Skip to content
This repository was archived by the owner on Feb 23, 2026. It is now read-only.

Bump the cargo-major group across 1 directory with 7 updates#17

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/cargo-major-9609973d3c
Open

Bump the cargo-major group across 1 directory with 7 updates#17
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/cargo-major-9609973d3c

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 30, 2025
edited
Loading

Bumps the cargo-major group with 7 updates in the / directory:

Package From To
cfg-if 0.1.10 1.0.0
jwt-compact 0.6.0 0.8.0
time 0.1.45 0.3.31
erased-serde 0.3.31 0.4.1
base64 0.21.5 0.22.1
worker 0.0.17 0.0.20
stellar-strkey 0.0.8 0.0.14

Updates cfg-if from 0.1.10 to 1.0.0

Changelog

Sourced from cfg-if's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

1.0.4 - 2025-10-15

  • Support cfg(true) and cfg(false) (#99)
  • Set and test a MSRV of 1.32
  • Have a single top-level rule

1.0.3 - 2025-08-19

  • Revert "Remove @__identity rule."

1.0.2 - 2025-08-19

  • Remove @__identity rule.

1.0.1 - 2025-06-09

  • Remove compiler-builtins from rustc-dep-of-std dependencies
  • Remove redundant configuration from Cargo.toml
  • More readable formatting and identifier names. (#39)
  • Add expanded example to readme (#38)
Commits

Updates jwt-compact from 0.6.0 to 0.8.0

Changelog

Sourced from jwt-compact's changelog.

0.8.0 - 2023-10-12

(All changes are relative compared to the 0.8.0-beta.1 release)

Added

  • Support floating-point timestamps in claims.

Security

  • Update ed25519-dalek dependency, fixing a potential vulnerability as described in RUSTSEC-2022-0093.
  • Replace unmaintained serde_cbor dependency with ciborium.

0.8.0-beta.1 - 2023-06-09

Added

  • Support padding in base64url encoding of certificate thumbprints in the JWT header.

Changed

  • Update secp256k1 and rsa dependencies.
  • Make JWT Header generic similar to Claims, so that it contain custom fields as per Section 4.2 of RFC 7515. Since Default is now implemented for all Header<T: Default>, one should use a new Header::empty() method to create an empty header, and Header::new() to create a header with custom fields.
  • Take Header<_> by reference in AlgorithmExt methods creating tokens (previously, it was taken by value).
  • Support custom-encoded certificate thumbprints in JWT Header by replacing types of the corresponding fields with a new Thumbprint enum. As an example, this allows hex-encoded thumbprints (which are then additionally base64url-encoded) produced by some software.

Deprecated

  • Deprecate validate_integrity and validate_for_signed_token methods in AlgorithmExt. An extended version of this functionality, which can validate tokens with custom headers, is now encapsulated in the new Validator type, which is returned by the new AlgorithmExt::validator() method.

0.7.0 - 2023-03-14

Changed

  • Update dependencies and bump minimum supported Rust version to 1.65.
  • Rename the with_rsa feature to rsa.
Commits

Updates time from 0.1.45 to 0.3.31

Release notes

Sourced from time's releases.

v0.3.31

See the changelog for details.

v0.3.30

See the changelog for details.

v0.3.29

See the changelog for details.

v0.3.28

See the changelog for details.

v0.3.27

See the changelog for details.

v0.3.26

See the changelog for details.

v0.3.25

See the changelog for details.

v0.3.24

See the changelog for details.

v0.3.23

See the changelog for details.

v0.3.22

See the changelog for details.

v0.3.21

See the changelog for details.

v0.3.20

See the changelog for details.

v0.3.19

See the changelog for details.

v0.3.18

See the changelog for details.

v0.3.17

See the changelog for details.

v0.3.16

See the changelog for details.

v0.3.15

See the changelog for details.

... (truncated)

Changelog

Sourced from time's changelog.

0.3.31 [2023-12-19]

Added

  • OffsetDateTime::new_in_offset
  • OffsetDateTime::new_utc

Changed

  • The valid range of UtcOffset has been expanded from ±23:59:59 to ±25:59:59. This is to support the full POSIX range while permitting infallible negation.

0.3.30 [2023-10-13]

Added

  • powerfmt::smart_display::SmartDisplay has been added for the main types in the library. These implementations ensure that values follow the requested fill, width, and alignment when using format! or similar macros. Display is implemented in terms of SmartDisplay.

Fixed

  • Large values no longer wrap around in release mode when using NumericalDuration or NumericalStdDuration.

0.3.29 [2023-09-24]

Added

  • Niche value optimization for Date has been added. Both Date and Option<Date> are four bytes.
  • Unit conversions have been added. It is now possible to write Second::per(Day), which returns the number of seconds in one day. See the types in the time::convert module for more information.

Changed

  • The diagnostic for --cfg unsound_local_offset has been removed.
  • #![feature(no_coverage)] was previously used internally for code coverage. It is no longer used, so it has been removed.
  • The default value for modifier::OffsetHour has been changed. This was unintentionally changed in v0.3.17 and went unnoticed until now. The sign is now only present if needed by default, as was the case previously. This does not affect any situation where format_description! or format_description::parse is used.

Fixed

  • Adding or subtracting a std::time::Duration to/from an OffsetDateTime will not result in integer overflow internally. It will still panic if the result is out of range.

... (truncated)

Commits

Updates erased-serde from 0.3.31 to 0.4.1

Release notes

Sourced from erased-serde's releases.

0.4.1

  • Fix panic when Serialize impl returns error that does not come from a Serializer (#100, thanks @​KodrAus)

0.4.0

This release includes a redesign of the erased serialization API (#93) with the following advantages:

  • Eliminates all reliance on unsafe code within the serialization implementation
  • Reduces overhead of erased serialization vs monomorphized serialization by a factor of 2 (#99)
  • Supports serializers which have non-'static Ok types

0.4.0-rc.1

No release notes provided.

Commits
  • 4726cdb Release 0.4.1
  • 4e04e70 Merge pull request #101 from dtolnay/sererror
  • c670c72 Preserve error message of errors originated from Serialize impl
  • 6893670 Ignore box_collection clippy lint
  • 7ddf6aa Merge pull request #100 from KodrAus/fix/failing-serialize-impl
  • 8227d20 handle the case where a Serialize fails without calling the Serializer
  • 160c153 Release 0.4.0
  • 2e48977 Merge pull request #99 from dtolnay/bench
  • 7349ad4 Add serialization benchmark
  • a8fdff9 Release 0.4.0-rc.1
  • Additional commits viewable in compare view

Updates base64 from 0.21.5 to 0.22.1

Changelog

Sourced from base64's changelog.

0.22.1

  • Correct the symbols used for the predefined alphabet::BIN_HEX.

0.22.0

  • DecodeSliceError::OutputSliceTooSmall is now conservative rather than precise. That is, the error will only occur if the decoded output cannot fit, meaning that Engine::decode_slice can now be used with exactly-sized output slices. As part of this, Engine::internal_decode now returns DecodeSliceError instead of DecodeError, but that is not expected to affect any external callers.
  • DecodeError::InvalidLength now refers specifically to the number of valid symbols being invalid (i.e. len % 4 == 1), rather than just the number of input bytes. This avoids confusing scenarios when based on interpretation you could make a case for either InvalidLength or InvalidByte being appropriate.
  • Decoding is somewhat faster (5-10%)

0.21.7

  • Support getting an alphabet's contents as a str via Alphabet::as_str()

0.21.6

  • Improved introductory documentation and example
Commits
  • e144006 v0.22.1
  • 64cca59 Merge pull request #271 from JobanSD/patch-1
  • 838355e Correct BinHex 4.0 alphabet according to specifications
  • bf15ccf Merge pull request #270 from marshallpierce/mp/clippy
  • fc6aabe Appease clippy
  • 9a518a2 Merge pull request #267 from bdura/patch-1
  • d96c80f Merge branch 'marshallpierce:master' into patch-1
  • 5d70ba7 Merge pull request #269 from marshallpierce/mp/decode-precisely
  • efb6c00 Release notes
  • 2b91084 Add some tests to boost coverage
  • Additional commits viewable in compare view

Updates worker from 0.0.17 to 0.0.20

Commits

Updates stellar-strkey from 0.0.8 to 0.0.14

Release notes

Sourced from stellar-strkey's releases.

0.0.14

What's Changed

New Contributors

Full Changelog: stellar/rs-stellar-strkey@v0.0.13...v0.0.14

0.0.13

What's Changed

Full Changelog: stellar/rs-stellar-strkey@v0.0.12...v0.0.13

0.0.12

What's Changed

Full Changelog: stellar/rs-stellar-strkey@v0.0.11...v0.0.12

0.0.11

What's Changed

Full Changelog: stellar/rs-stellar-strkey@v0.0.10...v0.0.11

0.0.10

What's Changed

... (truncated)

Commits
  • bb39b2f Bump version to 0.0.14 (#90)
  • b83c2e3 Fix debug output for SignedPayload struct in Debug implementation (#89)
  • 4c61b16 Make CLI embeddable in other CLIs (#85)
  • 62d4609 Add strkey encode and zero commands (#83)
  • 5c78cd7 Change CLI decode output to JSON (#82)
  • 6607d7f add serde traits to LiquidityPool and ClaimableBalance (#81)
  • 2d3a63a add dependabot.yml for version updates (#62)
  • 756de46 add git diff check to workflows (#80)
  • 077b929 update the version 0.0.13 in the fuzz Cargo.lock (#78)
  • 8d7ff89 add corpus samples for fuzz_roundtrip testing (#79)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the cargo-major group across 1 directory with 7 updates
7a7384f 
Bumps the cargo-major group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cfg-if](https://github.com/rust-lang/cfg-if) | `0.1.10` | `1.0.0` |
| [jwt-compact](https://github.com/slowli/jwt-compact) | `0.6.0` | `0.8.0` |
| [time](https://github.com/time-rs/time) | `0.1.45` | `0.3.31` |
| [erased-serde](https://github.com/dtolnay/erased-serde) | `0.3.31` | `0.4.1` |
| [base64](https://github.com/marshallpierce/rust-base64) | `0.21.5` | `0.22.1` |
| [worker](https://github.com/cloudflare/workers-rs) | `0.0.17` | `0.0.20` |
| [stellar-strkey](https://github.com/stellar/rs-stellar-strkey) | `0.0.8` | `0.0.14` |



Updates `cfg-if` from 0.1.10 to 1.0.0
- [Release notes](https://github.com/rust-lang/cfg-if/releases)
- [Changelog](https://github.com/rust-lang/cfg-if/blob/main/CHANGELOG.md)
- [Commits](rust-lang/cfg-if@0.1.10...1.0.0)

Updates `jwt-compact` from 0.6.0 to 0.8.0
- [Changelog](https://github.com/slowli/jwt-compact/blob/master/CHANGELOG.md)
- [Commits](slowli/jwt-compact@v0.6.0...v0.8.0)

Updates `time` from 0.1.45 to 0.3.31
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](https://github.com/time-rs/time/commits/v0.3.31)

Updates `erased-serde` from 0.3.31 to 0.4.1
- [Release notes](https://github.com/dtolnay/erased-serde/releases)
- [Commits](dtolnay/erased-serde@0.3.31...0.4.1)

Updates `base64` from 0.21.5 to 0.22.1
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md)
- [Commits](marshallpierce/rust-base64@v0.21.5...v0.22.1)

Updates `worker` from 0.0.17 to 0.0.20
- [Release notes](https://github.com/cloudflare/workers-rs/releases)
- [Commits](cloudflare/workers-rs@v0.0.17...v0.0.20)

Updates `stellar-strkey` from 0.0.8 to 0.0.14
- [Release notes](https://github.com/stellar/rs-stellar-strkey/releases)
- [Commits](stellar/rs-stellar-strkey@v0.0.8...v0.0.14)

---
updated-dependencies:
- dependency-name: cfg-if
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: cargo-major
- dependency-name: jwt-compact
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo-major
- dependency-name: time
  dependency-version: 0.3.31
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo-major
- dependency-name: erased-serde
  dependency-version: 0.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo-major
- dependency-name: base64
  dependency-version: 0.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo-major
- dependency-name: worker
  dependency-version: 0.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-major
- dependency-name: stellar-strkey
  dependency-version: 0.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Nov 30, 2025
@socket-security
Copy link

socket-security bot commented Nov 30, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedcargo/​erased-serde@​0.3.31 ⏵ 0.4.110010093100100
Updatedcargo/​jwt-compact@​0.6.0 ⏵ 0.8.010010093100100
Updatedcargo/​worker@​0.0.17 ⏵ 0.0.2010010093100100

View full report

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants