Bump the cargo group with 26 updates

[dependabot]

Bumps the cargo group with 26 updates:

Package	From	To
env_logger	0.11.9	0.11.10
tracing-forest	0.1.6	0.2.0
terminal_size	0.4.3	0.4.4
winnow	0.7.15	1.0.0
arc-swap	1.8.2	1.9.0
winreg	0.55.0	0.56.0
rusqlite	0.38.0	0.39.0
anstream	0.6.21	1.0.0
anstyle-parse	0.2.7	1.0.0
env_filter	1.0.0	1.0.1
ipconfig	0.3.2	0.3.4
iri-string	0.7.10	0.7.11
jni-sys	0.3.0	0.3.1
libredox	0.1.14	0.1.15
libsqlite3-sys	0.36.0	0.37.0
moka	0.12.14	0.12.15
num-conv	0.2.0	0.2.1
rustls-ffi	0.15.0	0.15.1
rustls-platform-verifier	0.5.3	0.6.2
serde_spanned	1.0.4	1.1.0
socket2	0.5.10	0.6.3
toml	1.0.7+spec-1.1.0	1.1.0+spec-1.1.0
toml_datetime	1.0.1+spec-1.1.0	1.1.1+spec-1.1.0
toml_parser	1.0.10+spec-1.1.0	1.1.1+spec-1.1.0
toml_writer	1.0.7+spec-1.1.0	1.1.1+spec-1.1.0
webpki-root-certs	0.26.11	1.0.6

Updates env_logger from 0.11.9 to 0.11.10

Release notes

Sourced from env_logger's releases.

v0.11.10

[0.11.10] - 2026-03-23

Internal

• Update dependencies

Changelog

Sourced from env_logger's changelog.

[0.11.10] - 2026-03-23

Internal

• Update dependencies

Commits

• 41320bf chore: Release
• de8c74f docs: Update changelog
• d550741 docs(gh): Add sponsor link
• 458b075 chore(deps): Update Rust Stable to v1.94 (#401)
• 8bc3fc3 Merge pull request #400 from epage/update
• 143fa64 chore: Upgrade incompatible
• b687a24 chore: Upgrade compatible
• 8cf1ba9 Merge pull request #397 from rust-cli/renovate/crate-ci-typos-1.x
• 094ecf7 Merge pull request #396 from rust-cli/renovate/crate-ci-committed-1.x
• 34ad626 chore(deps): Update pre-commit hook crate-ci/typos to v1.44.0
• Additional commits viewable in compare view

Updates tracing-forest from 0.1.6 to 0.2.0

Commits

• See full diff in compare view

Updates terminal_size from 0.4.3 to 0.4.4

Release notes

Sourced from terminal_size's releases.

v0.4.4

What's Changed

• Update MSRV to 1.71 and windows-sys to ">=0.60.59, <=0.61" by @​briandorsey in eminence/terminal-size#74

Commits

• cad29f6 Bump to version v0.4.4
• d1b12b9 Merge pull request #74 from briandorsey/windows-sys
• e67f56f Update MSRV to 1.71
• 0c7f864 Update windows-sys to ">=0.60.59, <=0.61"
• See full diff in compare view

Updates winnow from 0.7.15 to 1.0.0

Changelog

Sourced from winnow's changelog.

[1.0.0] - 2026-03-17

Note: going to v1 is more a reflection of the rate of churn in Winnow's API than the quality of previous releases or any statement against future breaking changes.

Migration Guide

1. Update to latest v0.7 release
2. Resolve deprecations
3. Upgrade to v1
4. Add ascii, binary, or parser features as needed
5. Break tuples into tuples-of-tuples as needed

Compatibility

• Added parser, ascii, and binary feature gates to improve build times
• Reduce 'impl ContainsToken for Tuple' to 10 elements to improve build times
• Reduce 'impl Alt for Tuple' to 10 elements to improve build times
• Reduce 'impl Parser for Tuple' to 10 elements to improve build times
• Replaced (I, usize) with binary::bits::Bits to clarify intent
• Moved BitOffsets from stream to binary::bits to consolidate the API
• Make iterator impure like parsers
• Replace Stream::raw with Stream::trace
• Remove deprecated APIs

Performance

Build time

• Reduce macro-generated code
• Split off parser, ascii, and binary features

Runtime

• Optimize hex_uint

Features

• Add Parser::parse_iter

Fixes

• Export Needed in stream
• Correct trace for oct_digit1
• Allow escaped into a Cow
• Accept a parser for escaped, take_escaped control character for not-quite unicode parsing

Commits

• 9072a31 chore: Release
• 43727aa docs: Update changelog
• 7900619 Merge pull request #898 from epage/escaped
• c255e13 fix(ascii): Allow non-unicode control characters
• 80b9e35 test(ascii): Verify escaped bad behavior
• 2da9f01 fix(ascii): Be consistent in escaped parameter order
• 2b1478d Merge pull request #897 from epage/iter
• 4953b6f feat(parser): Add Parser::parse_iter
• dd0ab86 Merge pull request #896 from epage/iter
• 912a150 fix(comb)!: Make iterator impure like parsers
• Additional commits viewable in compare view

Updates arc-swap from 1.8.2 to 1.9.0

Changelog

Sourced from arc-swap's changelog.

1.9.0

• Promote certain orderings to SeqCst. Original proofs based on wrong reading of standard :-(. Expect some performance degradation (#198, #200).

Commits

• 873fbf2 Test file for the #198
• ffb2808 Release of 1.9.0
• 9d87160 Promote several Orderings to SeqCst
• See full diff in compare view

Updates winreg from 0.55.0 to 0.56.0

Release notes

Sourced from winreg's releases.

0.56.0 (windows-sys)

• Breaking change: RegValue.bytes is now Cow<[u8]> and not Vec<u8> which introduces a lifetime to the structure (#64).
• Breaking change: serialization now opens the key with DELETE, KEY_ENUMERATE_SUB_KEYS and KEY_QUERY_VALUE permissions in addition to KEY_CREATE_SUB_KEY and KEY_SET_VALUE used previously. This is required for:
• New RegKey methods: encode_destructive() and encode_destructive_transacted() that wipe all subkeys/values of a target key before writing to it (#76).
• New RegKey methods: enum_keys_os_string() and enum_values_os_string() return iterators that use OsString for key/value names (#80).
• Add consts for predefined registry keys: HKCR, HKCU, HKLM, HKU and HKCC.
• Implement std traits FromRawHandle, IntoRawHandle and AsRawHandle for Transaction.
• Set windows-sys version to >=0.59, <=0.61 according to its README recomendation.

Changelog

Sourced from winreg's changelog.

Changelog

0.56

• Set windows-sys version to >=0.59, <=0.61 according to its README recomendation.

0.16.0, 0.56

• Breaking change: RegValue.bytes is now Cow<[u8]> and not Vec<u8> which introduces a lifetime to the structure (#64).
• Breaking change: serialization now opens the key with DELETE, KEY_ENUMERATE_SUB_KEYS and KEY_QUERY_VALUE permissions in addition to KEY_CREATE_SUB_KEY and KEY_SET_VALUE used previously. This is required for:
• New RegKey methods: encode_destructive() and encode_destructive_transacted() that wipe all subkeys/values of a target key before writing to it (#76).
• New RegKey methods: enum_keys_os_string() and enum_values_os_string() return iterators that use OsString for key/value names (#80)
• Add consts for predefined registry keys: HKCR, HKCU, HKLM, HKU and HKCC
• Implement std traits FromRawHandle, IntoRawHandle and AsRawHandle for Transaction.

Commits

• d14c8bd Merge branch 'winapi'. Bump version to 0.56.0
• 0315df4 Bump version to 0.16.0
• d960232 Fix build with rust 1.34
• 2ee4896 Implement iterators that use OsString for key/value names
• f2ad8dd Move EnumKeys and EnumValues to separate files
• bc60391 Add predefined key constants
• fe54169 Implement destructive serialization
• 4993455 Clarify the documentation of RegKey::encode()
• 5931b79 Fix formatting of examples in documentation
• 9ea7768 Implement transaction rollback in transacted_serialization example
• Additional commits viewable in compare view

Updates rusqlite from 0.38.0 to 0.39.0

Release notes

Sourced from rusqlite's releases.

0.39.0

What's Changed

• Fix constraints on VTab Aux data #1778, #1771
• Fix docs.rs generation #1779
• Fix a small typo in rollback_hook docstring #1780
• Fix some warnings from Intellij #1781
• Minimal doc for features #1783
• Clear hooks only for owning connections #1785, #1784
• Fix link to SQLite C Interface, Prepare Flags #1787
• Comment functions which are not usable from a loadable extension #1789
• Factorize code #1792
• Update getrandom to 0.4 #1798
• Update Cargo.toml #1800
• Fix appveyor #1807
• Add support to unix timestamp for chrono, jiff and time #1808, #1803
• fix(trace): check that the sql string pointer is not NULL #1805
• Bump bundled SQLite version to 3.51.3 #1818
• Use TryFrom for Value #1819, #1817
• Make possible to pass your own pointers #1626, #1602

Full Changelog: rusqlite/rusqlite@v0.38.0...v0.39.0

Commits

• 2a1790a Merge pull request #1820 from gwenn/0.39.0
• 7c43afc Prepare next release
• 487af3c Merge pull request #1626 from gwenn/ptr
• 643d581 Warn about potential memory leak
• 67f59c3 Merge pull request #1819 from gwenn/utf8error
• 870d5b6 Use TryFrom<ValueRef> for Value
• 93085d8 Merge pull request #1818 from gwenn/3.51.3
• 7bd5098 Bump bundled SQLite version to 3.51.3
• 886832e Merge pull request #1816 from mqudsi/undo-3.52.0
• ca911a2 Revert "Bump bundled SQLite version to 3.52.0"
• Additional commits viewable in compare view

Updates anstream from 0.6.21 to 1.0.0

Commits

• 3048fe7 chore: Release
• 028ff0d Merge pull request #293 from epage/template
• f1823a9 chore: Update from _rust template
• 6d0d36b chore(ci): Clean up previous branch in case it was leaked
• 30b3b14 chore(ci): Fix how rustfmt jobs run
• 74f4be6 chore(ci): Fix name of clippy::empty_enums
• e0d98b6 chore(deps): Update Rust Stable to v1.93 (#292)
• 24c5c99 chore(deps): Update Rust Stable to v1.93 (#42)
• ad7697d chore(ci): Automatic update from template (#40)
• b65c345 chore: Update prek hooks (#41)
• Additional commits viewable in compare view

Updates anstyle-parse from 0.2.7 to 1.0.0

Commits

• 3048fe7 chore: Release
• 028ff0d Merge pull request #293 from epage/template
• f1823a9 chore: Update from _rust template
• 6d0d36b chore(ci): Clean up previous branch in case it was leaked
• 30b3b14 chore(ci): Fix how rustfmt jobs run
• 74f4be6 chore(ci): Fix name of clippy::empty_enums
• e0d98b6 chore(deps): Update Rust Stable to v1.93 (#292)
• 24c5c99 chore(deps): Update Rust Stable to v1.93 (#42)
• ad7697d chore(ci): Automatic update from template (#40)
• b65c345 chore: Update prek hooks (#41)
• Additional commits viewable in compare view

Updates env_filter from 1.0.0 to 1.0.1

Commits

• 41320bf chore: Release
• de8c74f docs: Update changelog
• d550741 docs(gh): Add sponsor link
• 458b075 chore(deps): Update Rust Stable to v1.94 (#401)
• 8bc3fc3 Merge pull request #400 from epage/update
• 143fa64 chore: Upgrade incompatible
• b687a24 chore: Upgrade compatible
• 8cf1ba9 Merge pull request #397 from rust-cli/renovate/crate-ci-typos-1.x
• 094ecf7 Merge pull request #396 from rust-cli/renovate/crate-ci-committed-1.x
• 34ad626 chore(deps): Update pre-commit hook crate-ci/typos to v1.44.0
• Additional commits viewable in compare view

Updates ipconfig from 0.3.2 to 0.3.4

Commits

• See full diff in compare view

Updates iri-string from 0.7.10 to 0.7.11

Changelog

Sourced from iri-string's changelog.

[0.7.11]

• Add utility functions to visit a list or an associative array for URI template expansion.
• Add methods to replace host in allocated IRI string types.
• Support creating a build::Builder from IRI reference types.
• Add percent_encode::decode::decode_whatwg_bytes() and related types for percent-decoding by the user.
• Add a syntax checker for reg-name and ireg-name syntax.
• doc: Add a guidance to apply IDNA conversion to IRI types.
• internal refactoring: Reduce redundant validation of string type conversions.

Added

• Add utility functions to visit a list or an associative array for URI template expansion.
  • List of added trait methods:
    • template::context::Visitor::visit_list_direct()
    • template::context::Visitor::visit_assoc_direct()
• Add methods to replace host in allocated IRI string types.
  • In summary, added {,try_}replace_host{,_reg_name} methods to types that can contain authorities (i.e., Ri{Absolute,Reference,Relative,}String).
  • List of added methods:
    • types::generic::RiAbsoluteString::replace_host
    • types::generic::RiAbsoluteString::replace_host_reg_name
    • types::generic::RiAbsoluteString::try_replace_host
    • types::generic::RiAbsoluteString::try_replace_host_reg_name
    • types::generic::RiReferenceString::replace_host
    • types::generic::RiReferenceString::replace_host_reg_name
    • types::generic::RiReferenceString::try_replace_host
    • types::generic::RiReferenceString::try_replace_host_reg_name
    • types::generic::RiRelativeString::replace_host
    • types::generic::RiRelativeString::replace_host_reg_name
    • types::generic::RiRelativeString::try_replace_host
    • types::generic::RiRelativeString::try_replace_host_reg_name
    • types::generic::RiString::replace_host
    • types::generic::RiString::replace_host_reg_name
    • types::generic::RiString::try_replace_host
    • types::generic::RiString::try_replace_host_reg_name
• Support creating a build::Builder from IRI reference types.
  • List of added trait impls:
    • From<types::RiAbsoluteStr<S>> for build::Builder<'_>
    • From<types::RiReferenceStr<S>> for build::Builder<'_>
    • From<types::RiRelativeStr<S>> for build::Builder<'_>
    • From<types::RiStr<S>> for build::Builder<'_>
• Add percent_encode::decode::decode_whatwg_bytes() and related types for percent-decoding by the user.
  • List of added items:
    • percent_decode::decode::decode_whatwg_bytes() function
    • percent_decode::decode::PercentDecodedWhatwgBytyes type

... (truncated)

Commits

• eabc0c4 chore: bump version to v0.7.11
• b42519a Bump version to v0.7.11
• 35cda2e test(ci): opt out default features on documentation checks
• 23f64cc doc: add a guidance to apply IDNA conversion to IRI types
• e3589dc feat(validate): add a validater for reg-name
• 8ab2722 doc: reword the comment for consistency
• 8b7c086 feat(percent_encode): provide a function for percent-decode algorithm
• 1cee8f7 Add a CHANGELOG entry about percent-decoding
• d7ee69e Add decode_whatwg_bytes() for percent-decoding
• d2f97f0 Make some parsers accept both string and bytes
• Additional commits viewable in compare view

Updates jni-sys from 0.3.0 to 0.3.1

Release notes

Sourced from jni-sys's releases.

v0.3.1

This release applies the semver trick to re-export compatible types from jni-sys 0.4 (namely jobject) to make it easier for jobject references to be passed around between APIs depending on different versions of jni-sys

The MSRV was bumped to 1.77

What's Changed

Added

• GetModule was added to JNINativeInterface (#22)
• JNI_VERSION_{9,10,19,20,21,24} version definitions were added

Changed

• Compatible types are now re-exported from jni-sys 0.4 to make it easier for jobject references to be passed around between APIs depending on different versions of jni-sys

Full Changelog: jni-rs/jni-sys@v0.3.0...v0.3.1

Changelog

Sourced from jni-sys's changelog.

[0.3.1] - 2026-03-22

Added

• GetModule was added to JNINativeInterface (#22)
• JNI_VERSION_{9,10,19,20,21,24} version definitions were added

Changed

• Compatible types are now re-exported from jni-sys 0.4 to make it easier for jobject references to be passed around between APIs depending on different versions of jni-sys

Commits

• 1985e8b Release v0.3.1
• 0a512a0 Add .vscode/ to .gitignore
• a77b608 Add minimal test for invocation API + JNI
• df992c4 remove systest
• 0e7f6b8 Use semver trick to re-export compatible types from jni-sys 0.4
• be20758 systest: update to ctest 0.5
• 1f539f5 Systest build fix for darwin/linux
• 4caf07d Add JNI_VERSION_24
• e75db1c Use SPDX license format
• 34245b2 Update Readme
• Additional commits viewable in compare view

Updates libredox from 0.1.14 to 0.1.15

Updates libsqlite3-sys from 0.36.0 to 0.37.0

Release notes

Sourced from libsqlite3-sys's releases.

0.37.0

What's Changed

• Add FromSqlError::other convenience conversion #1703
• Fix warnings #1705
• Update bindgen requirement from 0.71 to 0.72 #1707
• Fix for vtab::parameter parsing #1712
• Fix clippy warning #1713
• Bump bundled SQLite version to 3.50.2 #1714
• Fix issue with prettyplease #1717

Full Changelog: rusqlite/rusqlite@v0.36.0...v0.37.0

Commits

• 44e0ef9 Merge pull request #1718 from gwenn/0.37.0
• 45d2505 Prepare next release
• 258388e Merge pull request #1717 from gwenn/prettyplease
• 97ddb28 Try to fix issue with prettyplease
• da7ba5a Merge pull request #1714 from gwenn/3.50.2
• 5c2294b Bump bundled SQLite version to 3.50.2
• 4955615 Merge pull request #1713 from gwenn/clippy
• 81e3059 Fix clippy warning
• 8a19998 Merge pull request #1712 from kfdm/vtab-parameter-fix
• de78f7e Fix for vtab::parameter parsing
• Additional commits viewable in compare view

Updates moka from 0.12.14 to 0.12.15

Release notes

Sourced from moka's releases.

Moka 0.12.15

Version 0.12.15

Fixed

• Fixed a bug where re-inserting an expired entry could cause it to lose its expiration time and remain in the cache indefinitely when using a custom Expiry policy with per-entry expiration. (#582gh-pull-0582 by @​jiangzhe, #581gh-pull-0581 by @​atrocities, reported in #575gh-issue-0575):
  • This occurred when an entry that had expired but not yet been evicted was re-inserted, and expire_after_update returned None. This primarily affected users who only override expire_after_create, since the default expire_after_update returns duration_until_expiry, which is None for expired entries.
  • This bug was introduced by the changes in v0.12.13 (#549gh-pull-0549 and #564gh-pull-0564).
  • Subtle behavior change:
    • Before this fix, re-inserting an expired entry was treated as an update, so Expiry::expire_after_update was called.
    • After this fix, re-inserting an expired entry is treated as a creation, so Expiry::expire_after_create is called instead.
    • This may change the expiration time of re-inserted entries, depending on your Expiry trait implementation.
• Fixed flaky tests cht::segment::tests::drop_many_values and drop_many_values_concurrent that were failing on high-core-count machines (#586gh-pull-0586):
  • These tests were using a CPU-dependent segment count, causing inconsistent bucket array shrinking behavior of the internal segmented hash map across different machines.
  • Changed these tests to use a fixed segment count (4) for consistent results.

Changed

• Disabled flaky GC-dependent tests by default using run_flaky_tests cfg (#584gh-pull-0584):
  • These tests rely on epoch-based garbage collection (crossbeam-epoch) timing that is not guaranteed, causing intermittent failures.
  • Fixed #539gh-issue-0539 and #580gh-issue-0580.
  • To run these tests, set RUSTFLAGS='--cfg run_flaky_tests'.

Changelog

Sourced from moka's changelog.

Version 0.12.15

Fixed

• Fixed a bug where re-inserting an expired entry could cause it to lose its expiration time and remain in the cache indefinitely when using a custom Expiry policy with per-entry expiration. (#582[gh-pull-0582] by [@​jiangzhe][gh-jiangzhe], #581[gh-pull-0581] by [@​atrocities][gh-atrocities], reported in #575[gh-issue-0575]):
  • This occurred when an entry that had expired but not yet been evicted was re-inserted, and expire_after_update returned None. This primarily affected users who only override expire_after_create, since the default expire_after_update returns duration_until_expiry, which is None for expired entries.
  • This bug was introduced by the changes in v0.12.13 (#549[gh-pull-0549] and #564[gh-pull-0564]).
  • Subtle behavior change:
    • Before this fix, re-inserting an expired entry was treated as an update, so Expiry::expire_after_update was called.
    • After this fix, re-inserting an expired entry is treated as a creation, so Expiry::expire_after_create is called instead.
    • This may change the expiration time of re-inserted entries, depending on your Expiry trait implementation.
• Fixed flaky tests cht::segment::tests::drop_many_values and drop_many_values_concurrent that were failing on high-core-count machines (#586[gh-pull-0586]):
  • These tests were using a CPU-dependent segment count, causing inconsistent bucket array shrinking behavior of the internal segmented hash map across different machines.
  • Changed these tests to use a fixed segment count (4) for consistent results.

Changed

• Disabled flaky GC-dependent tests by default using run_flaky_tests cfg (#584[gh-pull-0584]):
  • These tests rely on epoch-based garbage collection (crossbeam-epoch) timing that is not guaranteed, causing intermittent failures.
  • Fixed #539[gh-issue-0539] and #580[gh-issue-0580].
  • To run these tests, set RUSTFLAGS='--cfg run_flaky_tests'.

Commits

• 616473e Merge pull request #586 from moka-rs/fix-flaky-cht-test-on-many-core-machines
• caf8c82 Apply cargo fmt
• 65ff433 Fix flaky test cht::segment::tests::drop_many_values on many-core machines
• fd103ad Update the change log for PR #586
• 5baf38c Fix flaky test cht::segment::tests::drop_many_values_concurrent
• 4b709c8 Merge pull request #585 from moka-rs/chore/prepare-v0.12.15
• 9e7c73b Remove an unused link from the change log
• fa14f78 Bump the version to v0.12.15
• 98968b3 Update the change log for v0.12.15
• 4c37fd4 Merge pull request #584 from moka-rs/chore/disable-flaky-tests-by-default
• Additional commits viewable in compare view

Updates num-conv from 0.2.0 to 0.2.1

Commits

• b9371fe v0.2.1 release
• b824ea0 Mark methods as inline
• 2ebd69f Add saturating, checked truncation
• 2683790 Remove non-normative info from licenses
• See full diff in compare view

Updates rustls-ffi from 0.15.0 to 0.15.1

Release notes

Sourced from rustls-ffi's releases.

0.15.1

This is a minor release with one security fix. It updates rustls to 0.23.37.

Security

Updates rustls-webpki to 0.103.10:

This update addresses RUSTSEC-2026-0049; a security issue affecting CRL revocation checking.

This low-impact vulnerability affects users of the rustls_web_pki_[server|client]_cert_verifier_builder APIs that populated CRLs with rustls_web_pki_server_cert_verifier_builder_add_crl(). If a certificate signed by a trusted certificate authority contained multiple CRL distribution points, only the first was checked against the CRL's issuing distribution point.

In a default configuration this oversight meant that revocation checking would fail-closed with an incorrect, but safe, RUSTLS_RESULT_CERT_UNKNOWN_ISSUER error.

If configured with rustls_web_pki_client_cert_verifier_allow_unknown_revocation_status(), then revocation checking would fail-open, potentially allowing use of certificate revoked by the CRL.

Inducing this bug requires a trusted certificate issuer to be compromised, which can result in more serious revocation bypasses and security issues.

Added

• version detection macros in the C header (rustls/rustls-ffi#576):

  • RUSTLS_VERSION_MAJOR, RUSTLS_VERSION_MINOR, RUSTLS_VERSION_PATCH individual version components as integers.
  • RUSTLS_VERSION_NUMBER - a single number encoding the version as (major << 16 | minor << 8 | patch).

• additional error variants (rustls/rustls-ffi#574):

  • RUSTLS_RESULT_CERT_REVOCATION_LIST_UNSUPPORTED_SIGNATURE_ALGORITHM - for CRL signature algorithm errors.
  • RUSTLS_RESULT_CERT_UNSUPPORTED_SIGNATURE_ALGORITHM - for certificate signature algorithm errors.

• rustls_platform_server_cert_verifier_try_with_provider() (rustls/rustls-ffi#574):

  • A safer alternative to rustls_platform_server_cert_verifier_with_provider with better error reporting. The older function for constructing a server cert verifier backed by the platform verifier is now deprecated.

• rustls_connection_get_tls13_tickets_received() (rustls/rustls-ffi#574):

  • Returns the number of TLS 1.3 tickets received by a client connection. This is FFI for the Rustls ClientConnection::tls13_tickets_received() API.

• rustls_client_connection_new_alpn() (rustls/rustls-ffi#566):

  • constructs a client rustls_connection with custom ALPN protocol support that differs from the base rustls_client_config.

Deprecated

• Deprecated functions are now visually annotated on the documentation website (rustls/rustls-ffi#584) and in the header file using the appropriate clang/GCC/MSVC attributes (rustls/rustls-ffi#579).

• Platform server cert verifier creation is now fallible, returning a rustls_result that must be handled appropriately. The pre-existing rustls_platform_server_cert_verifier_with_provider() is now deprecated in favor of rustls_platform_server_cert_verifier_try_with_provider().

Changed

• Post-quantum key exchange (X25519MLKEM768) is now preferred by default matching upstream rustls (rustls/rustls-ffi#566)

• An additional field is now exposed in rustls_client_hello (rustls/rustls-ffi#574):

  • named_groups - the supported key exchange groups advertised by the client.
  • This is a breaking change, but limited to the server-side

... (truncated)

Changelog

Sourced from rustls-ffi's changelog.

0.15.1 (2026-03-13)

This is a minor release with one security fix. It updates rustls to 0.23.37.

Security

Updates rustls-webpki to 0.103.10:

This update addresses RUSTSEC-2026-0049; a security issue affecting CRL revocation checking.

This low-impact vulnerability affects users of the rustls_web_pki_[server|client]_cert_verifier_builder APIs that populated CRLs with rustls_web_pki_server_cert_verifier_builder_add_crl(). If a certificate signed by a trusted certificate authority contained multiple CRL distribution points, only the first was checked against the CRL's issuing distribution point.

In a default configuration this oversight meant that revocation checking would fail-closed with an incorrect, but safe, RUSTLS_RESULT_CERT_UNKNOWN_ISSUER error.

If configured with rustls_web_pki_client_cert_verifier_allow_unknown_revocation_status(), then revocation checking would fail-open, potentially allowing use of certificate revoked by the CRL.

Inducing this bug requires a trusted certificate issuer to be compromised, which can result in more serious revocation bypasses and security issues.

Added

• version detection macros in the C header (rustls/rustls-ffi#576):

  • RUSTLS_VERSION_MAJOR, RUSTLS_VERSION_MINOR, RUSTLS_VERSION_PATCH individual version components as integers.
  • RUSTLS_VERSION_NUMBER - a single number encoding the version as (major << 16 | minor << 8 | patch).

• additional error variants (rustls/rustls-ffi#574):

  • RUSTLS_RESULT_CERT_REVOCATION_LIST_UNSUPPORTED_SIGNATURE_ALGORITHM - for CRL signature algorithm errors.
  • RUSTLS_RESULT_CERT_UNSUPPORTED_SIGNATURE_ALGORITHM - for certificate signature algorithm errors.

• rustls_platform_server_cert_verifier_try_with_provider() (rustls/rustls-ffi#574):

  • A safer alternative to rustls_platform_server_cert_verifier_with_provider

... (truncated)

Commits

• e30b027 Cargo: update rustls-webpki, aws-lc-[rs|sys|sys-fips]
• b2a9987 Update changelog
• cce1a1a Avoid hardcoding version in deb testing workflow
• c908298 Avoid parsing TOML with sed
• 5c17107 Move const to the bottom
• b8b010e Take rustls 0.23.37
• df954f4 Bump version to 0.15.1
• 894815f Take semver-compatible dependency updates
• 47cec92 build(deps): bump actions/download-artifact from 7 to 8
• 5e9fa38 build(deps): bump actions/upload-pages-artifact from 3 to 4
• Additional commits viewable in compare view

Updates rustls-platform-verifier from 0.5.3 to 0.6.2

Release notes

Sourced from rustls-platform-verifier's releases.

0.6.2

What's Changed

• Do not permanently attach JVM threads by @​complexspaces in rustls/rustls-platform-verifier#185
• ci: run iOS tests on ARM by @​djc in rustls/rustls-platform-verifier#192
• Allow macOS 10.12 and 10.13 to work by @​madsmtm in rustls/rustls-platform-verifier#194
• Allow use of windows-sys 0.61 by @​djc in rustls/rustls-platform-verifier#191
• Make cdylib crate type optional by @​filmor in rustls/rustls-platform-verifier#196

0.6.1

This version should fix the docs.rs build -- see #181.

What's Changed

• Add Kotlin Gradle script example to Android README section by @​complexspaces in rustls/rustls-platform-verifier#167
• Fix docs build for 0.6.0 by @​ctz in rustls/rustls-platform-verifier#182

Full ChangelogDescription has been truncated

[Copilot]

Pull request overview

This PR updates the workspace’s Cargo dependencies (including several major-version bumps) by adjusting crate manifests and regenerating Cargo.lock, keeping gitoxide’s Rust workspace up-to-date with upstream releases.

Changes:

• Bump winnow to 1.0.0 across multiple crates.
• Update selected direct deps (e.g., winreg, arc-swap, rusqlite) in affected crates.
• Refresh Cargo.lock to capture new resolved versions and transitive dependency changes.

Reviewed changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/tools/Cargo.toml	Bumps winnow dependency for the shared test tooling crate.
gix-ref/Cargo.toml	Bumps winnow used by reference parsing/storage logic.
gix-protocol/Cargo.toml	Bumps winnow used in protocol parsing utilities.
gix-path/Cargo.toml	Bumps winreg for Windows registry-based path discovery/tests.
gix-odb/Cargo.toml	Bumps arc-swap used by ODB internals.
gix-object/Cargo.toml	Bumps winnow used for object parsing/decoding.
gix-config/Cargo.toml	Bumps winnow used for config parsing.
gix-actor/Cargo.toml	Bumps winnow used for actor/signature parsing.
gitoxide-core/Cargo.toml	Bumps optional rusqlite used by core tooling features.
Cargo.lock	Updates resolved versions/checksums and transitive dependency graph.

[Eliah Kagan (EliahKagan)]

LGTM. Of the changes here, the non-dev-only direct dependencies upgraded are rusqlite, winnow, and arc-swap.

rusqlite and winnow are SemVer-breaking, but the changes in rusqlite seem to be pretty compatible. There's a change to hooks, but I don't think we use rusqlite hooks. The changes to winnow are much more extensive, but none of them seem to be in anything we're using, except for the change in feature flags, which what we're doing is still compatible with.

arc-swap is not SemVer-breaking, but it may have an adverse impact on performance, as summarized in the changelog with references to vorner/arc-swap#198 and vorner/arc-swap#200 are explained in greater detail. But it looks like an important correctness fix. I don't see a soundness advisory in RUSTSEC for it, but it looks like the change is fixing what had been potentially undefined behavior due to a use-after-free. See vorner/arc-swap#198 especially. So I think we should take this upgrade, but be aware of the possible performance degradation.

Ordinarily I might not mention that, but gix-odb uses it and that's an area where performance seems like it could be affected. I think this should be merged without waiting for benchmarks, and I also don't have time to benchmark right now. Sebastian Thiel (@Byron) If you think this should be assessed, then I can try to benchmark sometime soon.

[Sebastian Thiel (Byron)]

Sebastian Thiel (@Byron) If you think this should be assessed, then I can try to benchmark sometime soon.

Thanks for the detailed analysis of the PR! I don't think there is a need to benchmark it as the ODB performance is definitely dominated by other factors, like decoding objects. And even if there is something measurable, there is no other way but to 'eat' this correctness fix.