From d30b5e66ae6e74f9557e42601a63eea5e2aecbaa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Aug 2025 07:47:12 +0000
Subject: [PATCH] build(deps): bump rustls from 0.23.29 to 0.23.31 in /rust
(#10120)
Bumps [rustls](https://github.com/rustls/rustls) from 0.23.29 to
0.23.31.
Commits
647ece1
Prepare 0.23.31b2831e7
rustls-bench: short circuit single threaded tests668231f
Improve testing of non-blocking complete_io()5e5d629
complete_io: make non-blocking error return reachable2a852c0
Exit complete_io loop as soon as no progress is made2f487cf
rustls-test: withdraw FailsReads helper41bfb22
rustls-test: add helper for non-blocking IO tests0ccbc63
Cargo: rustls version 0.23.29 -> 0.23.304c16f03
Fix: Do not try to call deframer on junk data6b9df65
sign: make public_key_to_spki() public- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
rust/Cargo.lock | 4 ++--
rust/Cargo.toml | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/rust/Cargo.lock b/rust/Cargo.lock
index 6a01e970d..3cbc1355c 100644
--- a/rust/Cargo.lock
+++ b/rust/Cargo.lock
@@ -6176,9 +6176,9 @@ dependencies = [
[[package]]
name = "rustls"
-version = "0.23.29"
+version = "0.23.31"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2491382039b29b9b11ff08b76ff6c97cf287671dbb74f0be44bda389fffe9bd1"
+checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc"
dependencies = [
"log",
"once_cell",
diff --git a/rust/Cargo.toml b/rust/Cargo.toml
index c32105f05..10296c4d1 100644
--- a/rust/Cargo.toml
+++ b/rust/Cargo.toml
@@ -139,7 +139,7 @@ resolv-conf = "0.7.3"
ringbuffer = "0.15.0"
roxmltree = "0.20"
rtnetlink = { version = "0.17.0", default-features = false, features = ["tokio_socket"] }
-rustls = { version = "0.23.29", default-features = false, features = ["ring"] }
+rustls = { version = "0.23.31", default-features = false, features = ["ring"] }
sadness-generator = "0.6.0"
sd-notify = "0.4.5" # This is a pure Rust re-implementation, so it isn't vulnerable to CVE-2024-3094
secrecy = "0.8"