build(deps): bump the rustls group with 2 updates #3904

dependabot · 2025-05-06T10:11:56Z

Bumps the rustls group with 2 updates: rustls-webpki and rustls.

Updates rustls-webpki from 0.103.1 to 0.103.2

Release notes

Sourced from rustls-webpki's releases.

0.103.2

Maintain context for key usage mismatch errors in order to make them easier to interpret.

Accept certificates with an empty extension sequence.

What's Changed

Fix CI build failures, tidy cargo-deny config by @cpu in rustls/webpki#339

Update semver-compatible dependencies by @djc in rustls/webpki#341

Remove tests from package that is published by @SwishSwushPow in rustls/webpki#340

Allow x509v3 empty extensions (redux) by @ctz in rustls/webpki#342

tests: use rcgen for client_auth tests by @djc in rustls/webpki#343

tests: remove test certs for client_auth tests by @djc in rustls/webpki#344

Maintain context for key usage mismatch errors by @djc in rustls/webpki#337

Refine CI workflow triggers by @djc in rustls/webpki#345

Commits

1e923bf ci: enable triggering CI workflow manually
f4a8783 ci: skip push triggers for most branches
9cf30f6 Bump version to 0.103.2
baac0b0 Maintain context for key usage mismatch errors
85d885d tests: remove test certs for client_auth tests
7badc0e tests: move check_cert() down
5b3dae1 tests: use rcgen for client_auth tests
2efb15e Add test for empty extensions
e82008a Accept empty X509v3 extensions
ce0385c Remove tests from package that is published
Additional commits viewable in compare view

Updates rustls from 0.23.26 to 0.23.27

Commits

2601909 Bump version to 0.23.27
a70b0e6 Handle webpki RequiredEkuNotFoundContext errors
06a704e Update to webpki 0.103.2
9509626 Deprecate dangerous_extract_secrets on unbuffered connections
bf9e874 Add test cases for KernelConnection key updates
5a12171 Add kernel connection API
35c44d2 Extract tls13 expand_secret function out of extract_secrets
47ed0c6 ci: enable triggering CI workflow manually
26b8ee3 ci: skip push triggers for most branches
70ed532 Update Rust crate nix to 0.30
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the rustls group with 2 updates: [rustls-webpki](https://github.com/rustls/webpki) and [rustls](https://github.com/rustls/rustls). Updates `rustls-webpki` from 0.103.1 to 0.103.2 - [Release notes](https://github.com/rustls/webpki/releases) - [Commits](rustls/webpki@v/0.103.1...v/0.103.2) Updates `rustls` from 0.23.26 to 0.23.27 - [Release notes](https://github.com/rustls/rustls/releases) - [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md) - [Commits](rustls/rustls@v/0.23.26...v/0.23.27) --- updated-dependencies: - dependency-name: rustls-webpki dependency-version: 0.103.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rustls - dependency-name: rustls dependency-version: 0.23.27 dependency-type: indirect update-type: version-update:semver-patch dependency-group: rustls ... Signed-off-by: dependabot[bot] <support@github.com>

cratelyn · 2025-05-07T20:39:34Z

took a brief look into this, but could not easily see what has changed within the internal namespace we are using in our types.

dependabot · 2025-05-08T10:51:14Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels May 6, 2025

dependabot bot requested a review from a team as a code owner May 6, 2025 10:11

dependabot bot force-pushed the dependabot/cargo/rustls-3124b62270 branch from c975f02 to 471f5c0 Compare May 7, 2025 10:13

dependabot bot closed this May 8, 2025

dependabot bot deleted the dependabot/cargo/rustls-3124b62270 branch May 8, 2025 10:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the rustls group with 2 updates #3904

build(deps): bump the rustls group with 2 updates #3904

build(deps): bump the rustls group with 2 updates #3904

build(deps): bump the rustls group with 2 updates #3904

Conversation

0.103.2

What's Changed