Skip to content

chore(deps): weekly safe cargo updates · 16 packages#1

Draft
mendral-app[bot] wants to merge 1 commit into
masterfrom
mendral/deps/weekly-safe-cargo-20260525
Draft

chore(deps): weekly safe cargo updates · 16 packages#1
mendral-app[bot] wants to merge 1 commit into
masterfrom
mendral/deps/weekly-safe-cargo-20260525

Conversation

@mendral-app
Copy link
Copy Markdown

@mendral-app mendral-app Bot commented May 25, 2026

Packages bumped

Package Old New Type
async-trait 0.1.88 0.1.89 patch
bitflags 2.10.0 2.11.1 minor
chrono 0.4.43 0.4.44 patch
futures / futures-util 0.3.31 0.3.32 patch
getrandom 0.3.4 0.4.2 major (verified safe)
moka 0.12.13 0.12.15 patch
nix 0.30.1 0.31.3 minor (verified safe)
rustls 0.23.36 0.23.40 patch
tokio 1.49.0 1.52.3 minor
uuid 1.20.0 1.23.1 minor
dashmap 6.1.0 6.2.1 minor
ipnet 2.11.0 2.12.0 minor
hyper 1.8.1 1.9.0 minor
hyper-rustls 0.27.7 0.27.9 patch
clap 4.5.57 4.6.1 minor (dev-only)
tempfile 3.24.0 3.27.0 minor (dev-only)
tracing-subscriber 0.3.22 0.3.23 patch (dev-only)
Per-package changelog highlights & impact

tokio 1.49.0 → 1.52.3

  • Added TcpStream::set_zero_linger, is_rt_shutdown_err, stabilized LocalRuntime
  • Fixed mpsc len() underflow, semaphore reopen after forget
  • Improved spawn_blocking scalability
  • Impact: Bug fixes and additive APIs only. No behavioral change for this project.

rustls 0.23.36 → 0.23.40

  • Added ML-KEM-1024 key exchange support
  • ECH padding fixes
  • require_ems default now based on CryptoProvider FIPS status
  • Impact: This project uses aws_lc_rs provider with default config. No behavioral change.

hyper 1.8.1 → 1.9.0

  • Added HTTP/2 max_local_error_reset_streams option, UpgradeableConnection::into_parts
  • Impact: Additive only. Not used in this codebase.

getrandom 0.3.4 → 0.4.2

  • Edition 2024, MSRV 1.85, added SysRng and RawOsError
  • Impact: This project only uses getrandom::fill(&mut buf) which is unchanged. CI uses Rust 1.92.

nix 0.30.1 → 0.31.3

  • Removed Eq/PartialEq from SigHandler, bumped libc dep
  • Impact: This project only uses nix::fcntl::{fcntl, FcntlArg::F_SETFD, FdFlag} — unaffected.

dashmap 6.1.0 → 6.2.1

  • MSRV bumped to 1.85, internal dependency updates
  • Impact: No API changes. CI uses Rust 1.92.

uuid 1.20.0 → 1.23.1

  • Updated internal getrandom/rand, added 'hyphenated' serde format, fixed v6/v7 timestamp bugs
  • Impact: This project uses v4 UUIDs only. No behavioral change.

moka 0.12.13 → 0.12.15

  • Fixed race condition in and_compute_with, fixed expired entry re-insertion bug
  • Impact: Correctness improvements. This project uses basic sync cache operations.

bitflags 2.10.0 → 2.11.1

  • Fixed Result usage in macro output, added methods for known/unknown bits
  • Impact: Not used in this codebase's bitflags usage.

chrono 0.4.43 → 0.4.44

  • Added track_caller to functions for better panic diagnostics
  • Impact: None. Diagnostic improvement only.

ipnet 2.11.0 → 2.12.0

  • Minor additive API changes
  • Impact: Not used in this codebase's IP network matching.

clap 4.5.57 → 4.6.1 (dev-only)

  • Minor feature additions
  • Impact: Used only in GCS example binaries.

tempfile 3.24.0 → 3.27.0 (dev-only)

  • Bug fixes and improvements
  • Impact: Used only in tests.

tracing-subscriber 0.3.22 → 0.3.23 (dev-only)

  • Maintenance release
  • Impact: Used only in tests.

Files modified

  • Cargo.toml (root)
  • crates/unftp-auth-jsonfile/Cargo.toml
  • crates/unftp-auth-pam/Cargo.toml
  • crates/unftp-auth-rest/Cargo.toml
  • crates/unftp-sbe-fs/Cargo.toml
  • crates/unftp-sbe-gcs/Cargo.toml
Skipped this ecosystem
Package Current Latest Reason
serde_json 1.0.149 1.0.150 Cooldown (published 2026-05-21, <7 days)
md-5 0.10.6 0.11.0 Separate PR (digest 0.11 ecosystem rewrite)
libc 0.2 0.2.186 Spec already allows latest ("0.2")
cfg-if 1.0 1.0.4 Spec already allows latest ("1.0")
cap-std 4.0 4.0.2 Spec already allows latest ("4.0")

Note

Created by Mendral. Tag @mendral-app with feedback or questions.

@mendral-app
chore(deps): weekly safe cargo updates · 16 packages
d3f7de5 
Bump minimum version requirements for dependencies where no code
changes are required. All APIs used by this project remain unchanged.

Safe semver-compatible bumps:
- async-trait 0.1.88 → 0.1.89
- bitflags 2.10.0 → 2.11.1
- chrono 0.4.43 → 0.4.44
- futures/futures-util 0.3.31 → 0.3.32
- moka 0.12.13 → 0.12.15
- rustls 0.23.36 → 0.23.40
- tokio 1.49.0 → 1.52.3
- uuid 1.20.0 → 1.23.1
- dashmap 6.1.0 → 6.2.1
- ipnet 2.11.0 → 2.12.0
- hyper 1.8.1 → 1.9.0
- hyper-rustls 0.27.7 → 0.27.9
- clap 4.5.57 → 4.6.1
- tempfile 3.24.0 → 3.27.0
- tracing-subscriber 0.3.22 → 0.3.23

Breaking semver (verified no impact on this project):
- getrandom 0.3.4 → 0.4.2 (fill API unchanged)
- nix 0.30.1 → 0.31.3 (fcntl API unchanged)
@mendral-app mendral-app Bot mentioned this pull request Jun 1, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants