Skip to content

chore(deps): bump the rust-dependencies group with 4 updates#5354

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/rust-dependencies-96e6d2bb71
Open

chore(deps): bump the rust-dependencies group with 4 updates#5354
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/rust-dependencies-96e6d2bb71

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 2, 2026

Bumps the rust-dependencies group with 4 updates: mimalloc-safe, reqwest, rustls and thin-vec.

Updates mimalloc-safe from 0.1.57 to 0.1.58

Release notes

Sourced from mimalloc-safe's releases.

mimalloc-safe-v0.1.58

Chore

  • Updated the following local packages: libmimalloc-sys2
Changelog

Sourced from mimalloc-safe's changelog.

[0.1.58] - 2026-04-25

Chore

  • Updated the following local packages: libmimalloc-sys2
Commits
  • c4855c7 chore: release (#56)
  • 39c3a51 chore(deps): update mimalloc submodules to latest versions (#60)
  • 25ad720 fix mimalloc library name in cases where opt-level has been set for dev pro...
  • fdf763b chore(deps): update yarn to v4.14.1 (#57)
  • See full diff in compare view

Updates reqwest from 0.13.2 to 0.13.3

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.
Commits

Updates rustls from 0.23.39 to 0.23.40

Commits
  • b44c09f Prepare 0.23.40
  • e7a555f Prefer Ord::max to core::cmp
  • c0005be ech: base inner name padding on actual extension
  • 4e49529 ech: test inner name padding
  • 3e06ef1 ech: add both name and "gross" padding
  • c574ffd ech: avoid short-lived allocation for padding
  • 8bf935c ech: pop comment from match arm
  • 9088004 ech: expand maximum_name_length to usize ASAP
  • a612901 Default require_ems based on CryptoProvider FIPS status
  • See full diff in compare view

Updates thin-vec from 0.2.16 to 0.2.18

Changelog

Sourced from thin-vec's changelog.

Versions 0.2.17 and 0.2.18 (2026-04-29)

  • Fix compiling some feature combinations in no_std mode
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the rust-dependencies group with 4 updates
4cba3d1 
Bumps the rust-dependencies group with 4 updates: [mimalloc-safe](https://github.com/napi-rs/mimalloc-safe), [reqwest](https://github.com/seanmonstar/reqwest), [rustls](https://github.com/rustls/rustls) and [thin-vec](https://github.com/mozilla/thin-vec).


Updates `mimalloc-safe` from 0.1.57 to 0.1.58
- [Release notes](https://github.com/napi-rs/mimalloc-safe/releases)
- [Changelog](https://github.com/napi-rs/mimalloc-safe/blob/main/CHANGELOG.md)
- [Commits](napi-rs/mimalloc-safe@mimalloc-safe-v0.1.57...mimalloc-safe-v0.1.58)

Updates `reqwest` from 0.13.2 to 0.13.3
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.13.2...v0.13.3)

Updates `rustls` from 0.23.39 to 0.23.40
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.39...v/0.23.40)

Updates `thin-vec` from 0.2.16 to 0.2.18
- [Changelog](https://github.com/mozilla/thin-vec/blob/main/RELEASES.md)
- [Commits](https://github.com/mozilla/thin-vec/commits)

---
updated-dependencies:
- dependency-name: mimalloc-safe
  dependency-version: 0.1.58
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: reqwest
  dependency-version: 0.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: rustls
  dependency-version: 0.23.40
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: thin-vec
  dependency-version: 0.2.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the C-Dependencies Pull requests that update a dependency file label May 2, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 2, 2026 08:06
@github-actions github-actions Bot added the Waiting On Review Waiting on reviews from the maintainers label May 2, 2026
@github-actions github-actions Bot added this to the v1.0.0 milestone May 2, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 2, 2026

Test262 conformance changes

Test result main count PR count difference
Total 53,125 53,125 0
Passed 51,051 51,051 0
Ignored 1,482 1,482 0
Failed 592 592 0
Panics 0 0 0
Conformance 96.10% 96.10% 0.00%

Tested main commit: 8820b77750be087bff9448e6091baec9c8490f58
Tested PR commit: 4cba3d185fb618d3e458e29ddca45041a212ec48
Compare commits: 8820b77...4cba3d1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

C-Dependencies Pull requests that update a dependency file Waiting On Review Waiting on reviews from the maintainers

Projects

None yet

Milestone

v1.0.0

Development

Successfully merging this pull request may close these issues.

0 participants