Skip to content

Bump the major group across 1 directory with 11 updates#1632

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/major-fedbc73271
Closed

Bump the major group across 1 directory with 11 updates#1632
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/major-fedbc73271

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Nov 30, 2025
edited
Loading

Bumps the major group with 11 updates in the / directory:

Package From To
soroban-env-common 23.0.1 24.0.0
soroban-env-guest 23.0.1 24.0.0
soroban-env-host 23.0.1 24.0.0
stellar-strkey 0.0.13 0.0.14
stellar-xdr 23.0.0 24.0.0
rand 0.8.5 0.9.2
ctor 0.5.0 0.6.1
itertools 0.10.5 0.14.0
darling 0.20.10 0.21.3
thiserror 1.0.63 2.0.17
wasmparser 0.116.1 0.221.3

Updates soroban-env-common from 23.0.1 to 24.0.0

Release notes

Sourced from soroban-env-common's releases.

24.0.0

Administrative release, no changes since 23.0.2

v23.0.2

What's Changed

Full Changelog: stellar/rs-soroban-env@v23.0.1...v23.0.2

Commits

Updates soroban-env-guest from 23.0.1 to 24.0.0

Release notes

Sourced from soroban-env-guest's releases.

24.0.0

Administrative release, no changes since 23.0.2

v23.0.2

What's Changed

Full Changelog: stellar/rs-soroban-env@v23.0.1...v23.0.2

Commits

Updates soroban-env-host from 23.0.1 to 24.0.0

Release notes

Sourced from soroban-env-host's releases.

24.0.0

Administrative release, no changes since 23.0.2

v23.0.2

What's Changed

Full Changelog: stellar/rs-soroban-env@v23.0.1...v23.0.2

Commits

Updates stellar-strkey from 0.0.13 to 0.0.14

Release notes

Sourced from stellar-strkey's releases.

0.0.14

What's Changed

New Contributors

Full Changelog: stellar/rs-stellar-strkey@v0.0.13...v0.0.14

Commits
  • bb39b2f Bump version to 0.0.14 (#90)
  • b83c2e3 Fix debug output for SignedPayload struct in Debug implementation (#89)
  • 4c61b16 Make CLI embeddable in other CLIs (#85)
  • 62d4609 Add strkey encode and zero commands (#83)
  • 5c78cd7 Change CLI decode output to JSON (#82)
  • 6607d7f add serde traits to LiquidityPool and ClaimableBalance (#81)
  • 2d3a63a add dependabot.yml for version updates (#62)
  • 756de46 add git diff check to workflows (#80)
  • 077b929 update the version 0.0.13 in the fuzz Cargo.lock (#78)
  • 8d7ff89 add corpus samples for fuzz_roundtrip testing (#79)
  • See full diff in compare view

Updates stellar-xdr from 23.0.0 to 24.0.0

Release notes

Sourced from stellar-xdr's releases.

24.0.0

Administrative release, no changes since 23.0.0

Commits

Updates rand from 0.8.5 to 0.9.2

Changelog

Sourced from rand's changelog.

[0.9.2] - 2025-07-20

Deprecated

  • Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

  • Enable WeightedIndex<usize> (de)serialization (#1646)

[0.9.1] - 2025-04-17

Security and unsafe

  • Revise "not a crypto library" policy again (#1565)
  • Remove zerocopy dependency from rand (#1579)

Fixes

  • Fix feature simd_support for recent nightly rust (#1586)

Changes

  • Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#1623), reverting an undocumented change (#1382) to the previous release.

Additions

  • Add rand::distr::Alphabetic distribution. (#1587)
  • Re-export rand_core (#1604)

[0.9.0] - 2025-01-27

Security and unsafe

  • Policy: "rand is not a crypto library" (#1514)
  • Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
  • Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

  • Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
  • Update to rand_core v0.9.0 (#1558)

Features

  • Support std feature without getrandom or rand_chacha (#1354)
  • Enable feature small_rng by default (#1455)
  • Remove implicit feature rand_chacha; use std_rng instead. (#1473)
  • Rename feature serde1 to serde (#1477)
  • Rename feature getrandom to os_rng (#1537)
  • Add feature thread_rng (#1547)

API changes: rand_core traits

  • Add fn RngCore::read_adapter implementing std::io::Read (#1267)
  • Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#1273)
  • Add traits TryRngCore, TryCryptoRng (#1424, #1499)
  • Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#1424)
  • Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#1424)
  • Add bounds Clone and AsRef to associated type SeedableRng::Seed (#1491)

API changes: Rng trait and top-level fns

  • Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#1506)

... (truncated)

Commits

Updates ctor from 0.5.0 to 0.6.1

Commits

Updates itertools from 0.10.5 to 0.14.0

Changelog

Sourced from itertools's changelog.

0.14.0

Breaking

  • Increased MSRV to 1.63.0 (#960)
  • Removed generic parameter from cons_tuples (#988)

Added

  • Added array_combinations (#991)
  • Added k_smallest_relaxed and variants (#925)
  • Added next_array and collect_array (#560)
  • Implemented DoubleEndedIterator for FilterOk (#948)
  • Implemented DoubleEndedIterator for FilterMapOk (#950)

Changed

  • Allow Q: ?Sized in Itertools::contains (#971)
  • Improved hygiene of chain! (#943)
  • Improved into_group_map_by documentation (#1000)
  • Improved tree_reduce documentation (#955)
  • Improved discoverability of merge_join_by (#966)
  • Improved discoverability of take_while_inclusive (#972)
  • Improved documentation of find_or_last and find_or_first (#984)
  • Prevented exponentially large type sizes in tuple_combinations (#945)
  • Added track_caller attr for asser_equal (#976)

Notable Internal Changes

  • Fixed clippy lints (#956, #987, #1008)
  • Addressed warnings within doctests (#964)
  • CI: Run most tests with miri (#961)
  • CI: Speed up "cargo-semver-checks" action (#938)
  • Changed an instance of default_features in Cargo.toml to default-features (#985)

0.13.0

Breaking

  • Removed implementation of DoubleEndedIterator for ConsTuples (#853)
  • Made MultiProduct fused and fixed on an empty iterator (#835, #834)
  • Changed iproduct! to return tuples for maxi one iterator too (#870)
  • Changed PutBack::put_back to return the old value (#880)
  • Removed deprecated repeat_call, Itertools::{foreach, step, map_results, fold_results} (#878)
  • Removed TakeWhileInclusive::new (#912)

Added

  • Added Itertools::{smallest_by, smallest_by_key, largest, largest_by, largest_by_key} (#654, #885)
  • Added Itertools::tail (#899)
  • Implemented DoubleEndedIterator for ProcessResults (#910)
  • Implemented Debug for FormatWith (#931)
  • Added Itertools::get (#891)

Changed

  • Deprecated Itertools::group_by (renamed chunk_by) (#866, #879)

... (truncated)

Commits
  • a015a68 Add next_array and collect_array
  • a1213e1 Prepare v0.14.0 release
  • ff0c942 fix clippy lints
  • f80883b Fix into_group_map_by documentation errors
  • b793238 Add track_caller for asser_equal
  • 5d4056b default_features is deprecated - switch it to default-features
  • a447b68 doc for added trait
  • d0479b0 "nitpicks"
  • 35c78ce IndexMut -> BorrowMut<slice>
  • deb53ba refactored to share code
  • Additional commits viewable in compare view

Updates darling from 0.20.10 to 0.21.3

Release notes

Sourced from darling's releases.

v0.21.3

  • Fix: Forward Override::<T>::from_expr to T::from_expr #371

v0.21.2

  • Add #[darling(from_expr = ...)] when deriving FromMeta to support overriding the key-value form #369
  • Keep parsing the body and type params even if there are errors from parsing attributes. #7
  • Support #[darling(with = ...)] on the generics field when deriving FromDeriveInput.
  • Return an error, rather than panicking, when doing shape validation on a union. #365

v0.21.1

  • Track all alternate field names, and show them in error message if there aren't too many. #325
  • Track all alternate values for enum variants, and show them in error messages if there aren't too many. #362

v0.21.0

  • Potentially breaking: Emit error when an attribute path is present in both attributes and forward_attrs. #336
  • Support parsing attributes which contain keywords #238
  • Add SpannedValue::into_inner #342
  • Add #[darling(derive_syn_parse)] to also impl syn::parse::Parse when deriving FromMeta #285
  • Make impl FromMeta for syn::TypePath support both quote-wrapped and bare values #351
  • Add util::PreservedStrExpr #346
  • Impl UsesTypeParams and UsesLifetimes for WithOriginal #215
  • Update error message emitted by <() as FromMeta>::from_list to allow use of () as a #[darling(flatten)] target #353

v0.20.11

  • Support #[darling(with = ...)] on the data field when deriving FromDeriveInput. This allows the use of simpler receiver types, such as a Vec of enum variants.
  • Bump version of proc-macro2 to 1.0.86.
  • Accept closures for #[darling(with = ...)] on fields in FromDeriveInput, FromMeta, FromField, etc. #309
  • Add darling::util::Callable to accept a path or closure as a meta-item expression
  • Add #[darling(from_word = ...)] and #[darling(from_none = ...)] to control shorthand and fallback behaviors for structs and enums deriving FromMeta #320
  • Add FromMeta impl for syn::ExprRange #329
Changelog

Sourced from darling's changelog.

v0.21.3 (August 22, 2025)

  • Fix: Forward Override::<T>::from_expr to T::from_expr #371

v0.21.2 (August 14, 2025)

  • Add #[darling(from_expr = ...)] when deriving FromMeta to support overriding the key-value form #369
  • Keep parsing the body and type params even if there are errors from parsing attributes. #7
  • Support #[darling(with = ...)] on the generics field when deriving FromDeriveInput.
  • Return an error, rather than panicking, when doing shape validation on a union. #365

v0.21.1 (August 4, 2025)

  • Track all alternate field names, and show them in error message if there aren't too many. #325
  • Track all alternate values for enum variants, and show them in error messages if there aren't too many. #362

v0.21.0 (July 10, 2025)

  • Potentially breaking: Emit error when an attribute path is present in both attributes and forward_attrs. #336
  • Support parsing attributes which contain keywords #238
  • Add SpannedValue::into_inner #342
  • Add #[darling(derive_syn_parse)] to also impl syn::parse::Parse when deriving FromMeta #285
  • Make impl FromMeta for syn::TypePath support both quote-wrapped and bare values #351
  • Add util::PreservedStrExpr #346
  • Impl UsesTypeParams and UsesLifetimes for WithOriginal #215
  • Update error message emitted by <() as FromMeta>::from_list to allow use of () as a #[darling(flatten)] target #353

v0.20.11 (March 28, 2025)

  • Support #[darling(with = ...)] on the data field when deriving FromDeriveInput. This allows the use of simpler receiver types, such as a Vec of enum variants.
  • Bump version of proc-macro2 to 1.0.86.
  • Accept closures for #[darling(with = ...)] on fields in FromDeriveInput, FromMeta, FromField, etc. #309
  • Add darling::util::Callable to accept a path or closure as a meta-item expression
  • Add #[darling(from_word = ...)] and #[darling(from_none = ...)] to control shorthand and fallback behaviors for structs and enums deriving FromMeta #320
  • Add FromMeta impl for syn::ExprRange #329
Commits
  • f21aa2c Bump version to 0.21.3
  • 84f6fba Directly forward non-paths in Override
  • 138c450 Override Override::from_expr (#372)
  • 65d73d1 Bump version to 0.21.2
  • 3e65b82 Update changelog
  • f9c8222 Expose from_expr option when deriving FromMeta (#370)
  • 59a46eb Don't panic if shape validation is used with a union
  • f5b7aef Change rust-version to make lock file versioning work
  • 90a3132 Fix clippy violation
  • 50a814d Enable #[darling(with = ...)] for generics field
  • Additional commits viewable in compare view

Updates thiserror from 1.0.63 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

  • Use differently named __private module per patch release (#434)

2.0.16

  • Add to "no-std" crates.io category (#429)

2.0.15

  • Prevent Error::provide API becoming unavailable from a future new compiler lint (#427)

2.0.14

  • Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#426)

2.0.13

  • Documentation improvements

2.0.12

  • Prevent elidable_lifetime_names pedantic clippy lint in generated impl (#413)

2.0.11

2.0.10

  • Support errors containing a generic type parameter's associated type in a field (#408)

2.0.9

  • Work around missing_inline_in_public_items clippy restriction being triggered in macro-generated code (#404)

2.0.8

  • Improve support for macro-generated derive(Error) call sites (#399)

2.0.7

  • Work around conflict with #[deny(clippy::allow_attributes)] (#397, thanks @​zertosh)

2.0.6

  • Suppress deprecation warning on generated From impls (#396)

2.0.5

  • Prevent deprecation warning on generated impl for deprecated type (#394)

2.0.4

  • Eliminate needless_lifetimes clippy lint in generated From impls (#391, thanks @​matt-phylum)

2.0.3

  • Support the same Path field being repeated in both Debug and Display representation in error message (#383)
  • Improve error message when a format trait used in error message is not implemented by some field (#384)

2.0.2

  • Fix hang on invalid input inside #[error(...)] attribute (#382)

2.0.1

... (truncated)

Commits
  • 72ae716 Release 2.0.17
  • 599fdce Merge pull request #434 from dtolnay/private
  • 9ec05f6 Use differently named __private module per patch release
  • d2c492b Raise minimum tested compiler to rust 1.76
  • fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
  • 819fe29 Update ui test suite to nightly-2025-09-12
  • 259f48c Enforce trybuild >= 1.0.108
  • 470e6a6 Update ui test suite to nightly-2025-08-24
  • 544e191 Update actions/checkout@v4 -> v5
  • cbc1eba Delete duplicate cap-lints flag from build script
  • Additional commits viewable in compare view

Updates wasmparser from 0.116.1 to 0.221.3

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Nov 30, 2025
@socket-security
Copy link
Copy Markdown

socket-security bot commented Nov 30, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedthiserror@​1.0.63 ⏵ 2.0.178010093100100
Addedwasmparser@​0.221.38210093100100
Addedsoroban-env-host@​25.0.086100100100100
Addedstellar-strkey@​0.0.1589100100100100
Addedsoroban-env-common@​25.0.091100100100100
Addedstellar-xdr@​25.0.093100100100100
Addeditertools@​0.14.010010093100100
Addedrand@​0.9.210010093100100
Addedsoroban-env-guest@​25.0.010010093100100
Addedctor@​0.6.310010093100100
Updateddarling@​0.20.10 ⏵ 0.23.010010093100100

View full report

@dependabot dependabot bot force-pushed the dependabot/cargo/major-fedbc73271 branch 4 times, most recently from 51ea868 to 7bbf3d8 Compare December 18, 2025 11:37
@dependabot @github
Copy link
Copy Markdown
Author

dependabot bot commented on behalf of github Dec 18, 2025

Dependabot couldn't access the repository. Because of this, Dependabot cannot update this pull request.

@dependabot dependabot bot force-pushed the dependabot/cargo/major-fedbc73271 branch 2 times, most recently from 5fe6cf4 to 007d6e1 Compare December 21, 2025 02:09
@dependabot
Bump the major group across 1 directory with 11 updates
6916e82 
Bumps the major group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [soroban-env-common](https://github.com/stellar/rs-soroban-env) | `23.0.1` | `24.0.0` |
| [soroban-env-guest](https://github.com/stellar/rs-soroban-env) | `23.0.1` | `24.0.0` |
| [soroban-env-host](https://github.com/stellar/rs-soroban-env) | `23.0.1` | `24.0.0` |
| [stellar-strkey](https://github.com/stellar/rs-stellar-strkey) | `0.0.13` | `0.0.14` |
| [stellar-xdr](https://github.com/stellar/rs-stellar-xdr) | `23.0.0` | `24.0.0` |
| [rand](https://github.com/rust-random/rand) | `0.8.5` | `0.9.2` |
| [ctor](https://github.com/mmastrac/rust-ctor) | `0.5.0` | `0.6.1` |
| [itertools](https://github.com/rust-itertools/itertools) | `0.10.5` | `0.14.0` |
| [darling](https://github.com/TedDriggs/darling) | `0.20.10` | `0.21.3` |
| [thiserror](https://github.com/dtolnay/thiserror) | `1.0.63` | `2.0.17` |
| [wasmparser](https://github.com/bytecodealliance/wasm-tools) | `0.116.1` | `0.221.3` |



Updates `soroban-env-common` from 23.0.1 to 24.0.0
- [Release notes](https://github.com/stellar/rs-soroban-env/releases)
- [Commits](stellar/rs-soroban-env@v23.0.1...v24.0.0)

Updates `soroban-env-guest` from 23.0.1 to 24.0.0
- [Release notes](https://github.com/stellar/rs-soroban-env/releases)
- [Commits](stellar/rs-soroban-env@v23.0.1...v24.0.0)

Updates `soroban-env-host` from 23.0.1 to 24.0.0
- [Release notes](https://github.com/stellar/rs-soroban-env/releases)
- [Commits](stellar/rs-soroban-env@v23.0.1...v24.0.0)

Updates `stellar-strkey` from 0.0.13 to 0.0.14
- [Release notes](https://github.com/stellar/rs-stellar-strkey/releases)
- [Commits](stellar/rs-stellar-strkey@v0.0.13...v0.0.14)

Updates `stellar-xdr` from 23.0.0 to 24.0.0
- [Release notes](https://github.com/stellar/rs-stellar-xdr/releases)
- [Commits](stellar/rs-stellar-xdr@v23.0.0...v24.0.0)

Updates `rand` from 0.8.5 to 0.9.2
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.5...rand_core-0.9.2)

Updates `ctor` from 0.5.0 to 0.6.1
- [Commits](https://github.com/mmastrac/rust-ctor/commits)

Updates `itertools` from 0.10.5 to 0.14.0
- [Changelog](https://github.com/rust-itertools/itertools/blob/master/CHANGELOG.md)
- [Commits](rust-itertools/itertools@v0.10.5...v0.14.0)

Updates `darling` from 0.20.10 to 0.21.3
- [Release notes](https://github.com/TedDriggs/darling/releases)
- [Changelog](https://github.com/TedDriggs/darling/blob/master/CHANGELOG.md)
- [Commits](TedDriggs/darling@v0.20.10...v0.21.3)

Updates `thiserror` from 1.0.63 to 2.0.17
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](dtolnay/thiserror@1.0.63...2.0.17)

Updates `wasmparser` from 0.116.1 to 0.221.3
- [Release notes](https://github.com/bytecodealliance/wasm-tools/releases)
- [Commits](https://github.com/bytecodealliance/wasm-tools/commits)

---
updated-dependencies:
- dependency-name: soroban-env-common
  dependency-version: 24.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: soroban-env-guest
  dependency-version: 24.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: soroban-env-host
  dependency-version: 24.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: stellar-strkey
  dependency-version: 0.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: major
- dependency-name: stellar-xdr
  dependency-version: 24.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: rand
  dependency-version: 0.9.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
- dependency-name: ctor
  dependency-version: 0.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
- dependency-name: itertools
  dependency-version: 0.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
- dependency-name: darling
  dependency-version: 0.21.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
- dependency-name: thiserror
  dependency-version: 2.0.17
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: wasmparser
  dependency-version: 0.221.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/cargo/major-fedbc73271 branch from 007d6e1 to 6916e82 Compare January 11, 2026 02:10
@socket-security
Copy link
Copy Markdown

socket-security bot commented Jan 11, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: cargo foldhash under Zlib

Location: Package overview

From: ?cargo/wasmparser@0.221.3cargo/foldhash@0.1.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/foldhash@0.1.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot @github
Copy link
Copy Markdown
Author

dependabot bot commented on behalf of github Jan 18, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jan 18, 2026
@dependabot dependabot bot deleted the dependabot/cargo/major-fedbc73271 branch January 18, 2026 02:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants