Bump the production-dependencies group across 1 directory with 25 updates by dependabot[bot] · Pull Request #93 · privy-io/rust-sdk

dependabot · 2026-01-19T08:39:35Z

Bumps the production-dependencies group with 25 updates in the / directory:

Package	From	To
reqwest	`0.12.24`	`0.13.1`
serde_json	`1.0.145`	`1.0.149`
tokio	`1.48.0`	`1.49.0`
uuid	`1.18.1`	`1.19.0`
base64	`0.21.7`	`0.22.1`
hpke	`0.12.0`	`0.13.0`
rand	`0.8.5`	`0.9.2`
thiserror	`2.0.17`	`2.0.18`
tracing	`0.1.41`	`0.1.44`
lru	`0.16.2`	`0.16.3`
alloy-primitives	`1.4.1`	`1.5.2`
jsonwebtoken	`9.3.1`	`10.2.0`
tracing-subscriber	`0.3.20`	`0.3.22`
chrono	`0.4.42`	`0.4.43`
tempfile	`3.23.0`	`3.24.0`
rand_chacha	`0.3.1`	`0.9.0`
solana-rpc-client	`3.0.10`	`3.1.3`
solana-system-interface	`2.0.0`	`3.0.0`
bincode	`1.3.3`	`3.0.0`
solana-transaction	`3.0.1`	`3.0.2`
secp256k1	`0.30.0`	`0.31.1`
quote	`1.0.42`	`1.0.43`
syn	`2.0.109`	`2.0.114`
proc-macro2	`1.0.103`	`1.0.105`
bytes	`1.10.1`	`1.11.0`

Updates reqwest from 0.12.24 to 0.13.1

Release notes

Sourced from reqwest's releases.

v0.13.1

What's Changed

http3: depend on quinn/rustls-aws-lc-rs to avoid ring dependency by @djc in seanmonstar/reqwest#2917

fix rustls on android by @seanmonstar in seanmonstar/reqwest#2918

Full Changelog: seanmonstar/reqwest@v0.13.0...v0.13.1

v0.13.0

Breaking changes

rustls is now the default TLS backend, instead of native-tls.

rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)

rustls-tls has been renamed to rustls.

rustls roots features removed, rustls-platform-verifier is used by default.

To use different roots, call tls_certs_only(your_roots).

native-tls now includes ALPN. To disable, use native-tls-no-alpn.

query and form are now crate features, disabled by default.

Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).

Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)

For example, prefer tls_backend_rustls() over use_rustls_tls().

Pull Requests in General

start 0.13 dev by @seanmonstar in seanmonstar/reqwest#2894

Make serde optional by introducing query, form features, and re-working WASM header parsing by @CathalMullan in seanmonstar/reqwest#2858

replace ClientBuilder::dns_resolver with dns_resolver2 by @seanmonstar in seanmonstar/reqwest#2898

feat: make Rustls the default TLS provider by @calavera in seanmonstar/reqwest#2897

feat: consolidate TLS options with rustls-platform-verifier by @seanmonstar in seanmonstar/reqwest#2891

remove long-deprecated methods: trust-dns and non-wasm-cors by @seanmonstar in seanmonstar/reqwest#2899

rename rustls-tls feature to just rustls by @seanmonstar in seanmonstar/reqwest#2900

remove deprecated features trust-dns and macos-system-configuration by @seanmonstar in seanmonstar/reqwest#2901

chore: separate rustls and rustls-no-provider features by @seanmonstar in seanmonstar/reqwest#2903

rustls: allow windows to use extra roots by @seanmonstar in seanmonstar/reqwest#2904

v0.13.0-rc.1 by @seanmonstar in seanmonstar/reqwest#2905

Enable ALPN by default in native-tls by @ducaale in seanmonstar/reqwest#2907

v0.13.0 by @seanmonstar in seanmonstar/reqwest#2915

New Contributors

@CathalMullan made their first contribution in seanmonstar/reqwest#2858

Full Changelog: seanmonstar/reqwest@v0.12.28...v0.13.0

v0.13.0-rc.1

👀 Discussion here if you give it try, thanks!

Main breaking changes

rustls is now default instead of native-tls

rustls provider defaults to aws-lc instead of ring (rustls-no-provider exists if you want to enable a different one)

rustls-tls renamed to rustls

rustls roots features removed, platform-verifier is used instead

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.1

Fixes compiling with rustls on Android targets.

v0.13.0

Breaking changes:

rustls is now the default TLS backend, instead of native-tls.

rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)

rustls-tls has been renamed to rustls.

rustls roots features removed, rustls-platform-verifier is used by default.

To use different roots, call tls_certs_only(your_roots).

native-tls now includes ALPN. To disable, use native-tls-no-alpn.

query and form are now crate features, disabled by default.

Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).

Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)

For example, prefer tls_backend_rustls() over use_rustls_tls().

v0.12.28

Fix compiling on Windows if TLS and SOCKS features are not enabled.

v0.12.27

Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Piper.

v0.12.26

Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

v0.12.25

Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.

Fix sending Proxy-Authorization if only username is configured.

Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.

Refactor internal decompression handling to use tower-http.

Commits

10fb98c v0.13.1
438098a chore: refer to h2 as dep:h2 (#2919)
43aac91 chore(ci): bump actions/checkout from 5 to 6 (#2864)
175f5b2 fix rustls on android (#2918)
1afe88e Depend on quinn/rustls-aws-lc-rs to avoid ring dependency (#2917)
62a80af v0.13.0
e8d89f4 enable ALPN by default in native-tls (#2907)
9a9daa7 v0.13.0-rc.1
d518e45 rustls: allow windows to use extra roots (#2904)
934bc84 chore: separate rustls and rustls-no-provider features (#2903)
Additional commits viewable in compare view

Updates serde_json from 1.0.145 to 1.0.149

Release notes

Sourced from serde_json's releases.

v1.0.149

Align arbitrary_precision number strings with zmij's formatting (#1306, thanks @b41sh)

v1.0.148

Update zmij dependency to 1.0

v1.0.147

Switch float-to-string algorithm from Ryū to Żmij for better f32 and f64 serialization performance (#1304)

v1.0.146

Set fast_arithmetic=64 for riscv64 (#1305, thanks @Xeonacid)

Commits

4f6dbfa Release 1.0.149
f3df680 Touch up PR 1306
e16730f Merge pull request #1306 from b41sh/fix-float-number-display
eeb2bcd Align arbitrary_precision number strings with zmij’s formatting
8b291c4 Release 1.0.148
1aefe15 Update to zmij 1.0
62d6e8d Release 1.0.147
fd829a6 Merge pull request #1304 from dtolnay/zmij
e757a3d Switch from ryu -> zmij for float formatting
75ad7e6 Release 1.0.146
Additional commits viewable in compare view

Updates tokio from 1.48.0 to 1.49.0

Release notes

Sourced from tokio's releases.

Tokio v1.49.0

1.49.0 (January 3rd, 2026)

Added

net: add support for TCLASS option on IPv6 (#7781)

runtime: stabilize runtime::id::Id (#7125)

task: implement Extend for JoinSet (#7195)

task: stabilize the LocalSet::id() (#7776)

Changed

net: deprecate {TcpStream,TcpSocket}::set_linger (#7752)

Fixed

macros: fix the hygiene issue of join! and try_join! (#7766)

runtime: revert "replace manual vtable definitions with Wake" (#7699)

sync: return TryRecvError::Disconnected from Receiver::try_recv after Receiver::close (#7686)

task: remove unnecessary trait bounds on the Debug implementation (#7720)

Unstable

fs: handle EINTR in fs::write for io-uring (#7786)

fs: support io-uring with tokio::fs::read (#7696)

runtime: disable io-uring on EPERM (#7724)

time: add alternative timer for better multicore scalability (#7467)

Documented

docs: fix a typos in bounded.rs and park.rs (#7817)

io: add SyncIoBridge cross-references to copy and copy_buf (#7798)

io: doc that AsyncWrite does not inherit from std::io::Write (#7705)

metrics: clarify that num_alive_tasks is not strongly consistent (#7614)

net: clarify the cancellation safety of the TcpStream::peek (#7305)

net: clarify the drop behavior of unix::OwnedWriteHalf (#7742)

net: clarify the platform-dependent backlog in TcpSocket docs (#7738)

runtime: mention LocalRuntime in new_current_thread docs (#7820)

sync: add missing period to mpsc::Sender::try_send docs (#7721)

sync: clarify the cancellation safety of oneshot::Receiver (#7780)

sync: improve the docs for the errors of mpsc (#7722)

task: add example for spawn_local usage on local runtime (#7689)

#7125: tokio-rs/tokio#7125 #7195: tokio-rs/tokio#7195 #7305: tokio-rs/tokio#7305 #7467: tokio-rs/tokio#7467 #7614: tokio-rs/tokio#7614 #7686: tokio-rs/tokio#7686 #7689: tokio-rs/tokio#7689

... (truncated)

Commits

e3b89bb chore: prepare Tokio v1.49.0 (#7824)
4f577b8 Merge 'tokio-1.47.3' into 'master'
f320197 chore: prepare Tokio v1.47.3 (#7823)
ea6b144 ci: freeze rustc on nightly-2025-01-25 in netlify.toml (#7652)
264e703 Merge tokio-1.43.4 into tokio-1.47.x (#7822)
dfb0f00 chore: prepare Tokio v1.43.4 (#7821)
4a91f19 ci: fix wasm32-wasip1 tests (#7788)
601c383 ci: upgrade FreeBSD from 14.2 to 14.3 (#7758)
484cb52 sync: return TryRecvError::Disconnected from Receiver::try_recv after `Re...
16f20c3 rt: mention LocalRuntime in new_current_thread docs (#7820)
Additional commits viewable in compare view

Updates uuid from 1.18.1 to 1.19.0

Release notes

Sourced from uuid's releases.

v1.19.0

What's Changed

Switch serde dependency to serde_core by @paolobarbolini in uuid-rs/uuid#843

Upgrade to 2021 edition and fix most clippy warnings by @paolobarbolini in uuid-rs/uuid#848

Prepare for 1.19.0 release by @KodrAus in uuid-rs/uuid#849

Full Changelog: uuid-rs/uuid@v1.18.1...v1.19.0

Commits

7527cef Merge pull request #849 from uuid-rs/cargo/v1.19.0
d0422fa prepare for 1.19.0 release
f9a36e2 Merge pull request #848 from paolobarbolini/maintenance
029a57e Fix most clippy warnings
e73bb27 Upgrade to 2021 edition
c597622 Merge pull request #843 from paolobarbolini/serde_core-migration
9835bd6 Switch serde dependency to serde_core
See full diff in compare view

Updates base64 from 0.21.7 to 0.22.1

Changelog

Sourced from base64's changelog.

0.22.1

Correct the symbols used for the predefined alphabet::BIN_HEX.

0.22.0

DecodeSliceError::OutputSliceTooSmall is now conservative rather than precise. That is, the error will only occur if the decoded output cannot fit, meaning that Engine::decode_slice can now be used with exactly-sized output slices. As part of this, Engine::internal_decode now returns DecodeSliceError instead of DecodeError, but that is not expected to affect any external callers.

DecodeError::InvalidLength now refers specifically to the number of valid symbols being invalid (i.e. len % 4 == 1), rather than just the number of input bytes. This avoids confusing scenarios when based on interpretation you could make a case for either InvalidLength or InvalidByte being appropriate.

Decoding is somewhat faster (5-10%)

Commits

e144006 v0.22.1
64cca59 Merge pull request #271 from JobanSD/patch-1
838355e Correct BinHex 4.0 alphabet according to specifications
bf15ccf Merge pull request #270 from marshallpierce/mp/clippy
fc6aabe Appease clippy
9a518a2 Merge pull request #267 from bdura/patch-1
d96c80f Merge branch 'marshallpierce:master' into patch-1
5d70ba7 Merge pull request #269 from marshallpierce/mp/decode-precisely
efb6c00 Release notes
2b91084 Add some tests to boost coverage
Additional commits viewable in compare view

Updates hpke from 0.12.0 to 0.13.0

Changelog

Sourced from hpke's changelog.

[0.13.0] - 2025-02-19

Changes

Made PskBundle require an explicit constructor that performs validation on inputs

Updated rand and rand_core to 0.9

Commits

a27764a Updated changelog, readme, and Cargo.toml for v0.13 (#75)
ba4014a Add PSK bundle validation (#72)
1f06ba1 Upgrade rand and rand_core to 0.9 (#73)
619875a Fix outdated documentation link in Cargo.toml (#70)
See full diff in compare view

Updates rand from 0.8.5 to 0.9.2

Changelog

Sourced from rand's changelog.

[0.9.2] - 2025-07-20

Deprecated

Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

Enable WeightedIndex<usize> (de)serialization (#1646)

[0.9.1] - 2025-04-17

Security and unsafe

Revise "not a crypto library" policy again (#1565)

Remove zerocopy dependency from rand (#1579)

Fixes

Fix feature simd_support for recent nightly rust (#1586)

Changes

Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#1623), reverting an undocumented change (#1382) to the previous release.

Additions

Add rand::distr::Alphabetic distribution. (#1587)

Re-export rand_core (#1604)

[0.9.0] - 2025-01-27

Security and unsafe

Policy: "rand is not a crypto library" (#1514)

Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)

Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version

Update to rand_core v0.9.0 (#1558)

Features

Support std feature without getrandom or rand_chacha (#1354)

Enable feature small_rng by default (#1455)

Remove implicit feature rand_chacha; use std_rng instead. (#1473)

Rename feature serde1 to serde (#1477)

Rename feature getrandom to os_rng (#1537)

Add feature thread_rng (#1547)

API changes: rand_core traits

Add fn RngCore::read_adapter implementing std::io::Read (#1267)

Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#1273)

Add traits TryRngCore, TryCryptoRng (#1424, #1499)

Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#1424)

Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#1424)

Add bounds Clone and AsRef to associated type SeedableRng::Seed (#1491)

API changes: Rng trait and top-level fns

Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#1506)

... (truncated)

Commits

d3dd415 Prepare rand_core 0.9.2 (#1605)
99fabd2 Prepare rand_core 0.9.2
c7fe1c4 rand: re-export rand_core (#1604)
db2b1e0 rand: re-export rand_core
ee1d96f rand_core: implement reborrow for UnwrapMut (#1595)
e0eb2ee rand_core: implement reborrow for UnwrapMut
975f602 fixup clippy 1.85 warnings
775b05b Relax Sized requirements for blanket impls (#1593)
ec6d5c0 Prepare rand_core v0.9.1 (#1591)
6a06056 rand_core: introduce an UnwrapMut wrapper (#1589)
Additional commits viewable in compare view

Updates thiserror from 2.0.17 to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

Make compatible with project-level needless_lifetimes = "forbid" (#443, thanks @LucaCappelletti94)

Commits

dc0f6a2 Release 2.0.18
0275292 Touch up PR 443
3c33bc6 Merge pull request #443 from LucaCappelletti94/master
995939c Reproduce issue 442
21653d1 Made clippy lifetime allows conditional
45e5388 Update actions/upload-artifact@v5 -> v6
386aac1 Update actions/upload-artifact@v4 -> v5
ec50561 Update actions/checkout@v5 -> v6
247eab5 Update name of empty_enum clippy lint
91b181f Raise required compiler to Rust 1.68
Additional commits viewable in compare view

Updates tracing from 0.1.41 to 0.1.44

Release notes

Sourced from tracing's releases.

tracing 0.1.44

Fixed

Fix record_all panic (#3432)

Changed

tracing-core: updated to 0.1.36 (#3440)

#3432: tokio-rs/tracing#3432 #3440: tokio-rs/tracing#3440

tracing 0.1.43

Important

The previous release [0.1.42] was yanked because #3382 was a breaking change. See further details in #3424. This release contains all the changes from that version, plus a revert for the problematic part of the breaking PR.

Fixed

Revert "make valueset macro sanitary" (#3425)

#3382: tokio-rs/tracing#3382 #3424: tokio-rs/tracing#3424 #3425: tokio-rs/tracing#3425 [0.1.42]: https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.42

tracing 0.1.42

Important

The [Span::record_all] method has been removed from the documented API. It was always unsuable via the documented API as it requried a ValueSet which has no publically documented constructors. The method remains, but should not be used outside of tracing macros.

Added

attributes: Support constant expressions as instrument field names (#3158)

Add record_all! macro for recording multiple values in one call (#3227)

core: Improve code generation at trace points significantly (#3398)

Changed

tracing-core: updated to 0.1.35 (#3414)

tracing-attributes: updated to 0.1.31 (#3417)

Fixed

Fix "name / parent" variant of event! (#2983)

... (truncated)

Commits

2d55f6f chore: prepare tracing 0.1.44 (#3439)
10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
ee82cf9 tracing: fix record_all panic (#3432)
9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
cc44064 chore: prepare tracing-subscriber 0.3.22 (#3428)
64e1c8d chore: prepare tracing 0.1.43 (#3427)
7c44f7b tracing: revert "make valueset macro sanitary" (#3425)
cdaf661 chore: prepare tracing-mock 0.1.0-beta.2 (#3422)
a164fd3 chore: prepare tracing-journald 0.3.2 (#3421)
405397b chore: prepare tracing-appender 0.2.4 (#3420)
Additional commits viewable in compare view

Updates lru from 0.16.2 to 0.16.3

Changelog

Sourced from lru's changelog.

v0.16.3 - 2026-01-07

Fix Stacked Borrows violation in IterMut.

Commits

af233e5 Merge pull request #225 from jeromefroe/jerome/prepare-0-16-3-release
cf56f9a Prepare 0.16.3 release
62be24c Merge pull request #224 from paolobarbolini/iter-mut-stacked-borrows-violation
25669e7 Add regression test for IterMut stacked borrows violation
b9bca34 Fix stacked borrows violation in IterMut::next and IterMut::next_back
See full diff in compare view

Updates alloy-primitives from 1.4.1 to 1.5.2

Release notes

Sourced from alloy-primitives's releases.

alloy-core v1.5.1

What's Changed

feat(primitives): add U256Map by @DaniPopes in alloy-rs/core#1052

feat: extract cache to a separate crate by @DaniPopes in alloy-rs/core#1053

Full Changelog: alloy-rs/core@v1.5.0...v1.5.1

alloy-core v1.5.0

What's Changed

chore: clippy by @DaniPopes in alloy-rs/core#1037

feat: add Bloom::accrue_logs method by @mattsse in alloy-rs/core#1039

docs: document allow(unexpected_cfgs) for wrap_fixed_bytes by @DaniPopes in alloy-rs/core#1043

feat(primitives): add Signature::as_rsy method by @mablr in alloy-rs/core#1041

chore(doc): Complete alloy-dyn-abi readme by @Pana in alloy-rs/core#1044

feat(primitives): add keccak256_cached by @DaniPopes in alloy-rs/core#1046

chore: rm all deprecations by @DaniPopes in alloy-rs/core#1048

feat(primitives): Add UintTryTo trait for Signed type by @AurelienFT in alloy-rs/core#1029

fix(primitives): cache keccaks up to 88 bytes by @DaniPopes in alloy-rs/core#1049

feat: add keccak256_uncached by @DaniPopes in alloy-rs/core#1050

feat: add rapidhash to available hashers by @DaniPopes in alloy-rs/core#1051

New Contributors

@Pana made their first contribution in alloy-rs/core#1044

Full Changelog: alloy-rs/core@v1.4.1...v1.5.0

Changelog

Sourced from alloy-primitives's changelog.

1.5.2 - 2025-12-22

Performance

[primitives] Always use FxHash for Fb* (#1054)

1.5.1 - 2025-12-18

Features

Extract cache to a separate crate (#1053)

[primitives] Add U256Map (#1052)

Miscellaneous Tasks

Release 1.5.1

1.5.0 - 2025-12-16

Bug Fixes

[primitives] Cache keccaks up to 88 bytes (#1049)

Documentation

Document allow(unexpected_cfgs) for wrap_fixed_bytes (#1043)

Features

Add rapidhash to available hashers (#1051)

Add keccak256_uncached (#1050)

[primitives] Add UintTryTo trait for Signed type (#1029)

[primitives] Add keccak256_cached (#1046)

[primitives] Add Signature::as_rsy method (#1041)

Add Bloom::accrue_logs method (#1039)

Miscellaneous Tasks

Release 1.5.0

Rm all deprecations (#1048)

[doc] Complete alloy-dyn-abi readme (#1044)

Clippy (#1037)

Testing

[primitives] Use correct keccak fn

Commits

3625aa0 chore: release 1.5.2
91b063e perf(primitives): always use FxHash for Fb* (#1054)
8b96902 chore: release 1.5.1
c699040 feat: extract cache to a separate crate (#1053)
83c19ab feat(primitives): add U256Map (#1052)
09e7503 chore: release 1.5.0
5f305da feat: add rapidhash to available hashers (#1051)
547695f feat: add keccak256_uncached (#1050)
d37ceb1 fix(primitives): cache keccaks up to 88 bytes (#1049)
6c62543 feat(primitives): Add UintTryTo trait for Signed type (#1029)
Additional commits viewable in compare view

Updates jsonwebtoken from 9.3.1 to 10.2.0

Changelog

Sourced from jsonwebtoken's changelog.

10.2.0 (2025-11-06)

Remove Clone bound from decode functions

10.1.0 (2025-10-18)

add dangerous::insecure_decode

Implement TryFrom &Jwk for DecodingKey

10.0.0 (2025-09-29)

BREAKING: now using traits for crypto backends, you have to choose between aws_lc_rs and rust_crypto

Add Clone bound to decode

Support decoding byte slices

Support JWS

Commits

53a3fc2 Do not fail for clippy
3226cfc Prepare for release
dfe58f9 Remove unnecessary Clone bounds from decode functions (#458)
9b3e19c Fix function names in README (#457)
655abeb Ready for release
d96982d Fix a few markdown issues in docs (#446)
fbcfd39 feat: add dangerous::insecure_decode (#441)
4ba3fce fix(docs): add rust_crypto feature to docs.rs build (#443)
29fa3b1 Implement TryFrom &Jwk for DecodingKey (#437)
1456755 Use DecodingKey::from_jwk to get DecodingKey from JWK in auth0 example (#430)
Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.20 to 0.3.22

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.22

Important

The previous release [0.3.21] was yanked as it depended explicitly on [tracing-0.1.42], which was yanked due to a breaking change (see #3424 for details). This release contains all the changes from the previous release, plus an update to the newer version of tracing.

Changed

tracing: updated to 0.1.43 (#3427)

#3424: tokio-rs/tracing#3424 #3427: tokio-rs/tracing#3427 [0.3.21]: https://github.com/tokio-rs/tracing/releases/tag/tracing-subscriber-0.3.21 [tracing-0.1.42]: https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.42

tracing-subscriber 0.3.21

Fixed

Change registry exit to decrement local span ref only (#3331)

Make Layered propagate on_register_dispatch (#3379)

Changed

tracing: updated to 0.1.42 (#3418)

Performance

Remove clone_span on enter (#3289)

Documented

Fix a few small things in the format module (#3339)

Fix extra closing brace in layer docs (#3350)

Fix link in FmtSpan docs (#3411)

#3289: tokio-rs/tracing#3289 #3331: tokio-rs/tracing#3331 #3339: tokio-rs/tracing#3339

…ates Bumps the production-dependencies group with 25 updates in the / directory: | Package | From | To | | --- | --- | --- | | [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.24` | `0.13.1` | | [serde_json](https://github.com/serde-rs/json) | `1.0.145` | `1.0.149` | | [tokio](https://github.com/tokio-rs/tokio) | `1.48.0` | `1.49.0` | | [uuid](https://github.com/uuid-rs/uuid) | `1.18.1` | `1.19.0` | | [base64](https://github.com/marshallpierce/rust-base64) | `0.21.7` | `0.22.1` | | [hpke](https://github.com/rozbb/rust-hpke) | `0.12.0` | `0.13.0` | | [rand](https://github.com/rust-random/rand) | `0.8.5` | `0.9.2` | | [thiserror](https://github.com/dtolnay/thiserror) | `2.0.17` | `2.0.18` | | [tracing](https://github.com/tokio-rs/tracing) | `0.1.41` | `0.1.44` | | [lru](https://github.com/jeromefroe/lru-rs) | `0.16.2` | `0.16.3` | | [alloy-primitives](https://github.com/alloy-rs/core) | `1.4.1` | `1.5.2` | | [jsonwebtoken](https://github.com/Keats/jsonwebtoken) | `9.3.1` | `10.2.0` | | [tracing-subscriber](https://github.com/tokio-rs/tracing) | `0.3.20` | `0.3.22` | | [chrono](https://github.com/chronotope/chrono) | `0.4.42` | `0.4.43` | | [tempfile](https://github.com/Stebalien/tempfile) | `3.23.0` | `3.24.0` | | [rand_chacha](https://github.com/rust-random/rand) | `0.3.1` | `0.9.0` | | [solana-rpc-client](https://github.com/anza-xyz/agave) | `3.0.10` | `3.1.3` | | [solana-system-interface](https://github.com/anza-xyz/solana-sdk) | `2.0.0` | `3.0.0` | | [bincode](https://github.com/bincode-org/bincode) | `1.3.3` | `3.0.0` | | [solana-transaction](https://github.com/anza-xyz/solana-sdk) | `3.0.1` | `3.0.2` | | [secp256k1](https://github.com/rust-bitcoin/rust-secp256k1) | `0.30.0` | `0.31.1` | | [quote](https://github.com/dtolnay/quote) | `1.0.42` | `1.0.43` | | [syn](https://github.com/dtolnay/syn) | `2.0.109` | `2.0.114` | | [proc-macro2](https://github.com/dtolnay/proc-macro2) | `1.0.103` | `1.0.105` | | [bytes](https://github.com/tokio-rs/bytes) | `1.10.1` | `1.11.0` | Updates `reqwest` from 0.12.24 to 0.13.1 - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](seanmonstar/reqwest@v0.12.24...v0.13.1) Updates `serde_json` from 1.0.145 to 1.0.149 - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@v1.0.145...v1.0.149) Updates `tokio` from 1.48.0 to 1.49.0 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.48.0...tokio-1.49.0) Updates `uuid` from 1.18.1 to 1.19.0 - [Release notes](https://github.com/uuid-rs/uuid/releases) - [Commits](uuid-rs/uuid@v1.18.1...v1.19.0) Updates `base64` from 0.21.7 to 0.22.1 - [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md) - [Commits](marshallpierce/rust-base64@v0.21.7...v0.22.1) Updates `hpke` from 0.12.0 to 0.13.0 - [Changelog](https://github.com/rozbb/rust-hpke/blob/main/CHANGELOG.md) - [Commits](rozbb/rust-hpke@v0.12.0...v0.13.0) Updates `rand` from 0.8.5 to 0.9.2 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](rust-random/rand@0.8.5...rand_core-0.9.2) Updates `thiserror` from 2.0.17 to 2.0.18 - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](dtolnay/thiserror@2.0.17...2.0.18) Updates `tracing` from 0.1.41 to 0.1.44 - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](tokio-rs/tracing@tracing-0.1.41...tracing-0.1.44) Updates `lru` from 0.16.2 to 0.16.3 - [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md) - [Commits](jeromefroe/lru-rs@0.16.2...0.16.3) Updates `alloy-primitives` from 1.4.1 to 1.5.2 - [Release notes](https://github.com/alloy-rs/core/releases) - [Changelog](https://github.com/alloy-rs/core/blob/main/CHANGELOG.md) - [Commits](alloy-rs/core@v1.4.1...v1.5.2) Updates `jsonwebtoken` from 9.3.1 to 10.2.0 - [Changelog](https://github.com/Keats/jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](Keats/jsonwebtoken@v9.3.1...v10.2.0) Updates `tracing-subscriber` from 0.3.20 to 0.3.22 - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](tokio-rs/tracing@tracing-subscriber-0.3.20...tracing-subscriber-0.3.22) Updates `chrono` from 0.4.42 to 0.4.43 - [Release notes](https://github.com/chronotope/chrono/releases) - [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md) - [Commits](chronotope/chrono@v0.4.42...v0.4.43) Updates `tempfile` from 3.23.0 to 3.24.0 - [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md) - [Commits](Stebalien/tempfile@v3.23.0...v3.24.0) Updates `rand_chacha` from 0.3.1 to 0.9.0 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](rust-random/rand@rand_chacha-0.3.1...0.9.0) Updates `solana-rpc-client` from 3.0.10 to 3.1.3 - [Release notes](https://github.com/anza-xyz/agave/releases) - [Changelog](https://github.com/anza-xyz/agave/blob/master/CHANGELOG.md) - [Commits](anza-xyz/agave@v3.0.10...v3.1.3) Updates `solana-system-interface` from 2.0.0 to 3.0.0 - [Release notes](https://github.com/anza-xyz/solana-sdk/releases) - [Commits](https://github.com/anza-xyz/solana-sdk/compare/address@v2.0.0...sdk@v3.0.0) Updates `bincode` from 1.3.3 to 3.0.0 - [Commits](https://github.com/bincode-org/bincode/commits) Updates `solana-transaction` from 3.0.1 to 3.0.2 - [Release notes](https://github.com/anza-xyz/solana-sdk/releases) - [Commits](https://github.com/anza-xyz/solana-sdk/compare/keypair@v3.0.1...transaction@v3.0.2) Updates `secp256k1` from 0.30.0 to 0.31.1 - [Changelog](https://github.com/rust-bitcoin/rust-secp256k1/blob/master/CHANGELOG.md) - [Commits](rust-bitcoin/rust-secp256k1@secp256k1-0.30.0...secp256k1-0.31.1) Updates `quote` from 1.0.42 to 1.0.43 - [Release notes](https://github.com/dtolnay/quote/releases) - [Commits](dtolnay/quote@1.0.42...1.0.43) Updates `syn` from 2.0.109 to 2.0.114 - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](dtolnay/syn@2.0.109...2.0.114) Updates `proc-macro2` from 1.0.103 to 1.0.105 - [Release notes](https://github.com/dtolnay/proc-macro2/releases) - [Commits](dtolnay/proc-macro2@1.0.103...1.0.105) Updates `bytes` from 1.10.1 to 1.11.0 - [Release notes](https://github.com/tokio-rs/bytes/releases) - [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md) - [Commits](tokio-rs/bytes@v1.10.1...v1.11.0) --- updated-dependencies: - dependency-name: reqwest dependency-version: 0.13.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: serde_json dependency-version: 1.0.149 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: tokio dependency-version: 1.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: uuid dependency-version: 1.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: base64 dependency-version: 0.22.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: hpke dependency-version: 0.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: rand dependency-version: 0.9.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: thiserror dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: tracing dependency-version: 0.1.44 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: lru dependency-version: 0.16.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: alloy-primitives dependency-version: 1.5.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: jsonwebtoken dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: tracing-subscriber dependency-version: 0.3.22 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: chrono dependency-version: 0.4.43 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: tempfile dependency-version: 3.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: rand_chacha dependency-version: 0.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: solana-rpc-client dependency-version: 3.1.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: solana-system-interface dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: bincode dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: solana-transaction dependency-version: 3.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: secp256k1 dependency-version: 0.31.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: quote dependency-version: 1.0.43 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: syn dependency-version: 2.0.114 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: proc-macro2 dependency-version: 1.0.105 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: bytes dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-01-19T08:41:01Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability
tokio@1.48.0 ⏵ 1.49.0
reqwest@0.12.24 ⏵ 0.13.1	⁺²
thiserror@2.0.17 ⏵ 2.0.18
proc-macro2@1.0.103 ⏵ 1.0.105
quote@1.0.42 ⏵ 1.0.43
serde_json@1.0.145 ⏵ 1.0.149
secp256k1@0.31.1
solana-system-interface@3.0.0
bincode@3.0.0
solana-transaction@3.0.1 ⏵ 3.0.2
bytes@1.10.1 ⏵ 1.11.0
tracing-subscriber@0.3.20 ⏵ 0.3.22
solana-rpc-client@3.0.10 ⏵ 3.1.3
uuid@1.18.1 ⏵ 1.19.0
tracing@0.1.41 ⏵ 0.1.44
alloy-primitives@1.4.1 ⏵ 1.5.2
tempfile@3.23.0 ⏵ 3.24.0
lru@0.16.2 ⏵ 0.16.3		⁺¹
chrono@0.4.42 ⏵ 0.4.43
jsonwebtoken@9.3.1 ⏵ 10.2.0
hpke@0.12.0 ⏵ 0.13.0
syn@2.0.109 ⏵ 2.0.114

View full report

dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jan 19, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the production-dependencies group across 1 directory with 25 updates#93

Bump the production-dependencies group across 1 directory with 25 updates#93
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/production-dependencies-a46d690a67

dependabot bot commented on behalf of github Jan 19, 2026 •

edited

Loading

Uh oh!

socket-security bot commented Jan 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Jan 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.13.1

What's Changed

v0.13.0

Breaking changes

Pull Requests in General

New Contributors

v0.13.0-rc.1

Main breaking changes

v0.13.1

v0.13.0

v0.12.28

v0.12.27

v0.12.26

v0.12.25

v1.0.149

v1.0.148

v1.0.147

v1.0.146

Tokio v1.49.0

1.49.0 (January 3rd, 2026)

Added

Changed

Fixed

Unstable

Documented

v1.19.0

What's Changed

0.22.1

0.22.0

[0.13.0] - 2025-02-19

Changes

[0.9.2] - 2025-07-20

Deprecated

Additions

[0.9.1] - 2025-04-17

Security and unsafe

Fixes

Changes

Additions

[0.9.0] - 2025-01-27

Security and unsafe

Dependencies

Features

API changes: rand_core traits

API changes: Rng trait and top-level fns

2.0.18

tracing 0.1.44

Fixed

Changed

tracing 0.1.43

Important

Fixed

tracing 0.1.42

Important

Added

Changed

Fixed

v0.16.3 - 2026-01-07

alloy-core v1.5.1

What's Changed

alloy-core v1.5.0

What's Changed

New Contributors

1.5.2 - 2025-12-22

Performance

1.5.1 - 2025-12-18

Features

Miscellaneous Tasks

1.5.0 - 2025-12-16

Bug Fixes

Documentation

Features

Miscellaneous Tasks

Testing

10.2.0 (2025-11-06)

10.1.0 (2025-10-18)

10.0.0 (2025-09-29)

dependabot bot commented on behalf of github Jan 19, 2026 •

edited

Loading