Skip to content

chore(deps): weekly safe cargo updates · 5 packages#26

Open
mendral-app[bot] wants to merge 2 commits into
mainfrom
mendral/deps/weekly-safe-cargo-20260615
Open

chore(deps): weekly safe cargo updates · 5 packages#26
mendral-app[bot] wants to merge 2 commits into
mainfrom
mendral/deps/weekly-safe-cargo-20260615

Conversation

@mendral-app

@mendral-app mendral-app Bot commented Jun 15, 2026

Copy link
Copy Markdown

Packages bumped

Crate Old New Released
axum 0.8.8 0.8.9 2026-04-14
chrono 0.4.44 0.4.45 2026-06-04
rand 0.10.0 0.10.1 2026-04-11
reqwest 0.13.2 0.13.4 2026-05-25
rustls 0.23.37 0.23.40 2026-04-28
Per-package changelog detail

axum 0.8.8 → 0.8.9

  • Added WebSocket upgrade methods for flexible subprotocol selection
  • Fixed MethodRouter connect endpoint placement
  • Fixed multipart body limit error message clarity
  • Impact: We use axum for HTTP routing/handlers only — no WebSocket or multipart usage. No impact.

chrono 0.4.44 → 0.4.45

  • Fixed TZ offset hour validation to prevent FixedOffset overflow
  • Fixed tzdata locations on Android
  • Impact: Bug fixes only. We use chrono for timestamp handling. No behavioral change for our use case.

rand 0.10.0 → 0.10.1

  • Soundness bug fix (#1763)
  • Deprecated the log feature (we don't use it)
  • Added #[track_caller] to make_rng
  • Impact: We use rand for UUID/random generation. The soundness fix is beneficial; no API changes.

reqwest 0.13.2 → 0.13.4

  • Added ClientBuilder::tls_sslkeylogfile(bool) for debugging
  • Added HTTP/2 keep-alive options for blocking client
  • Fixed redirect handling to strip sensitive headers on scheme changes
  • Updated MSRV to 1.85
  • Impact: We use reqwest with JSON feature for Mistral API calls. Redirect security fix is positive. No breaking changes.

rustls 0.23.37 → 0.23.40

  • Fixed ECH padding scheme for SNI names (RFC compliance)
  • Changed require_ems default based on FIPS status of crypto provider
  • Impact: We use rustls with ring backend (non-FIPS). ECH fixes don't affect our server-to-API client usage. No behavioral change.

Files modified

  • Cargo.toml
  • Cargo.lock
Skipped this ecosystem
Package Current Latest Reason
octocrab 0.49.5 0.53.0 4 minor bumps on 0.x crate; likely breaking API changes in connector layer; needs dedicated analysis
hmac 0.12.1 0.13.0 Breaking 0.x minor bump (RustCrypto); requires paired sha2 upgrade
sha2 0.10.9 0.11.0 Breaking 0.x minor bump (RustCrypto); only used as type param but must pair with hmac
http 1.4.0 1.4.1 Already covered by PR #23
jsonwebtoken 10.3.0 10.4.0 Already covered by PR #23
serde_json 1.0.149 1.0.150 Already covered by PR #23
tokio 1.49.0 1.50.0 Already covered by PR #23
tracing-subscriber 0.3.22 0.3.23 Already covered by PR #23
uuid 1.21.0 1.23.2 Already covered by PR #23
askama_escape 0.15.4 0.16.0 Already covered by PR #24
@tailwindcss/typography 0.5.19 0.5.20 Within 7-day cooldown (released 2026-06-08)

Note

Created by Mendral. Tag @mendral-app with feedback or questions.

Bump axum 0.8.8 → 0.8.9, chrono 0.4.44 → 0.4.45,
rand 0.10.0 → 0.10.1, reqwest 0.13.2 → 0.13.4,
rustls 0.23.37 → 0.23.40
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 15, 2026

Copy link
Copy Markdown

Deploying pratrol with  Cloudflare Pages  Cloudflare Pages

Latest commit: 5ef321f
Status: ✅  Deploy successful!
Preview URL: https://87fe668d.pratrol.pages.dev
Branch Preview URL: https://mendral-deps-weekly-safe-car-rltq.pratrol.pages.dev

View logs

Required by org policy: all actions must be pinned to a
full-length commit SHA.
@mendral-app mendral-app Bot marked this pull request as ready for review June 15, 2026 09:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants