chore(deps): bump the cargo group across 1 directory with 5 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the cargo group with 2 updates in the /robot-repo-automaton directory: quinn-proto and rustls-webpki.

Updates gix-date from 0.9.4 to 0.15.0

Release notes

Sourced from gix-date's releases.

gix-date v0.15.0

Commit Statistics

• 1 commit contributed to the release over the course of 10 calendar days.
• 12 days passed between releases.
• 0 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge branch 'release' (9327b73)

gix-date v0.14.0

New Features

• parse() now supports 'now', 'today' and 'yesterday'.

Commit Statistics

• 8 commits contributed to the release over the course of 18 calendar days.
• 18 days passed between releases.
• 1 commit was understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge pull request #2426 from apollocatlin/date-fix (a4b5ae5)
  • parse() now supports 'now', 'today' and 'yesterday'. (fdca563)
  • Remove unsafe UTF-8 conversions and add named relative date parsing (fca0fc5)
  • Merge pull request #2407 from GitoxideLabs/dependabot/cargo/cargo-fb4135702f (8bceefb)
  • Bump the cargo group with 59 updates (7ce3c55)
  • Merge pull request #2396 from GitoxideLabs/gix-error (e8612b5)
  • Adapt to changes in gix-error (a304f13)
  • Merge pull request #2393 from GitoxideLabs/report (f7d0975)

Changelog

Sourced from gix-date's changelog.

0.15.0 (2022-08-24)

Chore

• uniformize deny attributes

New Features

• Support for -c/--config in gix
• gix remote refs to list all remote references of a suitable remote. This takes into account either a named remote, or the remote associated with the current branch, or the default remote it could deduce or obtain from the configuration.
• use docsrs feature in code to show what is feature-gated automatically on docs.rs

Changed (BREAKING)

• remove gix free remote ref-list in favor of gix remote refs The functionality is the same, but the latter is built on top of a repository which is slightly less flexible, but preferable over maintaining a non-repo version.

Commit Statistics

• 15 commits contributed to the release over the course of 5 calendar days.
• 6 days passed between releases.
• 5 commits were understood as conventional.
• 1 unique issue was worked on: #450

Thanks Clippy

Clippy helped 1 time to make code idiomatic.

Commit Details

• #450
  • Support for -c CLI config overrides in gix config. (19c1746)
  • Remove gix free remote ref-list in favor of gix remote refs (dda9957)
  • Support for -c/--config in gix (45a30f0)
  • Refactor (e0be6e9)

... (truncated)

Commits

• ecf90fc Release gix-error v0.2.0, gix-date v0.15.0, gix-actor v0.40.0, gix-object v0....
• 9c3212b Progress report for February 2026
• 8836a64 Cleanup dependencies of gix-negotiate
• 000d58a Merge pull request #2423 from GitoxideLabs/gix-error
• e441fa9 Merge pull request #2438 from mystor/push-wvvuuwmrwlul
• 93f39fb Merge pull request #2440 from GitoxideLabs/improvements
• 94b35a1 fix: make status work despite broken or invalid symlinks.
• 325ac9f feat!: gix-error instead of thiserror in gix-mailmap
• 502eaa0 feat!: gix-error instead of thiserror in gix-quote
• 2d48c58 feat!: gix-error instead of thiserror in gix-bitmap
• Additional commits viewable in compare view

Updates gix-features from 0.39.1 to 0.46.1

Release notes

Sourced from gix-features's releases.

gix-features v0.46.1

Chore (BREAKING)

• Upgrade prodash and crosstermion to the latest version. This will fix the cargo deny issue as it brings in a newer lru crate.

Commit Statistics

• 8 commits contributed to the release over the course of 18 calendar days.
• 18 days passed between releases.
• 0 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge pull request #2410 from GitoxideLabs/dependabot/cargo/bytes-1.11.1 (7415d31)
  • Bump bytes from 1.11.0 to 1.11.1 (14d8909)
  • Merge pull request #2407 from GitoxideLabs/dependabot/cargo/cargo-fb4135702f (8bceefb)
  • Bump the cargo group with 59 updates (7ce3c55)
  • Merge pull request #2399 from musicinmybrain/zlib-rs-0.6 (a7f2348)
  • Use configuration to initialise default values for zlib inflate and deflate. (00cae95)
  • Update zlib-rs to 0.6.0 (2a8cdf1)
  • Merge pull request #2393 from GitoxideLabs/report (f7d0975)

Changelog

Sourced from gix-features's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.51.0 (2026-02-22)

0.50.0 (2026-01-22)

Commit Statistics

• 4 commits contributed to the release over the course of 12 calendar days.
• 21 days passed between releases.
• 0 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge pull request #2374 from GitoxideLabs/gix-error (25233ce)
  • Turn Exn::into_box() to Exn::into_inner(). (939b8fc)
  • Merge pull request #2352 from GitoxideLabs/gix-error (ae23762)
  • Adadpt exn to most pressing needs of gitoxide (abedade)

0.49.0 (2025-12-31)

0.48.0 (2025-12-22)

0.47.0 (2025-11-22)

New Features

• allow credential fill with gix credential fill to run without a repo

Other

• Remove doc_auto_cfg feature to fix docs.rs documentation. It is part of doc_cfg feature since rust-lang/rust#138907

... (truncated)

Commits

• d66ac10 Release gix-error v0.1.0, gix-date v0.14.0, gix-actor v0.39.0, gix-trace v0.1...
• 4fe8e38 Merge pull request #2428 from weihanglo/fix-loongarch64-musl-stat
• 7e25c34 fix(gix-index): handle loongarch64-musl stat struct field names
• 28fbeb8 Merge pull request #2420 from cruessler/remove-imara-diff-0-1-in-gix-blame
• f4064e5 refactor
• a4b5ae5 Merge pull request #2426 from apollocatlin/date-fix
• 4ec879f Adjust AI disclosure requirements
• fdca563 feat: parse() now supports 'now', 'today' and 'yesterday'.
• fca0fc5 Remove unsafe UTF-8 conversions and add named relative date parsing
• e4f016b Merge pull request #2400 from GitoxideLabs/gix-error
• Additional commits viewable in compare view

Updates gix-worktree-state from 0.15.0 to 0.27.0

Release notes

Sourced from gix-worktree-state's releases.

gix-worktree-state v0.27.0

Commit Statistics

• 3 commits contributed to the release over the course of 10 calendar days.
• 12 days passed between releases.
• 0 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge pull request #2377 from cruessler/add-sha-256-to-gix-commitgraph (228caf7)
  • Use GIX_TEST_FIXTURE_HASH for gix-commitgraph and gix-pack. (d51b858)
  • Merge branch 'release' (9327b73)

gix-worktree-state v0.26.0

Commit Statistics

• 3 commits contributed to the release over the course of 18 calendar days.
• 18 days passed between releases.
• 0 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge pull request #2407 from GitoxideLabs/dependabot/cargo/cargo-fb4135702f (8bceefb)
  • Bump the cargo group with 59 updates (7ce3c55)
  • Merge pull request #2393 from GitoxideLabs/report (f7d0975)

gix-worktree-state v0.25.0

Other

• Upon checkout of a file, truncate it to the length indicated by the blob Move the file stat update of the index entry to after the truncate

  Fixes issue with checkout on top of existing (larger) file having garbage data appended to the end of file unintentionally.

Commit Statistics

... (truncated)

Changelog

Sourced from gix-worktree-state's changelog.

0.27.0 (2023-06-22)

This release fixes a possibility for V1 fetches to deadlock if negotiation would span multiple rounds (see issue #882) for details.

New Features (BREAKING)

• list commit-graph entries by graph traversal, move commit-graph up to gix level. This is merely a debug tool to learn about generation numbers. All commit-graph commands now operate on a repository.

New Features

• gix --trace to also print tree-like instrumentation

• gix fetch --open-negotiation-graph[=limit] Open the negotiation graph as SVG, after optionally specifying a limit as rendering/layouting can be very slow.

  It's useful to see how the negotiation algorithm is reasoning about each commit.

• gix fetch --negotiation-info to provide additional information about the negotiation phase.

• bit revision list --svg to create a visual graph of commits. It's mainly a test of how well layout-rs performs.

Chore

• Add clippy::redundant-closure-for-method-calls lint

Commit Statistics

• 27 commits contributed to the release over the course of 10 calendar days.
• 15 days passed between releases.
• 6 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Thanks Clippy

Clippy helped 1 time to make code idiomatic.

Commit Details

... (truncated)

Commits

• ecf90fc Release gix-error v0.2.0, gix-date v0.15.0, gix-actor v0.40.0, gix-object v0....
• 9c3212b Progress report for February 2026
• 8836a64 Cleanup dependencies of gix-negotiate
• 000d58a Merge pull request #2423 from GitoxideLabs/gix-error
• e441fa9 Merge pull request #2438 from mystor/push-wvvuuwmrwlul
• 93f39fb Merge pull request #2440 from GitoxideLabs/improvements
• 94b35a1 fix: make status work despite broken or invalid symlinks.
• 325ac9f feat!: gix-error instead of thiserror in gix-mailmap
• 502eaa0 feat!: gix-error instead of thiserror in gix-quote
• 2d48c58 feat!: gix-error instead of thiserror in gix-bitmap
• Additional commits viewable in compare view

Updates quinn-proto from 0.11.13 to 0.11.14

Release notes

Sourced from quinn-proto's releases.

quinn-proto 0.11.14

@​jxs reported a denial of service issue in quinn-proto 5 days ago:

• GHSA-6xvm-j4wr-6v98

We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.

Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.

What's Changed

• Fix over-permissive proto dependency edge by @​Ralith in quinn-rs/quinn#2385
• 0.11.x: avoid unwrapping VarInt decoding during parameter parsing by @​djc in quinn-rs/quinn#2559

Commits

• 2c315aa proto: bump version to 0.11.14
• 8ad47f4 Use newer rustls-pki-types PEM parser API
• c81c028 ci: fix workflow syntax
• 0050172 ci: pin wasm-bindgen-cli version
• 8a6f82c Take semver-compatible dependency updates
• e52db4a Apply suggestions from clippy 1.91
• 6df7275 chore: Fix unnecessary_unwrap clippy
• c8eefa0 proto: avoid unwrapping varint decoding during parameters parsing
• 9723a97 fuzz: add fuzzing target for parsing transport parameters
• eaf0ef3 Fix over-permissive proto dependency edge (#2385)
• Additional commits viewable in compare view

Updates rustls-webpki from 0.103.9 to 0.103.10

Release notes

Sourced from rustls-webpki's releases.

0.103.10

Correct selection of candidate CRLs by Distribution Point and Issuing Distribution Point. If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored.

The impact was that correct provided CRLs would not be consulted to check revocation. With UnknownStatusPolicy::Deny (the default) this would lead to incorrect but safe Error::UnknownRevocationStatus. With UnknownStatusPolicy::Allow this would lead to inappropriate acceptance of revoked certificates.

This vulnerability is thought to be of limited impact. This is because both the certificate and CRL are signed -- an attacker would need to compromise a trusted issuing authority to trigger this bug. An attacker with such capabilities could likely bypass revocation checking through other more impactful means (such as publishing a valid, empty CRL.)

More likely, this bug would be latent in normal use, and an attacker could leverage faulty revocation checking to continue using a revoked credential.

This vulnerability is identified by GHSA-pwjx-qhcg-rvj4. Thank you to @​1seal for the report.

What's Changed

• Freshen up rel-0.103 by @​ctz in rustls/webpki#455
• Prepare 0.103.10 by @​ctz in rustls/webpki#458

Full Changelog: rustls/webpki@v/0.103.9...v/0.103.10

Commits

• 348ce01 Prepare 0.103.10
• dbde592 crl: fix authoritative_for() support for multiple URIs
• 9c4838e avoid std::prelude imports
• 009ef66 fix rust 1.94 ambiguous panic macro warnings
• c41360d build(deps): bump taiki-e/cache-cargo-install-action from 2 to 3
• e401d00 generate.py: reformat for black 2026.1.0
• 06cedec Take semver-compatible deps
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.