Skip to content

chore(deps): weekly safe cargo updates · 2 packages#22

Open
mendral-app[bot] wants to merge 1 commit into
mainfrom
mendral/deps/weekly-safe-cargo-20260601
Open

chore(deps): weekly safe cargo updates · 2 packages#22
mendral-app[bot] wants to merge 1 commit into
mainfrom
mendral/deps/weekly-safe-cargo-20260601

Conversation

@mendral-app
Copy link
Copy Markdown

@mendral-app mendral-app Bot commented Jun 1, 2026

Packages bumped

Package Old New Published
rand 0.10.0 0.10.1 2026-04-11
serde_json 1.0.149 1.0.150 2026-05-21
Per-package detail

rand 0.10.0 → 0.10.1

  • Deprecates the log feature and removes the log dependency (fixes a soundness issue when log + thread_rng features interact with custom loggers during reseeding)
  • Adds #[track_caller] to make_rng and documents its panic behavior
  • Impact on this codebase: We use rand::rng().random() for token generation (src/domains/analysis/service.rs). The log feature is not enabled. No impact.

serde_json 1.0.149 → 1.0.150

  • Rejects non-string enum object keys during deserialization (correctness fix for JSON spec compliance)
  • Enum object keys now go through the same MapKey deserialization path as regular map keys
  • Impact on this codebase: We use serde_json for standard JSON parsing of webhook events and API responses. No malformed enum key patterns in our data. No impact.

Files modified

  • Cargo.toml — version pins updated
  • Cargo.lock — lockfile refreshed
Skipped this ecosystem
Package Reason
ammonia 4.1.2 Already at latest compatible version
askama_escape Open PR #20 already bumps to 0.15.6
async-trait 0.1.89 Already at latest compatible version
axum Open PR #20 already bumps to 0.8.9
chrono 0.4.44 Already at latest compatible version
hex 0.4.3 Already at latest compatible version
hmac 0.12.1 Next version (0.13.0) is a major bump
http 1.4.0 Already at latest compatible version
http-body-util 0.1.3 Already at latest compatible version
jsonwebtoken Open PR #20 already bumps to 10.4.0
octocrab Open PR #20 already bumps to 0.49.9
reqwest Open PR #20 already bumps to 0.13.3
rustls Open PR #20 already bumps to 0.23.40
sha2 0.10.9 Next version (0.11.0) is a major bump
thiserror 2.0.18 Already at latest compatible version
tokio Open PR #20 already bumps to 1.52.3
tracing 0.1.44 Already at latest compatible version
tracing-subscriber Open PR #20 already bumps to 0.3.23
uuid Open PR #20 already bumps to 1.23.1
mockall 0.14.0 Already at latest compatible version
tower 0.5.3 Already at latest compatible version

Note

Created by Mendral. Tag @mendral-app with feedback or questions.

@mendral-app
chore(deps): weekly safe cargo updates · 2 packages
88f9afa 
Bump rand 0.10.0 → 0.10.1 and serde_json 1.0.149 → 1.0.150
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Jun 1, 2026

Deploying pratrol with  Cloudflare Pages  Cloudflare Pages

Latest commit: 88f9afa
Status: ✅  Deploy successful!
Preview URL: https://ccf67899.pratrol.pages.dev
Branch Preview URL: https://mendral-deps-weekly-safe-car-74f3.pratrol.pages.dev

View logs

@mendral-app mendral-app Bot marked this pull request as ready for review June 1, 2026 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants