From 9c5afcf3bdac800c071bdf2a9e6076b9fc7ad472 Mon Sep 17 00:00:00 2001
From: OneNoted <notes@madeingotland.com>
Date: Sat, 9 May 2026 11:39:37 +0200
Subject: [PATCH] fix: resolve active dependency advisories

Update the lockfile to patched rand and rustls-webpki releases so GitHub security scanning no longer reports the active Dependabot alerts.

Constraint: Alerts are lockfile-only Rust dependency advisories from GitHub Dependabot.
Confidence: high
Scope-risk: narrow
Tested: cargo check --locked
Tested: cargo test --locked
Tested: cargo audit
Not-tested: GitHub Dependabot rescanning before PR merge
---
 Cargo.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index e6a7e38..1f68f12 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1928,9 +1928,9 @@ checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09"
 
 [[package]]
 name = "rand"
-version = "0.9.2"
+version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
+checksum = "7ec095654a25171c2124e9e3393a930bddbffdc939556c914957a4c3e0a87166"
 dependencies = [
  "rand_chacha",
  "rand_core",
@@ -2135,9 +2135,9 @@ checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f"
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.10"
+version = "0.103.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef"
+checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
 dependencies = [
  "aws-lc-rs",
  "ring",