Skip to content

chore(deps): bump rustls from 0.23.40 to 0.23.41#19

Open
dependabot[bot] wants to merge 5 commits into
mainfrom
dependabot/cargo/rustls-0.23.41
Open

chore(deps): bump rustls from 0.23.40 to 0.23.41#19
dependabot[bot] wants to merge 5 commits into
mainfrom
dependabot/cargo/rustls-0.23.41

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps rustls from 0.23.40 to 0.23.41.

Commits
  • 642a103 ci: drop Taplo job
  • 752c144 Drop nightly clippy tests
  • 8d8611a Fix new clippy::useless-borrows-in-formatting
  • ebf3297 Fix new clippy::manual_clear
  • 46808e7 ci: sync cargo-check-external-types nightly
  • 041a8d2 Cargo deny: allow RUSTSEC-2026-0173
  • 62e220e Take semver-compatible dependency updates
  • 3c14696 Upgrade to hickory-resolver 0.26
  • 848a2cc connect-tests: delete ech.rs
  • 5ce9cac Bump version to 0.23.41
  • Additional commits viewable in compare view

spidy added 2 commits June 28, 2026 12:54
- Shared: RunCommandResponse fields for truncated/timed_out/duration_ms
- Agent: bounded capture with PGID tracking and output limit
- Server: RunCommand-based API exec with output collection
bump server: sanitize command string before writing to audit log.
Strip control characters, truncate to 512 chars to prevent log injection.
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jun 30, 2026
Require explicit trusted-proxy configuration, remove the example administrator login, and build the Kubernetes agent from the committed workspace lock. Helm now refuses implicit default service accounts and drops unused ConfigMap privileges. Update component pointers and prune vulnerable or unmaintained dependency paths.
@dependabot dependabot Bot force-pushed the dependabot/cargo/rustls-0.23.41 branch from fd868fd to ee4d55e Compare June 30, 2026 18:13
sppidy and others added 2 commits July 1, 2026 00:06
Use the default GitHub token for public recursive submodules so Dependabot pull requests can run without repository secrets. Include the server workspace member in the Kubernetes agent image checkout and trigger paths because its manifest is required by the hardened Docker build.
Bumps [rustls](https://github.com/rustls/rustls) from 0.23.40 to 0.23.41.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.40...v/0.23.41)

---
updated-dependencies:
- dependency-name: rustls
  dependency-version: 0.23.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@sppidy sppidy force-pushed the dependabot/cargo/rustls-0.23.41 branch from ee4d55e to b268964 Compare June 30, 2026 23:44
@sppidy sppidy force-pushed the main branch 2 times, most recently from 5c59612 to ef35864 Compare July 3, 2026 18:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant