From e1b829424c55da6cef03070db042de44f3e30e14 Mon Sep 17 00:00:00 2001
From: GoClio <clio@biginformatics.net>
Date: Mon, 23 Mar 2026 04:10:13 -0500
Subject: [PATCH] =?UTF-8?q?fix:=20update=20rustls-webpki=200.103.9=20?=
 =?UTF-8?q?=E2=86=92=200.103.10=20(security=20alert=20#11)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Patches rustls-webpki from 0.103.9 to 0.103.10 to resolve Dependabot
alert #11 (medium severity):
> webpki: certificate revocation enforcement bug
> Affected: >= 0.101.0, < 0.103.10 | Fixed: 0.103.10

This is a Cargo.lock-only change (patch version bump), no API changes.
The 0.103.9 version is a transitive dep via reqwest → rustls 0.23.x.

Note: rustls-webpki 0.102.8 (via libsql → hyper-rustls 0.25 → rustls 0.22)
also remains vulnerable but requires libsql upstream to update to
hyper-rustls 0.27+. No patch available at this time.
---
 Cargo.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index eabe56a..97a3a04 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2143,7 +2143,7 @@ dependencies = [
  "once_cell",
  "ring",
  "rustls-pki-types",
- "rustls-webpki 0.103.9",
+ "rustls-webpki 0.103.10",
  "subtle",
  "zeroize",
 ]
@@ -2205,9 +2205,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.9"
+version = "0.103.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53"
+checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef"
 dependencies = [
  "ring",
  "rustls-pki-types",