Skip to content

deps(rust): bump the cargo-misc group across 1 directory with 3 updates #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

deps(rust): bump the cargo-misc group across 1 directory with 3 updates #73

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 15, 2026
edited
Loading

Bumps the cargo-misc group with 3 updates in the /apps/desktop/src-tauri directory: url, chrono and keyring.

Updates url from 2.5.7 to 2.5.8

Commits

Updates chrono from 0.4.42 to 0.4.43

Release notes

Sourced from chrono's releases.

0.4.43

What's Changed

Commits
  • 45caaa9 Update copyright year to 2026 in LICENSE.txt
  • 1c0b8f0 Bump version to 0.4.43
  • a03e43b Upgrade windows-bindgen to 0.66
  • 4fedaba Ignore bincode advisory
  • f4b7bbd Bump actions/checkout from 5 to 6
  • db12973 Added doctest for the NaiveDate years_since function (#1755)
  • 34b5f49 chore: minor improvement for docs
  • 8c82711 Bump actions/setup-node from 5 to 6
  • ea1f11b Drop deny lints, eager Debug impls are a mixed blessing
  • 35f9f2d Add feature gated defmt support.
  • Additional commits viewable in compare view

Updates keyring from 2.3.3 to 3.6.3

Release notes

Sourced from keyring's releases.

v3.6.3: Likely final release of v3

This release integrates a few important bug fixes (thanks @​vermiculus, @​unkcpz) that have come in since the release of v3.6.2, and is the last release expected for the v3 series. The release of v4 is expected in about a month, and it will bring significant changes:

  • the cross-platform API will become its own crate: keyring-core.
  • each credential store will become its own store.
  • this crate will become an example of how to write a keyring-based application.

PLEASE NOTE: with this release, the main branch has changed significantly. What was on the main branch has moved to be a v4 branch, and the main branch was reverted to v3.6.2 and then had bug fix commits added on. If you have an existing fork of this repository, you should immediately sync your repo by choosing the "discard commits" option, which will take your repo back to v3.6.2 and then pull the newer commits. Then, if you have development work on one of your other branches, you should rebase that work onto the updated main.

v3.6.2: better docs, lighter-weight tests

Thanks to @​unkcpz, this release fully documents all the platform-specific modules in each platform on docs.rs.

The dev dependencies (used for testing) have been switched from using rand to using the lighter-weight module fastrand.

There are no functional code changes in this release, only test changes.

v3.6.1: Update dependencies

Two of the dependencies (openssl and whoami) were discovered to have vulnerabilities which were fixed in minor or patch releases. This crate has been updated to insist that the minor/patch release number of these dependencies is high enough to ensure use of a patched version.

There is no reason to think that the vulnerabilities in these dependencies could have been exercised through this crate. In addition, builds of clients done after the dependencies were patched would have already picked up the non-vulnerable versions. So this change is simply to ensure that future builds cannot use the vulnerable versions.

There are no code changes in this release.

v3.6.0: Add new combination keystore

This release contains a new credential store for Linux: a combination of keyutils (for use by headless processes) and secret service (for persistence of credentials beyond reboot). Thanks very much to @​soywod for the contribution!

v3.5.0: Add debug logging of internal operations

  • Add debug logging of internal operations (thanks to @​soywod).
  • Revert iOS security-framework dependency to v2 (see #225).

v3.4.0: allow simultaneous use of secret-service and keyutils

As pointed out in #214, it is possible to use both the secret-service and the keyutils credential stores at the same time, so this should be an allowed combination of specified features. This release allows that combination, selecting the secret-service as the default keystore but also loading the keyutils keystore.

v3.3.0: Support additional credential store attributes

  • Add support for credential-store attributes other than those used by this crate. This allows the creation of credentials that are more compatible with 3rd-party clients, such as the OS-provided GUIs over credentials. Fixes #208.
  • Make the textual descriptions of entries consistently follow the form user@service (or user@service:target if a target was specified).

v3.2.1: Re-enable access to v1 credentials

The v3.2.0 release, which fixed #204, had an unfortunate side effect: it broke compatibility with credentials that were originally written by a v1.x release (see #207). This bug-fix release restores that compatibility.

With this change, the CLI changes in v3.2.0 have been reverted, because they are no longer necessary.

v3.2.0: Improve secret-service handling of targets

As reported in #201 and now fixed in #204, the secret-service credential store implementation could not disambiguate credentials that were created with different targets unless the collections containing those targets had already been unlocked.

The fix for this issue introduces a compatibility break: secret-service credentials created by the keyring v1 implementation, which were readable using platform-independent code in keyring v2, are no longer readable without using platform-specific code in v3. The necessary platform-specific code is very simple, and it has been added to the CLI (both for documentation purposes and to allow the CLI to access v1 credentials). The comments in issue #204 explain why the decision was made to add this secret-service-specific compatibility break; these include the fact that keyring v2 was released 18 months ago so only those users who haven't changed their password in a very long time would still have a v1 credential in their secret-service store.

The README has been updated to address this compatibility break and to provide recommendations for keyring clients who want to update their code to make sure users with old credentials are not impacted.

v3.1.0: enhance the CLI

... (truncated)

Commits
  • 315cbdf Credits for v3.6.3 release.
  • edee747 Merge pull request #260 from open-source-cooperative/dependabot/cargo/windows...
  • a3470f1 Update windows-sys requirement from 0.59 to 0.60
  • f38b5e9 Cherry pick all contributions since 3.6.2.
  • b9af61d Zero out credential passwords before dealloc.
  • 19ec928 Don't clone returned passwords.
  • 46eebf5 windows: use static value for 'comment' attribute
  • 7b408ed Revert variable renaming
  • 88a3d6c Cosmetic fix: remove blank lines
  • afcc314 Implement default byte -> password conversion methods.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(rust): bump the cargo-misc group across 1 directory with 3 updates
fa7e31d 
Bumps the cargo-misc group with 3 updates in the /apps/desktop/src-tauri directory: [url](https://github.com/servo/rust-url), [chrono](https://github.com/chronotope/chrono) and [keyring](https://github.com/open-source-cooperative/keyring-rs).


Updates `url` from 2.5.7 to 2.5.8
- [Release notes](https://github.com/servo/rust-url/releases)
- [Commits](servo/rust-url@v2.5.7...v2.5.8)

Updates `chrono` from 0.4.42 to 0.4.43
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](chronotope/chrono@v0.4.42...v0.4.43)

Updates `keyring` from 2.3.3 to 3.6.3
- [Release notes](https://github.com/open-source-cooperative/keyring-rs/releases)
- [Commits](open-source-cooperative/keyring-rs@v2.3.3...v3.6.3)

---
updated-dependencies:
- dependency-name: url
  dependency-version: 2.5.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-misc
- dependency-name: chrono
  dependency-version: 0.4.43
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-misc
- dependency-name: keyring
  dependency-version: 3.6.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: cargo-misc
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 15, 2026

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@coderabbitai
Copy link

coderabbitai bot commented Jan 15, 2026

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant