Skip to content

build(deps): Bump the cargo-minor-patch group across 1 directory with 10 updates#378

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/cargo-minor-patch-4dce2ac510
Open

build(deps): Bump the cargo-minor-patch group across 1 directory with 10 updates#378
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/cargo-minor-patch-4dce2ac510

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the cargo-minor-patch group with 10 updates in the / directory:

Package From To
arc-swap 1.9.1 1.9.2
aws-lc-rs 1.17.0 1.17.1
bytes 1.12.0 1.12.1
clap 4.6.1 4.6.2
ryu-js 1.0.2 1.0.3
time 0.3.51 0.3.53
tokio 1.52.3 1.52.4
toml 1.1.2+spec-1.1.0 1.1.3+spec-1.1.0
uuid 1.23.4 1.24.0
regex 1.12.4 1.13.1

Updates arc-swap from 1.9.1 to 1.9.2

Changelog

Sourced from arc-swap's changelog.

1.9.2

  • Document RefCnt must not panic (#208).
Commits

Updates aws-lc-rs from 1.17.0 to 1.17.1

Release notes

Sourced from aws-lc-rs's releases.

aws-lc-rs v1.17.1

🎉 AWS-LC FIPS v3 Module Has Been Validated

The AWS-LC FIPS v3 module has been awarded FIPS 140-3 validation by NIST's CMVP:

Seek guidance from a local FIPS compliance expert regarding requirements for your deployment environments. Please consult the Security Policies associated with our certificates if you have questions.

aws-lc-fips-sys (utilized via the fips feature of aws-lc-rs) currently uses the validated FIPS v3 module.

  • In the upcoming aws-lc-rs v1.18.0 release, we plan to switch aws-lc-fips-sys to our FIPS v4 branch.

What's Changed

Upstream AWS-LC (v5.1.0)

aws-lc-sys now aligns with AWS-LC v5.1.0 (previously v1.73.0). Notable upstream changes include:

Build Improvements

Issues Being Closed

Other Merged PRs

... (truncated)

Commits
  • 741dbf5 Prepare aws-lc-rs v1.17.1 (#1164)
  • e6d42b8 Prepare aws-lc-sys v0.42.0 (#1162)
  • bd7abf5 Harden GitHub Actions workflows against script injection (#1161)
  • 93b0123 Add wasm32-unknown-emscripten build and test support (#1059)
  • 7b8a0e7 feat(system-lib): auto-detect system AWS-LC from OPENSSL_* and pkg-config (#1...
  • a95c524 Prepare aws-lc-fips-sys v0.13.15 (#1158)
  • 00e016a Bump actions/checkout from 6 to 7 (#1157)
  • e7568de fix(system-lib): gate system AWS-LC on a declared minimum version (#1152)
  • dfe4525 fix(builder): select flag dialect by compiler driver mode, not target ABI (#1...
  • 26838da rsa: report specific key rejection for invalid sizes (#1153)
  • Additional commits viewable in compare view

Updates bytes from 1.12.0 to 1.12.1

Release notes

Sourced from bytes's releases.

Bytes v1.12.1

1.12.1 (July 8th, 2026)

Fixed

  • Properly handle when Box::new panics (#837)
Changelog

Sourced from bytes's changelog.

1.12.1 (July 8th, 2026)

Fixed

  • Properly handle when Box::new panics (#837)
Commits

Updates clap from 4.6.1 to 4.6.2

Release notes

Sourced from clap's releases.

v4.6.2

[4.6.2] - 2026-07-15

Fixes

  • (help) Say alias when there is only one
Changelog

Sourced from clap's changelog.

[4.6.2] - 2026-07-15

Fixes

  • (help) Say alias when there is only one
Commits
  • 0fe0be3 chore: Release
  • 480af9d docs: Update changelog
  • 2b3ddd0 Merge pull request #6340 from liskin/fix-completion-escape
  • 7ffe739 fix(complete): Do not suggest options after "--"
  • d47fc4f test(complete): Options suggested after escape (--)
  • See full diff in compare view

Updates ryu-js from 1.0.2 to 1.0.3

Release notes

Sourced from ryu-js's releases.

v1.0.3

Breaking Changes

  • Minimum rust version has been bumped from 1.64.0 to 1.71.0.

Bug Fixes

Internal Improvements

New Contributors

Full Changelog: boa-dev/ryu-js@v1.0.2...v1.0.3

Changelog

Sourced from ryu-js's changelog.

# 1.0.3 (2026-07-05)

Breaking Changes

  • Minimum rust version has been bumped from 1.64.0 to 1.71.0.

Bug Fixes

Internal Improvements

Commits

Updates time from 0.3.51 to 0.3.53

Release notes

Sourced from time's releases.

v0.3.53

See the changelog for details.

v0.3.52

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.53 [2026-07-01]

There are no publicly-facing changes in this release. It solely works around the cookie crate relying on an implementation detail of time that was never part of the public API (and thus subject to semver guarantees). The internal API has been reverted to the extent necessary for cookie to compile. This measure is temporary; the internal change will be re-applied in an yet-to-be-determined future release.

0.3.52 [2026-06-30]

Fixed

  • Subsecond values in the time! macro are parsed using the textual representation, ensuring accuracy. Previously, they were parsed using the floating point representation, which could result in a loss of precision and even invalid values.
  • The date! macro could previously create an invalid value that would then panic at compile time. The macro now emits a proper error instead.
  • When parsing an invalid format description, an edge case would inadvertently panic. This now returns an error as intended.

Added

  • Support default values when parsing
Commits
  • 0ae2f84 v0.3.53 release
  • cea8c96 Avoid issue with cookie crate temporarily
  • 55e1f2b Require private type to properly seal traits
  • 7cf4780 v0.3.52 release
  • 0e5b04f Fix trusted publishing workflow
  • 6e4140a Support default values when parsing
  • 10ac36a Add more doctests to Timestamp
  • 6b0d468 Restore lexer depth on the unclosed-bracket error path
  • 0abc06d Add trusted publishing
  • 43cf0c0 Preferentially group shards by target
  • Additional commits viewable in compare view

Updates tokio from 1.52.3 to 1.52.4

Release notes

Sourced from tokio's releases.

Tokio v1.52.4

1.52.4 (July 16th, 2026)

Fixed

  • runtime: don't skip the driver when before_park schedules work (#8222)

Fixed (unstable)

  • taskdump: remove crate disambiguators from output (#8264)

#8264: tokio-rs/tokio#8264 #8222: tokio-rs/tokio#8222

Commits

Updates toml from 1.1.2+spec-1.1.0 to 1.1.3+spec-1.1.0

Commits

Updates uuid from 1.23.4 to 1.24.0

Release notes

Sourced from uuid's releases.

v1.24.0

What's Changed

New Contributors

Full Changelog: uuid-rs/uuid@v1.23.5...v1.24.0

v1.23.5

What's Changed

New Contributors

Full Changelog: uuid-rs/uuid@v1.23.4...v1.23.5

Commits
  • 6a8aeab Merge pull request #896 from uuid-rs/cargo/v1.24.0
  • e6db8ec prepare for 1.24.0 release
  • 606f236 Merge pull request #892 from weifanglab/main
  • ab848db feat(fmt): support encoding into MaybeUninit buffers
  • 5dc6b3d Merge pull request #895 from uuid-rs/cargo/v1.23.5
  • 5a7dfe5 prepare for 1.23.5 release
  • 9b4bfc8 Merge pull request #894 from geeknoid/main
  • 5acc5a5 perf: Optimize UUID hex parsing and formatting
  • 6fa1a1e feat(fmt): support encoding into MaybeUninit buffers
  • 1e5d867 Merge pull request #891 from frostyplanet/doc
  • Additional commits viewable in compare view

Updates regex from 1.12.4 to 1.13.1

Changelog

Sourced from regex's changelog.

1.13.1 (2026-07-15)

This is a release that fixes a bug where incorrect regex match offsets could be reported. Note that this doesn't impact whether a match occurs or not, just where it occurs. The match offsets are still valid for slicing, they just may not refer to the correct leftmost-first match. See #1364 for (many) more details.

Bug fixes:

  • #1354: Fixes previously unsound reverse suffix and inner optimizations.

1.13.0 (2026-07-09)

This release includes a new API, a regex! macro, for lazy compilation of a regex from a string literal. If you use regexes a lot, it's likely you've already written one exactly like it. The new macro can be used like this:

use regex::regex;
fn is_match(line: &str) -> bool {
// The regex will be compiled approximately once and reused automatically.
// This avoids the footgun of using Regex::new here, which would
// guarantee that it would be compiled every time this routine is called.
// This would likely make this routine much slower than it needs to be.
regex!(r"bar|baz").is_match(line)
}
let hay = "
path/to/foo:54:Blue Harvest
path/to/bar:90:Something, Something, Something, Dark Side
path/to/baz:3:It's a Trap!
";
let matches = hay.lines().filter(|line| is_match(line)).count();
assert_eq!(matches, 2);

Improvements:

  • #709: Add a new regex! macro for efficient and automatic reuse of a compiled regex.
Commits
  • 2b52759 1.13.1, redux
  • 40e9823 1.13.1
  • 75fcb96 changelog: 1.13.1
  • 64ad0b6 automata: fix bug in reverse suffix/inner optimization
  • fa91c31 automata: fix a bug caught by Codex review
  • 30390ec automata: formatting tweaks
  • 821a8eb automata: refactor reverse suffix/inner search slightly
  • 10afd70 automata: expose the extracted literals for inner literal extraction
  • 8c34f41 automata: avoid reverse suffix optimization for non-leftmost-first
  • 5524f02 test: add regression tests for failed reverse suffix/inner optimizations
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Rust implementation work. labels Jul 16, 2026
@dependabot
dependabot Bot requested a review from jeremi as a code owner July 16, 2026 17:54
@dependabot dependabot Bot added rust Rust implementation work. dependencies Pull requests that update a dependency file labels Jul 16, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fe5fae7429

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.lock
[[package]]
name = "arc-swap"
version = "1.9.1"
version = "1.9.2"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add the required DCO sign-off

The root /workspace/registry-stack/AGENTS.md says “Every commit needs a DCO sign-off: git commit -s,” but git log -1 --format=full 27079afe8d79a89f56af87f0cb43d36bf11e0205 has no Signed-off-by: trailer. In repositories that enforce DCO, this commit cannot merge as-is even though the lockfile change is mechanical, so please recreate or amend it with -s.

Useful? React with 👍 / 👎.

Comment thread Cargo.lock
[[package]]
name = "aws-lc-rs"
version = "1.17.0"
version = "1.17.1"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Add security notes for the AWS-LC bump

The root /workspace/registry-stack/AGENTS.md requires explicit review notes for changes to signing or credential issuance; this lockfile line updates aws-lc-rs, which crates/registry-platform-crypto/src/lib.rs uses for RSA signing and crates/registry-notary-server/src/state_plane/sensitive.rs uses for AEAD/HMAC state protection. The commit body only carries Dependabot release notes, so reviewers lack the required repo-specific security note/validation for the affected crypto paths; please add that note before merging.

Useful? React with 👍 / 👎.

… 10 updates

Bumps the cargo-minor-patch group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [arc-swap](https://github.com/vorner/arc-swap) | `1.9.1` | `1.9.2` |
| [aws-lc-rs](https://github.com/aws/aws-lc-rs) | `1.17.0` | `1.17.1` |
| [bytes](https://github.com/tokio-rs/bytes) | `1.12.0` | `1.12.1` |
| [clap](https://github.com/clap-rs/clap) | `4.6.1` | `4.6.2` |
| [ryu-js](https://github.com/boa-dev/ryu-js) | `1.0.2` | `1.0.3` |
| [time](https://github.com/time-rs/time) | `0.3.51` | `0.3.53` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.52.3` | `1.52.4` |
| [toml](https://github.com/toml-rs/toml) | `1.1.2+spec-1.1.0` | `1.1.3+spec-1.1.0` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.23.4` | `1.24.0` |
| [regex](https://github.com/rust-lang/regex) | `1.12.4` | `1.13.1` |



Updates `arc-swap` from 1.9.1 to 1.9.2
- [Changelog](https://github.com/vorner/arc-swap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/arc-swap/commits)

Updates `aws-lc-rs` from 1.17.0 to 1.17.1
- [Release notes](https://github.com/aws/aws-lc-rs/releases)
- [Commits](aws/aws-lc-rs@v1.17.0...v1.17.1)

Updates `bytes` from 1.12.0 to 1.12.1
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.12.0...v1.12.1)

Updates `clap` from 4.6.1 to 4.6.2
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.6.1...clap_complete-v4.6.2)

Updates `ryu-js` from 1.0.2 to 1.0.3
- [Release notes](https://github.com/boa-dev/ryu-js/releases)
- [Changelog](https://github.com/boa-dev/ryu-js/blob/main/CHANGELOG.md)
- [Commits](boa-dev/ryu-js@v1.0.2...v1.0.3)

Updates `time` from 0.3.51 to 0.3.53
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](time-rs/time@v0.3.51...v0.3.53)

Updates `tokio` from 1.52.3 to 1.52.4
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.52.3...tokio-1.52.4)

Updates `toml` from 1.1.2+spec-1.1.0 to 1.1.3+spec-1.1.0
- [Commits](toml-rs/toml@toml-v1.1.2...toml-v1.1.3)

Updates `uuid` from 1.23.4 to 1.24.0
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](uuid-rs/uuid@v1.23.4...v1.24.0)

Updates `regex` from 1.12.4 to 1.13.1
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](rust-lang/regex@1.12.4...1.13.1)

---
updated-dependencies:
- dependency-name: arc-swap
  dependency-version: 1.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: aws-lc-rs
  dependency-version: 1.17.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: bytes
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: clap
  dependency-version: 4.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: regex
  dependency-version: 1.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo-minor-patch
- dependency-name: ryu-js
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: time
  dependency-version: 0.3.53
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: tokio
  dependency-version: 1.52.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: toml
  dependency-version: 1.1.3+spec-1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-minor-patch
- dependency-name: uuid
  dependency-version: 1.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/cargo/cargo-minor-patch-4dce2ac510 branch from fe5fae7 to 5432ba0 Compare July 16, 2026 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Rust implementation work.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants