search

rustls / rustls-native-certs

Integration with OS certificate stores for rustls
Other
196 stars 55 forks source link

Bump the crates-io group with 3 updates #129

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the crates-io group with 3 updates: rustls-webpki, tempfile and webpki-roots.

Updates rustls-webpki from 0.102.6 to 0.102.7

Release notes

Sourced from rustls-webpki's releases.

0.102.7

  • Initial support for RFC 7250 "Raw public keys". A new RawPublicKeyEntity type has been added, offering a verify_signature() fn for verifying the signature over a given message using a raw public key produced from a pki_types::SubjectPublicKeyInfoDer instance.
  • Relaxed CRL requirements for certificates with CRL distribution point extensions. Previously the revocation checking logic only considered a CRL authoritative for a certificate when it had a CRL distribution point extension if the CRL also had an issuing distribution point extension that matched. This has now been relaxed to consider a CRL without any issuing distribution point extension as authoritative for certificates with a matching issuer.

What's Changed

New Contributors

Full Changelog: https://github.com/rustls/webpki/compare/v/0.102.6...v/0.102.7

Commits
  • 380a7d5 build(deps): bump the crates-io group with 2 updates
  • f067bda build(deps): bump the crates-io group with 2 updates
  • 99d73fc build(deps): bump the crates-io group with 2 updates
  • b244be4 Update version to 0.102.7
  • c8e6527 Add integration tests
  • 3a02ccc Add verification function that verifies signature with spki
  • c2ff93b build(deps): bump serde_json in the crates-io group
  • feff113 crl: CRL w/o IDP ext auth. for cert w/ DP
  • 6cd6d03 deny: deny multiple dependency versions
  • f74cf3e Update deny config
  • Additional commits viewable in compare view


Updates tempfile from 3.11.0 to 3.12.0

Changelog

Sourced from tempfile's changelog.

3.12.0

  • Add a keep(keep: bool) function to builder that suppresses delete-on-drop behavior (thanks to @​RalfJung).
  • Update windows-sys from 0.52 to 0.59.
Commits


Updates webpki-roots from 0.26.3 to 0.26.5

Release notes

Sourced from webpki-roots's releases.

0.26.5

New trust anchors

What's Changed

Full Changelog: https://github.com/rustls/webpki-roots/compare/v/0.26.4...v/0.26.5

0.26.4

  • New webpki-root-certs crate. This crate is similar to webpki-roots, but for use with other projects that require the full self-signed X.509 certificate for each trusted root. This is unnecessary overhead for webpki and rustls and you should prefer using webpki-roots for these projects.

What's Changed

Full Changelog: https://github.com/rustls/webpki-roots/compare/v/0.26.3...v/0.26.4

Commits
  • 1175f11 webpki-root(-certs): v0.26.5
  • dc6d7c8 aug 29th upstream ccadb updates
  • 10f8379 webpki-root-certs: 0.26.3 -> 0.26.4
  • ec9d1fa project: use symlinks for license files
  • 893b156 docs: update workspace README
  • dfdf31f ci: enforce consistent formatting
  • 2effb54 webpki-roots: use explicit lifetimes
  • 30ac407 webpki-root-certs: add initial crate, code generation
  • bd3b7bc Cargo: update pki-types 1 -> 1.8
  • 8e411bc tests: use values() for tls_roots_map iter
  • See full diff in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 1 month ago

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

djc commented 1 month ago

See #130.