

v0.13.1

Fixes compiling with rustls on Android targets.

v0.13.0

Breaking changes:

rustls is now the default TLS backend, instead of native-tls.

rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)

rustls-tls has been renamed to rustls.

rustls roots features removed, rustls-platform-verifier is used by default.

To use different roots, call tls_certs_only(your_roots).

native-tls now includes ALPN. To disable, use native-tls-no-alpn.

query and form are now crate features, disabled by default.

Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).

Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)

For example, prefer tls_backend_rustls() over use_rustls_tls().

Commits

ad83b63 v0.13.2
c25f3db chore: Add Windows and Linux arm64 to CI (#2960)
761b89e chore: upgrade wasm-streams to v0.5 (#2958)
fd2d507 fix(wasm): custom content-type overidden by json method for wasm (#2908)
23eb7d4 chore: update copyright year to 2026 (#2943)
10c31c2 fix(http3): specify h3 alpn for http3 connector (#2929)
8530ec3 docs: native-tls-alpn has changed to native-tls-no-alpn (#2940)
04a216f chore(deps): remove unused webpki-roots and rustls-native-certs (#2932)
406b59e fix http2 feature is not enabled for native-tls ALPN (#2927)
325a020 Update readme for 0.13 (#2926)
Additional commits viewable in compare view

Updates regress from 0.10.5 to 0.11.1

Release notes

Sourced from regress's releases.

v0.11.1

Fixed

Fix incorrectly faililng to match with certain long literal sequences within lookbehind assertions

New Contributors

@sadan4 made their first contribution in ridiculousfish/regress#145

Full Changelog: ridiculousfish/regress@v0.11.0...v0.11.1

v0.11.0

This release adds support for duplicate named capture groups and includes a set of correctness fixes around Unicode case folding, word-character handling, and capture-group indexing. Unicode data has also been updated to Unicode 17.

Added

Implement TC39 duplicate named capturing groups support, allowing the same group name in disjoint alternations.

Update Unicode data tables to Unicode 17.

Fixed

Fix incorrect ASCII executor behavior when Unicode mode and case-insensitive matching were combined.

Fix Unicode case-insensitive word-character handling for characters such as U+212A and U+017F (in fact the only such characters).

Fix a panic for character classes for certain script extensions

New Contributors

@n-faria made their first contribution in ridiculousfish/regress#136

Full Changelog: ridiculousfish/regress@v0.10.4...v0.11.0

Commits

7e64ad5 Bump version to 0.11.1
b63f21d Factor out emit_byte_sequence from the emitter
ef1f51c Fix overlong byte sequences in lookbehinds
576b29c fix typo in Flags::dot_all docs (#145)
2465bdc Bump version to 0.11.0
5cf0d0c Add test for non-capturing group indexing fix
5b010a5 Support multiple named group indices in backreferences
89e71c1 Properly support Unicode + icase word characters
85d041f Fix non-capturing group indexing
431d9c6 Fix ASCII unicode case folding
Additional commits viewable in compare view

Updates tokio from 1.50.0 to 1.52.1

Release notes

Sourced from tokio's releases.

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

io: AioSource::register_borrowed for I/O safety support (#7992)

net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)

taskdump: add trace_with() for customized task dumps (#8025)

taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)

fs: support io_uring in AsyncRead for File (#7907)

Changed

runtime: improve spawn_blocking scalability with sharded queue (#7757)

runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

docs: fix typo in oneshot::Sender::send docs (#8026)

docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)

net: add docs on ConnectionRefused errors with UDP sockets (#7870)

#7757: tokio-rs/tokio#7757 #7870: tokio-rs/tokio#7870 #7907: tokio-rs/tokio#7907 #7992: tokio-rs/tokio#7992 #8010: tokio-rs/tokio#8010 #8025: tokio-rs/tokio#8025 #8026: tokio-rs/tokio#8026 #8028: tokio-rs/tokio#8028 #8029: tokio-rs/tokio#8029

... (truncated)

Commits

905c146 chore: prepare to release v1.52.1 (#8059)
56aaa43 rt: revert #7757 to fix regression in spawn_blocking (#8057)
57ff47a ci: update trybuild to expect output from rustc 1.95.0 (#8058)
812de3e ci: bump taiki-e/cache-cargo-install-action from 1 to 3 (#8053)
ba82e73 ci: use Dependabot to keep github actions up to date (#8052)
2e85f9d ci: replace cirrus-ci with freebsd-vm (#8041)
a7e1cd8 ci: update GitHub Actions workflows to use latest tool versions (#8047)
5f7be0a chore: perpare 1.52.0 (#8045)
36d12d2 taskdump: allow impl FnMut() in taskdumps instead of just fn() (#8040)
f943312 fs: support io-uring in AsyncRead for File (#7907)
Additional commits viewable in compare view

Updates uuid from 1.22.0 to 1.23.1

Release notes

Sourced from uuid's releases.

v1.23.1

What's Changed

Remove deprecated msrv feature from wasm-bindgen dependency by @guybedford in uuid-rs/uuid#877

fix: Timestamp::from_gregorian deprecation note by @aznashwan in uuid-rs/uuid#878

Prepare for 1.23.1 release by @KodrAus in uuid-rs/uuid#879

New Contributors

@guybedford made their first contribution in uuid-rs/uuid#877

@aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

v1.23.0

What's Changed

feat: add support for 'hyphenated' format in the serde module by @FrenchDilettante in uuid-rs/uuid#865

Fix a number of bugs in time-related code by @KodrAus in uuid-rs/uuid#872

Reword invalid char error message by @KodrAus in uuid-rs/uuid#873

Impl cleanups by @KodrAus in uuid-rs/uuid#874

Use LazyLock to synchronize v1/v6 context initialization by @KodrAus in uuid-rs/uuid#875

Prepare for 1.23.0 release by @KodrAus in uuid-rs/uuid#876

New Contributors

@FrenchDilettante made their first contribution in uuid-rs/uuid#865

Special thanks

@meng-xu-cs raised a series of bugs against the timestamp logic in uuid using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better uuid library for everyone. Thanks!

Deprecations

This release includes the following deprecations:

Context: Renamed to ContextV1

Timestamp::from_gregorian: Renamed to Timestamp::from_gregorian_time

Change to Version::Max

Version::Max's u8 representation has changed from 0xff to 0x0f to match the value returned by Uuid::get_version_num.

Change to Uuid::get_version for the max UUID

Uuid::get_version will only return Some(Version::Max) if the UUID is actually the max UUID (all bytes are 0xff). Previously it would return Some if only the version field was 0x0f. This change matches the behaviour of the nil UUID, which only returns Some(Version::Nil) if the UUID is the nil UUID (all bytes are 0x00).

Full Changelog: uuid-rs/uuid@v1.22.0...v1.23.0

Commits

ca0c85f Merge pull request #879 from uuid-rs/cargo/v1.23.1
b4db015 prepare for 1.23.1 release
771069d Merge pull request #878 from aznashwan/fix-from-gregorian-deprecation-note
80994a2 fix: Timestamp::from_gregorian deprecation note
90c5be8 Merge pull request #877 from guybedford/remove-wasm-bindgen-msrv
8b8c4f4 Remove deprecated feature from wasm-bindgen dependency
00ab922 Merge pull request #876 from uuid-rs/cargo/v1.23.0
726ba45 prepare for 1.23.0 release
996dade Merge pull request #875 from uuid-rs/fix/context-ordering
e140479 simplify a use stmt
Additional commits viewable in compare view

Updates base64 from 0.21.7 to 0.22.1

Changelog

Sourced from base64's changelog.

0.22.1

Correct the symbols used for the predefined alphabet::BIN_HEX.

0.22.0

DecodeSliceError::OutputSliceTooSmall is now conservative rather than precise. That is, the error will only occur if the decoded output cannot fit, meaning that Engine::decode_slice can now be used with exactly-sized output slices. As part of this, Engine::internal_decode now returns DecodeSliceError instead of DecodeError, but that is not expected to affect any external callers.

DecodeError::InvalidLength now refers specifically to the number of valid symbols being invalid (i.e. len % 4 == 1), rather than just the number of input bytes. This avoids confusing scenarios when based on interpretation you could make a case for either InvalidLength or InvalidByte being appropriate.

Decoding is somewhat faster (5-10%)

Commits

e144006 v0.22.1
64cca59 Merge pull request #271 from JobanSD/patch-1
838355e Correct BinHex 4.0 alphabet according to specifications
bf15ccf Merge pull request #270 from marshallpierce/mp/clippy
fc6aabe Appease clippy
9a518a2 Merge pull request #267 from bdura/patch-1
d96c80f Merge branch 'marshallpierce:master' into patch-1
5d70ba7 Merge pull request #269 from marshallpierce/mp/decode-precisely
efb6c00 Release notes
2b91084 Add some tests to boost coverage
Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

ffe0939 Release sha2 0.11.0 (#806)
8991b65 Use the standard order of the [package] section fields (#807)
3d2bc57 sha2: refactor backends (#802)
faa55fb sha3: bump keccak to v0.2 (#803)
d3e6489 sha3 v0.11.0-rc.9 (#801)
bbf6f51 sha2: tweak backend docs (#800)
155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
ed514f2 Use published version of keccak v0.2 (#799)
702bcd8 Migrate to closure-based keccak (#796)
827c043 sha3 v0.11.0-rc.8 (#794)
Additional commits viewable in compare view

Updates hpke from 0.12.0 to 0.13.0

Changelog

Sourced from hpke's changelog.

[0.13.0] - 2025-02-19

Changes

Made PskBundle require an explicit constructor that performs validation on inputs

Updated rand and rand_core to 0.9

Commits

a27764a Updated changelog, readme, and Cargo.toml for v0.13 (#75)
ba4014a Add PSK bundle validation (#72)
1f06ba1 Upgrade rand and rand_core to 0.9 (#73)
619875a Fix outdated documentation link in Cargo.toml (#70)
See full diff in compare view

Updates rand from 0.8.5 to 0.9.2

Changelog

Sourced from rand's changelog.

[0.9.2] - 2025-07-20

Deprecated

Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

Enable WeightedIndex<usize> (de)serialization (#1646)

[0.9.1] - 2025-04-17

Security and unsafe

Revise "not a crypto library" policy again (#1565)

Remove zerocopy dependency from rand (#1579)

Fixes

Fix feature simd_support for recent nightly rust (#1586)

Changes

Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#1623), reverting an undocumented change (#1382) to the previous release.

Additions

Add rand::distr::Alphabetic distribution. (#1587)

Re-export rand_core (#1604)

#1565: rust-random/rand#1565 #1579: rust-random/rand#1579 #1586: rust-random/rand#1586 #1587: rust-random/rand#1587 #1604: rust-random/rand#1604 #1623: rust-random/rand#1623 #1634: rust-random/rand#1634 #1646: rust-random/rand#1646

[0.9.0] - 2025-01-27

Security and unsafe

Policy: "rand is not a crypto library" (#1514)

Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)

Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version

Update to rand_core v0.9.0 (#1558)

Features

Support std feature without getrandom or rand_chacha (#1354)

Enable feature small_rng by default (#1455)

Remove implicit feature rand_chacha; use std_rng instead. (#1473)

Rename feature serde1 to serde (#1477)

Rename feature getrandom to os_rng (#1537)

... (truncated)

Commits

d3dd415 Prepare rand_core 0.9.2 (#1605)
99fabd2 Prepare rand_core 0.9.2
c7fe1c4 rand: re-export rand_core (#1604)
db2b1e0 rand: re-export rand_core
ee1d96f rand_core: implement reborrow for UnwrapMut (#1595)
e0eb2ee rand_core: implement reborrow for UnwrapMut
975f602 fixup clippy 1.85 warnings
775b05b Relax Sized requirements for blanket impls (#1593)
ec6d5c0 Prepare rand_core v0.9.1 (#1591)
6a06056 rand_core: introduce an UnwrapMut wrapper (#1589)
Additional commits viewable in compare view

Updates spki from 0.7.3 to 0.8.0

Commits

1ee89d6 spki v0.8.0 (#2277)
35e35bc der: deprecate ErrorKind::SetDuplicate (#2276)
fe0fdfb spki: enable workspace-level lint config (#2231) (#2275)
223f522 der: allow SetOf* duplicates (#2272)
3778ae3 spki: impl core::error::Error for Error (#2274)
a8bc037 Bump sha2 dependency to v0.11 (#2273)
1d6ed2e sec1 v0.8.1 (#2270)
11590f1 sec1: impl CtAssign(Slice)/CtEq(Slice) for EncodedPoint (#2269)
9bad356 chore(deps): bump the all-deps group with 11 updates (#2268)
f682bc1 chore(deps): bump the all-deps group with 6 updates (#2266)
Additional commits viewable in compare view

Updates der from 0.7.10 to 0.8.0

Commits

7784544 der v0.8.0 (#2234)
3a39d5e der: remove obsolete lint configs (#2235)
8ede832 der: followup to docs changes (#2233)
610211c der: remove deprecated SetOf(Vec)::add methods (#2232)
f362dac der: add workspace-level clippy config (#2231)
b5b3ee2 der: expand CI coverage (#2230)
65ae3d7 Add heapless::Vec-backed SequenceOf and SetOf (#2229)
302dd3f pkcs8 v0.11.0-rc.11 (#2228)
bc1c747 der v0.8.0-rc.12 (#2227)
8ce90ef der_derive: fix trusted publishing workflow
Additional commits viewable in compare view

Updates lru from 0.16.3 to 0.17.0

Changelog

Sourced from lru's changelog.

v0.17.0 - 2026-04-14

Upgrade hashbrown to 0.17.0 and update MSRV to 1.85.0.

v0.16.4 - 2026-04-13

Add get_or_insert_with_key and variants.

Commits

13321a9 Merge pull request #232 from jeromefroe/jerome/prepare-0-17-0-release
f7d0ece Prepare 0.17.0 release
2d3d6d5 Merge pull request #231 from xtqqczze/deps/hashbrown
346e2fe Bump hashbrown to 0.17.0
1302b4e Update MSRV to 1.85.0
d8c7f5c Merge pull request #230 from jeromefroe/jerome/prepare-0-16-4-release
bd5261b Prepare 0.16.4 release
16e161d Merge pull request #229 from pikatos/get_or_insert_with_key
5135e8e Apply suggestions from code review
81c2ef0 Add get_or_insert_with_key variants
See full diff in compare view

Updates jsonwebtoken from 9.3.1 to 10.3.0

Changelog

Sourced from jsonwebtoken's changelog.

10.3.0 (2026-01-27)

Export everything needed to define your own CryptoProvider

Fix type confusion with exp/nbf when not required

10.2.0 (2025-11-06)

Remove Clone bound from decode functions

10.1.0 (2025-10-18)

add dangerous::insecure_decode

Implement TryFrom &Jwk for DecodingKey

10.0.0 (2025-09-29)

BREAKING: now using traits for crypto backends, you have to choose between aws_lc_rs and rust_crypto

Add Clone bound to decode

Support decoding byte slices

Support JWS

Commits

abbc307 Fix type confusion
e99740d fix: bump minimal version requirements (#481)
50d15e0 Use try_sign to avoid panics (#479)
245858f Bump some dep
122c2ed Bump action number in CI
72e0c7f Expose cryptography backends via CryptoProvider (#452)
53a3fc2 Do not fail for clippy
3226cfc Prepare for release
dfe58f9 Remove unnecessary Clone bounds from decode functions (#458)
9b3e19c Fix function names in README (#457)
Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.22 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

Commits

54ede4d chore: prepare tracing-subscriber 0.3.23 (#3490)
37558d5 subscriber: allow ansi sanitization to be disabled (#3484)
efc690f core: add missing const (#3449)
0c32367 core: Use const initializers instead of once_cell
9feb241 docs: add arcswap reload crate to related (#3442)
2d55f6f chore: prepare tracing 0.1.44 (#3439)
10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
ee82cf9 tracing: fix record_all panic (#3432)
9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
See full diff in compare view

Updates rand_chacha from 0.3.1 to 0.9.0

Release notes

Sourced from rand_chacha's releases.

0.9.0

Upgrade guide

See https://rust-random.github.io/book/update-0.9.html

Changelog

Security and unsafe

Policy: "rand is not a crypto library" (#1514)

Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)

Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version

Update to rand_core v0.9.0 (#1558)

Features

Support std feature without getrandom or rand_chacha (#1354)

Enable feature small_rng by default (#1455)

Remove implicit feature rand_chacha; use std_rng instead. (#1473)

Rename feature serde1 to serde (#1477)

Rename feature getrandom to os_rng (#1537)

Add feature thread_rng (#1547)

API changes: rand_core traits

Add fn RngCore::read_adapter implementing std::io::Read (#1267)

Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#1273)

Add traits TryRngCore, TryCryptoRng (#1424, #1499)

Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#1424)

Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#1424)

Add bounds Clone and AsRef to associated type SeedableRng::Seed (#1491)

API changes: Rng trait and top-level fns

Renam...
Description has been truncated

Bumps the production-dependencies group with 22 updates: | Package | From | To | | --- | --- | --- | | [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.28` | `0.13.2` | | [regress](https://github.com/ridiculousfish/regress) | `0.10.5` | `0.11.1` | | [tokio](https://github.com/tokio-rs/tokio) | `1.50.0` | `1.52.1` | | [uuid](https://github.com/uuid-rs/uuid) | `1.22.0` | `1.23.1` | | [base64](https://github.com/marshallpierce/rust-base64) | `0.21.7` | `0.22.1` | | [sha2](https://github.com/RustCrypto/hashes) | `0.10.9` | `0.11.0` | | [hpke](https://github.com/rozbb/rust-hpke) | `0.12.0` | `0.13.0` | | [rand](https://github.com/rust-random/rand) | `0.8.5` | `0.9.2` | | [spki](https://github.com/RustCrypto/formats) | `0.7.3` | `0.8.0` | | [der](https://github.com/RustCrypto/formats) | `0.7.10` | `0.8.0` | | [lru](https://github.com/jeromefroe/lru-rs) | `0.16.3` | `0.17.0` | | [jsonwebtoken](https://github.com/Keats/jsonwebtoken) | `9.3.1` | `10.3.0` | | [tracing-subscriber](https://github.com/tokio-rs/tracing) | `0.3.22` | `0.3.23` | | [rand_chacha](https://github.com/rust-random/rand) | `0.3.1` | `0.9.0` | | [solana-sdk](https://github.com/anza-xyz/solana-sdk) | `3.0.0` | `4.0.1` | | [solana-rpc-client](https://github.com/anza-xyz/agave) | `3.1.10` | `3.1.14` | | [solana-system-interface](https://github.com/anza-xyz/solana-sdk) | `2.0.0` | `3.1.0` | | [bincode](https://github.com/bincode-org/bincode) | `1.3.3` | `3.0.0` | | [secp256k1](https://github.com/rust-bitcoin/rust-secp256k1) | `0.30.0` | `0.31.1` | | [sha3](https://github.com/RustCrypto/hashes) | `0.10.8` | `0.11.0` | | [progenitor](https://github.com/oxidecomputer/progenitor) | `0.11.2` | `0.12.0` | | [progenitor-client](https://github.com/oxidecomputer/progenitor) | `0.11.2` | `0.12.0` | Updates `reqwest` from 0.12.28 to 0.13.2 - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](seanmonstar/reqwest@v0.12.28...v0.13.2) Updates `regress` from 0.10.5 to 0.11.1 - [Release notes](https://github.com/ridiculousfish/regress/releases) - [Commits](ridiculousfish/regress@v0.10.5...v0.11.1) Updates `tokio` from 1.50.0 to 1.52.1 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.50.0...tokio-1.52.1) Updates `uuid` from 1.22.0 to 1.23.1 - [Release notes](https://github.com/uuid-rs/uuid/releases) - [Commits](uuid-rs/uuid@v1.22.0...v1.23.1) Updates `base64` from 0.21.7 to 0.22.1 - [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md) - [Commits](marshallpierce/rust-base64@v0.21.7...v0.22.1) Updates `sha2` from 0.10.9 to 0.11.0 - [Commits](RustCrypto/hashes@sha2-v0.10.9...sha2-v0.11.0) Updates `hpke` from 0.12.0 to 0.13.0 - [Changelog](https://github.com/rozbb/rust-hpke/blob/main/CHANGELOG.md) - [Commits](rozbb/rust-hpke@v0.12.0...v0.13.0) Updates `rand` from 0.8.5 to 0.9.2 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](rust-random/rand@0.8.5...rand_core-0.9.2) Updates `spki` from 0.7.3 to 0.8.0 - [Commits](RustCrypto/formats@spki/v0.7.3...spki/v0.8.0) Updates `der` from 0.7.10 to 0.8.0 - [Commits](RustCrypto/formats@der/v0.7.10...der/v0.8.0) Updates `lru` from 0.16.3 to 0.17.0 - [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md) - [Commits](jeromefroe/lru-rs@0.16.3...0.17.0) Updates `jsonwebtoken` from 9.3.1 to 10.3.0 - [Changelog](https://github.com/Keats/jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](Keats/jsonwebtoken@v9.3.1...v10.3.0) Updates `tracing-subscriber` from 0.3.22 to 0.3.23 - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](tokio-rs/tracing@tracing-subscriber-0.3.22...tracing-subscriber-0.3.23) Updates `rand_chacha` from 0.3.1 to 0.9.0 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](rust-random/rand@rand_chacha-0.3.1...0.9.0) Updates `solana-sdk` from 3.0.0 to 4.0.1 - [Release notes](https://github.com/anza-xyz/solana-sdk/releases) - [Commits](https://github.com/anza-xyz/solana-sdk/compare/sdk@v3.0.0...sdk@v4.0.1) Updates `solana-rpc-client` from 3.1.10 to 3.1.14 - [Release notes](https://github.com/anza-xyz/agave/releases) - [Changelog](https://github.com/anza-xyz/agave/blob/master/CHANGELOG.md) - [Commits](anza-xyz/agave@v3.1.10...v3.1.14) Updates `solana-system-interface` from 2.0.0 to 3.1.0 - [Release notes](https://github.com/anza-xyz/solana-sdk/releases) - [Commits](https://github.com/anza-xyz/solana-sdk/compare/address@v2.0.0...msg@v3.1.0) Updates `bincode` from 1.3.3 to 3.0.0 - [Commits](https://github.com/bincode-org/bincode/commits) Updates `secp256k1` from 0.30.0 to 0.31.1 - [Changelog](https://github.com/rust-bitcoin/rust-secp256k1/blob/master/CHANGELOG.md) - [Commits](rust-bitcoin/rust-secp256k1@secp256k1-0.30.0...secp256k1-0.31.1) Updates `sha3` from 0.10.8 to 0.11.0 - [Commits](RustCrypto/hashes@sha3/v0.10.8...sha3-v0.11.0) Updates `progenitor` from 0.11.2 to 0.12.0 - [Changelog](https://github.com/oxidecomputer/progenitor/blob/main/CHANGELOG.adoc) - [Commits](oxidecomputer/progenitor@v0.11.2...v0.12.0) Updates `progenitor-client` from 0.11.2 to 0.12.0 - [Changelog](https://github.com/oxidecomputer/progenitor/blob/main/CHANGELOG.adoc) - [Commits](oxidecomputer/progenitor@v0.11.2...v0.12.0) --- updated-dependencies: - dependency-name: reqwest dependency-version: 0.13.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: regress dependency-version: 0.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: tokio dependency-version: 1.52.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: uuid dependency-version: 1.23.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: base64 dependency-version: 0.22.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: sha2 dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: hpke dependency-version: 0.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: rand dependency-version: 0.9.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: spki dependency-version: 0.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: der dependency-version: 0.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: lru dependency-version: 0.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: jsonwebtoken dependency-version: 10.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: tracing-subscriber dependency-version: 0.3.23 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: rand_chacha dependency-version: 0.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: solana-sdk dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: solana-rpc-client dependency-version: 3.1.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: solana-system-interface dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: bincode dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: secp256k1 dependency-version: 0.31.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: sha3 dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: progenitor dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: progenitor-client dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-04-27T08:41:16Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability
tokio@1.50.0 ⏵ 1.52.1	^-1
progenitor@0.11.2 ⏵ 0.12.0
progenitor-client@0.11.2 ⏵ 0.12.0
reqwest@0.13.2
bincode@3.0.0
der@0.8.0
secp256k1@0.31.1
sha2@0.11.0
solana-system-interface@3.1.0
spki@0.8.0
lru@0.16.3 ⏵ 0.17.0
sha3@0.10.8 ⏵ 0.11.0
solana-rpc-client@3.1.10 ⏵ 3.1.14
solana-sdk@3.0.0 ⏵ 4.0.1
tracing-subscriber@0.3.22 ⏵ 0.3.23
uuid@1.22.0 ⏵ 1.23.1
regress@0.11.1
jsonwebtoken@9.3.1 ⏵ 10.3.0		⁺²
hpke@0.12.0 ⏵ 0.13.0

View full report

dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Apr 27, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the production-dependencies group with 22 updates#111

Bump the production-dependencies group with 22 updates#111
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/production-dependencies-9211b2d560

dependabot Bot commented on behalf of github Apr 27, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Apr 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.13.2

tl;dr

What's Changed

New Contributors

v0.13.1

What's Changed

v0.13.0

Breaking changes

v0.13.2

v0.13.1

v0.13.0

v0.11.1

Fixed

New Contributors

v0.11.0

Added

Fixed

New Contributors

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

Added (unstable)

Changed

Fixed

Documented

v1.23.1

What's Changed

New Contributors

v1.23.0

What's Changed

New Contributors

Special thanks

Deprecations

Change to Version::Max

Change to Uuid::get_version for the max UUID

0.22.1

0.22.0

[0.13.0] - 2025-02-19

Changes

[0.9.2] - 2025-07-20

Deprecated

Additions

[0.9.1] - 2025-04-17

Security and unsafe

Fixes

Changes

Additions

[0.9.0] - 2025-01-27

Security and unsafe

Dependencies

Features

v0.17.0 - 2026-04-14

v0.16.4 - 2026-04-13

10.3.0 (2026-01-27)

10.2.0 (2025-11-06)

10.1.0 (2025-10-18)

10.0.0 (2025-09-29)

tracing-subscriber 0.3.23

Fixed

0.9.0

Upgrade guide

Changelog

Security and unsafe

Dependencies

Features

API changes: rand_core traits

API changes: Rng trait and top-level fns

Uh oh!

socket-security Bot commented Apr 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

dependabot Bot commented on behalf of github Apr 27, 2026 •

edited

Loading

Change to `Version::Max`

Change to `Uuid::get_version` for the max UUID