mirror of
https://github.com/servo/servo
synced 2026-04-25 17:15:48 +02:00
6e4a9e85a29a12b54fffaaa118f830d727cd92eb
6186 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
6e4a9e85a2 |
build: bump grid from 1.0.0 to 1.0.1 (#44487)
Bumps [grid](https://github.com/becheran/grid) from 1.0.0 to 1.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/becheran/grid/releases">grid's releases</a>.</em></p> <blockquote> <h2>v1.0.1</h2> <h2>What's Changed</h2> <ul> <li>Add non-allocating delete_row and delete_col methods by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/becheran/grid/pull/70">becheran/grid#70</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/becheran/grid/pull/70">becheran/grid#70</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/becheran/grid/compare/v1.0.0...v1.0.1">https://github.com/becheran/grid/compare/v1.0.0...v1.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
174b9237a8 |
build: bump bitflags from 2.11.0 to 2.11.1 (#44466)
Bumps [bitflags](https://github.com/bitflags/bitflags) from 2.11.0 to 2.11.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bitflags/bitflags/releases">bitflags's releases</a>.</em></p> <blockquote> <h2>2.11.1</h2> <h2>What's Changed</h2> <ul> <li>Bless compile-fail tests for current beta by <a href="https://github.com/DanielEScherzer"><code>@DanielEScherzer</code></a> in <a href="https://redirect.github.com/bitflags/bitflags/pull/478">bitflags/bitflags#478</a></li> <li>example_generated.rs: add missing third slash for doc comment by <a href="https://github.com/DanielEScherzer"><code>@DanielEScherzer</code></a> in <a href="https://redirect.github.com/bitflags/bitflags/pull/477">bitflags/bitflags#477</a></li> <li>Clarify self and other in method docs by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/bitflags/bitflags/pull/481">bitflags/bitflags#481</a></li> <li>Prepare for 2.11.1 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/bitflags/bitflags/pull/482">bitflags/bitflags#482</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/DanielEScherzer"><code>@DanielEScherzer</code></a> made their first contribution in <a href="https://redirect.github.com/bitflags/bitflags/pull/478">bitflags/bitflags#478</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/bitflags/bitflags/compare/2.11.0...2.11.1">https://github.com/bitflags/bitflags/compare/2.11.0...2.11.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md">bitflags's changelog</a>.</em></p> <blockquote> <h1>2.11.1</h1> <h2>What's Changed</h2> <ul> <li>Bless compile-fail tests for current beta by <a href="https://github.com/DanielEScherzer"><code>@DanielEScherzer</code></a> in <a href="https://redirect.github.com/bitflags/bitflags/pull/478">bitflags/bitflags#478</a></li> <li>example_generated.rs: add missing third slash for doc comment by <a href="https://github.com/DanielEScherzer"><code>@DanielEScherzer</code></a> in <a href="https://redirect.github.com/bitflags/bitflags/pull/477">bitflags/bitflags#477</a></li> <li>Clarify self and other in method docs by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/bitflags/bitflags/pull/481">bitflags/bitflags#481</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/DanielEScherzer"><code>@DanielEScherzer</code></a> made their first contribution in <a href="https://redirect.github.com/bitflags/bitflags/pull/478">bitflags/bitflags#478</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/bitflags/bitflags/compare/2.11.0...2.11.1">https://github.com/bitflags/bitflags/compare/2.11.0...2.11.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c1e5ea362d |
build: bump jiff from 0.2.23 to 0.2.24 (#44467)
Bumps [jiff](https://github.com/BurntSushi/jiff) from 0.2.23 to 0.2.24. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/BurntSushi/jiff/blob/master/CHANGELOG.md">jiff's changelog</a>.</em></p> <blockquote> <h1>0.2.24 (2026-04-23)</h1> <p>This release primarily adds a new <code>memory_usage</code> routine for reporting heap allocation sizes for the <code>TimeZone</code> and <code>Zoned</code> types. This release also acknowledges and updates the timeline expectations for a Jiff 1.0 release in <code>README.md</code>.</p> <p>Enhancements:</p> <ul> <li><a href="https://redirect.github.com/BurntSushi/jiff/issues/520">#520</a>: Add <code>memory_usage</code> to the <code>TimeZone</code> and <code>Zoned</code> types.</li> <li><a href="https://redirect.github.com/BurntSushi/jiff/pull/535">#535</a>: Improve comment in <code>Span::checked_add</code> example.</li> </ul> <p>Bug fixes:</p> <ul> <li><a href="https://redirect.github.com/BurntSushi/jiff/pull/541">#541</a>: Update Jiff 1.0 timeline.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
ffa2a72a55 |
build: bump libc from 0.2.185 to 0.2.186 (#44468)
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.185 to 0.2.186. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/releases">libc's releases</a>.</em></p> <blockquote> <h2>0.2.186</h2> <h3>Added</h3> <ul> <li>Apple: Add <code>KEVENT_FLAG_*</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/5070">#5070</a>)</li> <li>Linux: Add <code>PR_SET_MEMORY_MERGE</code> and <code>PR_GET_MEMORY_MERGE</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/5060">#5060</a>)</li> </ul> <h3>Changed</h3> <ul> <li>CI: Migrate FreeBSD CI from Cirrus CI to GitHub Actions (<a href="https://redirect.github.com/rust-lang/libc/pull/5058">#5058</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/blob/0.2.186/CHANGELOG.md">libc's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/rust-lang/libc/compare/0.2.185...0.2.186">0.2.186</a> - 2026-04-24</h2> <h3>Added</h3> <ul> <li>Apple: Add <code>KEVENT_FLAG_*</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/5070">#5070</a>)</li> <li>Linux: Add <code>PR_SET_MEMORY_MERGE</code> and <code>PR_GET_MEMORY_MERGE</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/5060">#5060</a>)</li> </ul> <h3>Changed</h3> <ul> <li>CI: Migrate FreeBSD CI from Cirrus CI to GitHub Actions (<a href="https://redirect.github.com/rust-lang/libc/pull/5058">#5058</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b0d512c435 |
build: bump hyper-rustls from 0.27.8 to 0.27.9 (#44449)
Bumps [hyper-rustls](https://github.com/rustls/hyper-rustls) from 0.27.8 to 0.27.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/hyper-rustls/releases">hyper-rustls's releases</a>.</em></p> <blockquote> <h2>0.27.9</h2> <p>This release fixes the accidental omission of the ISC license in the published crate.</p> <h2>What's Changed</h2> <ul> <li>Bump rustls from 0.23.37 to 0.23.38 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/rustls/hyper-rustls/pull/339">rustls/hyper-rustls#339</a></li> <li>Fix ISC license include, prepare 0.27.9 by <a href="https://github.com/cpu"><code>@cpu</code></a> in <a href="https://redirect.github.com/rustls/hyper-rustls/pull/340">rustls/hyper-rustls#340</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/hyper-rustls/compare/v/0.27.8...v/0.27.9">https://github.com/rustls/hyper-rustls/compare/v/0.27.8...v/0.27.9</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Gae24
|
e2f17e0d28 |
deps: Bump jni-rs to 0.22 (#44322)
Update jni-rs to 0.22, the main changes involve the introduction of `with_env` within native methods, and updating uses of `attach_current_thread`, which now requires a closure passed to it. Callback object is now stored inside a `OnceLock`, since it would crash when it was deleted, probably once a `WakeupCallback` was dropped: ``` JNI DETECTED ERROR IN APPLICATION: JNI ERROR (app bug): jobject is an invalid global reference: 0x2fc6 (deleted reference at index 382) ``` Also update android-activity and rustls-platform-verifier. Testing: We don't have android tests in CI, manual testing is required Fixes: Part of #40979 --------- Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com> |
||
|
Jonathan Schwender
|
0ea42bc774 |
profile: Add instrumentation to startup related functions (#44456)
Follow-up to #44443. This helps investigating the cold-start timeline, and could be used by tooling to A/B compare branches affecting the cold-start time. Additionally also change the `handle_request::select` span, so that we can see the blocked time (which was probably what was intended), since the actual time spent on recv after select is insignificant. Testing: Tracing output is not covered by automatic tests. --------- Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com> |
||
|
Jonathan Schwender
|
d0b2337118 |
mozjs: Fix make 4.4 broken parallel compilation (#44346)
Companion PR to https://github.com/servo/mozjs/pull/735. This bumps mozjs to the latest version 0.15.9. The changes were reviewed in the linked PR. Testing: This changes behavior when using `make` 4.4 and compiling mozjs from source in CI. This path is not exercised in CI, since Ubuntu 24.04 still ships make 4.3. Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com> |
||
|
dependabot[bot]
|
e611a186be |
build: bump typenum from 1.19.0 to 1.20.0 (#44451)
Bumps [typenum](https://github.com/paholg/typenum) from 1.19.0 to 1.20.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/paholg/typenum/releases">typenum's releases</a>.</em></p> <blockquote> <h2>v1.20.0</h2> <h2>Commits</h2> <ul> <li>77b877d: remove deprecated features, replace build script with pre-generated tests (<a href="https://redirect.github.com/paholg/typenum/issues/237">#237</a>) (Cathal) <a href="https://redirect.github.com/paholg/typenum/pull/237">#237</a></li> <li>4d5f26b: Add tuple operations (<a href="https://redirect.github.com/paholg/typenum/issues/242">#242</a>) (grenewode) <a href="https://redirect.github.com/paholg/typenum/pull/242">#242</a></li> <li>c755e2f: Version 1.20.0 (Paho Lurie-Gregg)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/paholg/typenum/blob/main/CHANGELOG.md">typenum's changelog</a>.</em></p> <blockquote> <h3>1.20.0 (2026-04-18)</h3> <ul> <li>[removed] Removed <code>no_std</code> feature flag (deprecated since 1.3.0)</li> <li>[removed] Removed <code>force_unix_path_separator</code> feature flag (deprecated since 1.17.0)</li> <li>[changed] Replaced <code>build.rs</code> script with pre-generated test files</li> <li>[added] Indexing into tuples</li> <li>[changed] MSRV now 1.41.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
82370a7cab |
build: bump clap from 4.6.0 to 4.6.1 (#44450)
Bumps [clap](https://github.com/clap-rs/clap) from 4.6.0 to 4.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.6.1</h2> <h2>[4.6.1] - 2026-04-15</h2> <h3>Fixes</h3> <ul> <li><em>(derive)</em> Ensure rebuilds happen when an read env variable is changed</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.6.1] - 2026-04-15</h2> <h3>Fixes</h3> <ul> <li><em>(derive)</em> Ensure rebuilds happen when an read env variable is changed</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
1c4b0b57b8 |
build: bump rustls from 0.23.38 to 0.23.39 (#44448)
Bumps [rustls](https://github.com/rustls/rustls) from 0.23.38 to 0.23.39. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
609f50d680 |
build: bump pastey from 0.2.1 to 0.2.2 (#44447)
Bumps [pastey](https://github.com/as1100k/pastey) from 0.2.1 to 0.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/as1100k/pastey/releases">pastey's releases</a>.</em></p> <blockquote> <h2>v0.2.2</h2> <h2>What's Changed</h2> <ul> <li>Fix Rust 1.56 compatibility: Handle None-delimited groups in replace modifier in <a href="https://redirect.github.com/AS1100K/pastey/pull/25">AS1100K/pastey#25</a></li> <li>increase the code coverage by <a href="https://github.com/bharatGoswami8"><code>@bharatGoswami8</code></a> in <a href="https://redirect.github.com/AS1100K/pastey/pull/28">AS1100K/pastey#28</a></li> <li>add coverage on CI by <a href="https://github.com/bharatGoswami8"><code>@bharatGoswami8</code></a> in <a href="https://redirect.github.com/AS1100K/pastey/pull/30">AS1100K/pastey#30</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bharatGoswami8"><code>@bharatGoswami8</code></a> made their first contribution in <a href="https://redirect.github.com/AS1100K/pastey/pull/28">AS1100K/pastey#28</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/AS1100K/pastey/blob/master/CHANGELOG.md#022---2026-04-23"><code>CHANGELOG.md</code></a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/AS1100K/pastey/blob/master/CHANGELOG.md">pastey's changelog</a>.</em></p> <blockquote> <h2>[0.2.2] - 2026-04-23</h2> <h3>Improved</h3> <ul> <li>Improved Code Coverage <a href="https://redirect.github.com/AS1100K/pastey/pull/28">#28</a>, <a href="https://redirect.github.com/AS1100K/pastey/pull/30">#30</a></li> </ul> <h3>Fixed</h3> <ul> <li>Rust 1.56 compatibility: Handling None-delimited groups in replace modifier <a href="https://redirect.github.com/AS1100K/pastey/pull/25">#25</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
412f98b9bb |
build: bump dbus from 0.9.10 to 0.9.11 (#44446)
Bumps [dbus](https://github.com/diwic/dbus-rs) from 0.9.10 to 0.9.11. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Narfinger
|
c2b88ff7f5 |
media: Switch to workspace dependencies and minor cleanup (#44428)
This PR makes minor cleanup in the media crates: - Switch dependencies to workspace dependencies if they are already included in the main Cargo.toml - Switch from crate serde_derive to serde with feature flag derive. - Switch from the separate crate for OnceCell to the std provided LazyLock. - Update num_complex Testing: The only functional changes are either slight version bumps, the replacement to LazyLock which is conservative and the num_complex update which also shouldn't have any behavior changes. --------- Signed-off-by: Narfinger <Narfinger@users.noreply.github.com> |
||
|
dependabot[bot]
|
7007dc4346 |
build: bump rustls-webpki from 0.103.12 to 0.103.13 (#44419)
Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.103.12 to 0.103.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/webpki/releases">rustls-webpki's releases</a>.</em></p> <blockquote> <h2>0.103.13</h2> <ul> <li><strong>Fix reachable panic in parsing a CRL</strong>. This was reported to us as <a href="https://github.com/rustls/webpki/security/advisories/GHSA-82j2-j2ch-gfr8">GHSA-82j2-j2ch-gfr8</a>. Users who don't use CRLs are not affected.</li> <li>For name constraints on URI names, we incorrectly processed excluded subtrees in a way which inverted the desired meaning. See <a href="https://redirect.github.com/rustls/webpki/pull/471">rustls/webpki#471</a>. This was a case missing in the fix for <a href="https://github.com/advisories/GHSA-965h-392x-2mh5">https://github.com/advisories/GHSA-965h-392x-2mh5</a>.</li> </ul> <h2>What's Changed</h2> <ul> <li>Actually fail closed for URI matching against excluded subtrees by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki/pull/473">rustls/webpki#473</a></li> <li>Prepare 0.103.13 by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki/pull/474">rustls/webpki#474</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13">https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d995e90976 |
build: bump webpki-roots from 1.0.6 to 1.0.7 (#44418)
Bumps [webpki-roots](https://github.com/rustls/webpki-roots) from 1.0.6 to 1.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/webpki-roots/releases">webpki-roots's releases</a>.</em></p> <blockquote> <h2>1.0.7</h2> <p>For their April 2026 root store changes, Mozilla has made more changes than usual:</p> <blockquote> <p>These changes are part of Mozilla’s ongoing root store maintenance under the Mozilla Root Store Policy (MRSP), including <a href="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#74-root-ca-lifecycles">§7.4</a> (Root CA Lifecycles) and <a href="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#753-transition-plan-for-existing-roots">§7.5.3</a> (Transition Plans). They reflect a combination of lifecycle-based transitions, CA operator requests, and alignment with intended certificate usage, including retiring older or less suitable root certificates, enforcing clear separation of trust purposes (e.g., TLS vs. S/MIME), and reducing unnecessary trust surface in the Web PKI ecosystem. Collectively, these actions help to ensure that root certificates are relied upon only for their intended and actively maintained use cases, or are retired in accordance with established distrust timelines.</p> </blockquote> <p>This removes:</p> <ul> <li>CN=Certigna O=Dhimyotis</li> <li>CN=COMODO Certification Authority O=COMODO CA Limited</li> <li>CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=FIRMAPROFESIONAL CA ROOT-A WEB O=Firmaprofesional SA</li> <li>CN=GTS Root R2 O=Google Trust Services LLC</li> <li>CN=QuoVadis Root CA 2 O=QuoVadis Limited</li> <li>CN=QuoVadis Root CA 3 O=QuoVadis Limited</li> <li>CN=Secure Global CA O=SecureTrust Corporation</li> <li>CN=SecureTrust CA O=SecureTrust Corporation</li> <li>CN=SwissSign Gold CA - G2 O=SwissSign AG</li> <li>CN=TeliaSonera Root CA v1 O=TeliaSonera</li> <li>CN=Trustwave Global Certification Authority O=Trustwave Holdings, Inc.</li> <li>CN=Trustwave Global ECC P256 Certification Authority O=Trustwave Holdings, Inc.</li> <li>CN=Trustwave Global ECC P384 Certification Authority O=Trustwave Holdings, Inc.</li> <li>O=certSIGN OU=certSIGN ROOT CA</li> </ul> <p>See <a href="https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/o1VliD70ctg/m/pY0JBzTlAQAJ?pli=1">their announcement</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Take semver-compatible dependency updates by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/116">rustls/webpki-roots#116</a></li> <li>Take semver-compatible dependency updates by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/117">rustls/webpki-roots#117</a></li> <li>Take semver-compatible updates by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/118">rustls/webpki-roots#118</a></li> <li>Prepare 1.0.7 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/120">rustls/webpki-roots#120</a></li> <li>Update dependencies by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/119">rustls/webpki-roots#119</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/webpki-roots/compare/v/1.0.6...v/1.0.7">https://github.com/rustls/webpki-roots/compare/v/1.0.6...v/1.0.7</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4d56440d4e |
build: bump bpaf from 0.9.24 to 0.9.25 (#44416)
Bumps [bpaf](https://github.com/pacak/bpaf) from 0.9.24 to 0.9.25. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pacak/bpaf/blob/master/Changelog.md">bpaf's changelog</a>.</em></p> <blockquote> <h2>bpaf [0.9.25] - 2026-04-15</h2> <ul> <li>Change rendering of an adjacent block in Markdown - this is no longer a <code>###</code> but a regular line item instead. Header messes up with generated navigation on some pages</li> <li><code>app_name</code> - parser that extracts the executable name</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/pacak/bpaf/commits/v0.9.25">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
c75eea95c3 |
build: bump webpki-root-certs from 1.0.6 to 1.0.7 (#44415)
Bumps [webpki-root-certs](https://github.com/rustls/webpki-roots) from 1.0.6 to 1.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/webpki-roots/releases">webpki-root-certs's releases</a>.</em></p> <blockquote> <h2>1.0.7</h2> <p>For their April 2026 root store changes, Mozilla has made more changes than usual:</p> <blockquote> <p>These changes are part of Mozilla’s ongoing root store maintenance under the Mozilla Root Store Policy (MRSP), including <a href="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#74-root-ca-lifecycles">§7.4</a> (Root CA Lifecycles) and <a href="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#753-transition-plan-for-existing-roots">§7.5.3</a> (Transition Plans). They reflect a combination of lifecycle-based transitions, CA operator requests, and alignment with intended certificate usage, including retiring older or less suitable root certificates, enforcing clear separation of trust purposes (e.g., TLS vs. S/MIME), and reducing unnecessary trust surface in the Web PKI ecosystem. Collectively, these actions help to ensure that root certificates are relied upon only for their intended and actively maintained use cases, or are retired in accordance with established distrust timelines.</p> </blockquote> <p>This removes:</p> <ul> <li>CN=Certigna O=Dhimyotis</li> <li>CN=COMODO Certification Authority O=COMODO CA Limited</li> <li>CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com</li> <li>CN=FIRMAPROFESIONAL CA ROOT-A WEB O=Firmaprofesional SA</li> <li>CN=GTS Root R2 O=Google Trust Services LLC</li> <li>CN=QuoVadis Root CA 2 O=QuoVadis Limited</li> <li>CN=QuoVadis Root CA 3 O=QuoVadis Limited</li> <li>CN=Secure Global CA O=SecureTrust Corporation</li> <li>CN=SecureTrust CA O=SecureTrust Corporation</li> <li>CN=SwissSign Gold CA - G2 O=SwissSign AG</li> <li>CN=TeliaSonera Root CA v1 O=TeliaSonera</li> <li>CN=Trustwave Global Certification Authority O=Trustwave Holdings, Inc.</li> <li>CN=Trustwave Global ECC P256 Certification Authority O=Trustwave Holdings, Inc.</li> <li>CN=Trustwave Global ECC P384 Certification Authority O=Trustwave Holdings, Inc.</li> <li>O=certSIGN OU=certSIGN ROOT CA</li> </ul> <p>See <a href="https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/o1VliD70ctg/m/pY0JBzTlAQAJ?pli=1">their announcement</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Take semver-compatible dependency updates by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/116">rustls/webpki-roots#116</a></li> <li>Take semver-compatible dependency updates by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/117">rustls/webpki-roots#117</a></li> <li>Take semver-compatible updates by <a href="https://github.com/ctz"><code>@ctz</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/118">rustls/webpki-roots#118</a></li> <li>Prepare 1.0.7 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/120">rustls/webpki-roots#120</a></li> <li>Update dependencies by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki-roots/pull/119">rustls/webpki-roots#119</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/webpki-roots/compare/v/1.0.6...v/1.0.7">https://github.com/rustls/webpki-roots/compare/v/1.0.6...v/1.0.7</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4322792c84 |
build: bump h2 from 0.4.12 to 0.4.13 (#44414)
Bumps [h2](https://github.com/hyperium/h2) from 0.4.12 to 0.4.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hyperium/h2/releases">h2's releases</a>.</em></p> <blockquote> <h2>v0.4.13</h2> <h2>What's Changed</h2> <ul> <li>Implement HTTP/2 informational responses (1xx) support by <a href="https://github.com/apu031"><code>@apu031</code></a> in <a href="https://redirect.github.com/hyperium/h2/pull/865">hyperium/h2#865</a></li> <li>fix: Unparent connection span by <a href="https://github.com/Jesse-Bakker"><code>@Jesse-Bakker</code></a> in <a href="https://redirect.github.com/hyperium/h2/pull/868">hyperium/h2#868</a></li> <li>fix: auto-release padding from DATA frames by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/hyperium/h2/pull/869">hyperium/h2#869</a></li> <li>fix: do not assign capacity for pending streams by <a href="https://github.com/benjaminp"><code>@benjaminp</code></a> in <a href="https://redirect.github.com/hyperium/h2/pull/860">hyperium/h2#860</a></li> <li>perf: reduce huffman decode table size by <a href="https://github.com/ariaandika"><code>@ariaandika</code></a> in <a href="https://redirect.github.com/hyperium/h2/pull/871">hyperium/h2#871</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jesse-Bakker"><code>@Jesse-Bakker</code></a> made their first contribution in <a href="https://redirect.github.com/hyperium/h2/pull/868">hyperium/h2#868</a></li> <li><a href="https://github.com/ariaandika"><code>@ariaandika</code></a> made their first contribution in <a href="https://redirect.github.com/hyperium/h2/pull/871">hyperium/h2#871</a></li> <li><a href="https://github.com/apu031"><code>@apu031</code></a> made their first contribution in <a href="https://redirect.github.com/hyperium/h2/pull/865">hyperium/h2#865</a></li> <li><a href="https://github.com/benjaminp"><code>@benjaminp</code></a> made their first contribution in <a href="https://redirect.github.com/hyperium/h2/pull/860">hyperium/h2#860</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/hyperium/h2/compare/v0.4.12...v0.4.13">https://github.com/hyperium/h2/compare/v0.4.12...v0.4.13</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hyperium/h2/blob/master/CHANGELOG.md">h2's changelog</a>.</em></p> <blockquote> <h1>0.4.13 (January 5, 2026)</h1> <ul> <li>Add support for 1xx informational responses on client and server side.</li> <li>Fix auto-releasing of padding bytes of DATA frames for flow control windows.</li> <li>Fix to stop assigning capacity to pending streams which can't use it yet.</li> <li>Fix tracing to not grab the parent for the connection span.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a65769ae98 |
build: bump glslopt from 0.1.12 to 0.1.13 (#44413)
Bumps [glslopt](https://github.com/jamienicol/glslopt-rs) from 0.1.12 to 0.1.13. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/jamienicol/glslopt-rs/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
9ba9916bad |
build: bump aws-lc-rs from 1.16.2 to 1.16.3 (#44379)
Bumps [aws-lc-rs](https://github.com/aws/aws-lc-rs) from 1.16.2 to 1.16.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws/aws-lc-rs/releases">aws-lc-rs's releases</a>.</em></p> <blockquote> <h2>aws-lc-rs v1.16.3</h2> <h2>What's Changed</h2> <ul> <li>Key length validation in <code>UnboundCipherKey::new()</code> now enforced at runtime by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1092">aws/aws-lc-rs#1092</a> <ul> <li>The documented error on key length mismatch was never actually checked. Streaming cipher constructors also relied on <code>debug_assert_eq!</code> which gets stripped in release builds — these are now runtime checks.</li> </ul> </li> <li>Support MSAN and TSAN sanitizer builds via <code>AWS_LC_SYS_SANITIZER</code> environment variable by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1100">aws/aws-lc-rs#1100</a> <ul> <li>Accepts <code>asan</code>, <code>msan</code>, or <code>tsan</code>. The existing <code>asan</code> feature flag continues to work.</li> </ul> </li> </ul> <h3>Build Improvements</h3> <ul> <li>Follow symlinks when classifying include directory entries by <a href="https://github.com/cmtm"><code>@cmtm</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1071">aws/aws-lc-rs#1071</a> <ul> <li>Fixes builds under Bazel (and other build systems) where source files in <code>CARGO_MANIFEST_DIR</code> are symlinks into a content-addressable store.</li> </ul> </li> <li>Improve clang-cl discovery for Windows ARM64 builds by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1060">aws/aws-lc-rs#1060</a> <ul> <li>The build script now discovers <code>clang-cl</code> inside Visual Studio installations rather than requiring it on <code>PATH</code>.</li> </ul> </li> <li>Fix Windows ARM64 FIPS build: pass correct architecture to <code>vcvarsall.bat</code> by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1075">aws/aws-lc-rs#1075</a></li> <li>Strip LTO flags from CFLAGS for FIPS builds by <a href="https://github.com/skmcgrail"><code>@skmcgrail</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1087">aws/aws-lc-rs#1087</a> <ul> <li>Build environments like RPM mock chroots (e.g. AL2023) that export <code>-flto=auto</code> in CFLAGS would break the FIPS delocator pipeline.</li> </ul> </li> <li>MSVC: Fix builtin swap intrinsic check to avoid link-time failures by <a href="https://github.com/walter-zeromatter"><code>@walter-zeromatter</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1086">aws/aws-lc-rs#1086</a></li> <li>MSVC: Add jitterentropy <code>src</code> subdirectory to include search path by <a href="https://github.com/walter-zeromatter"><code>@walter-zeromatter</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1085">aws/aws-lc-rs#1085</a></li> <li>MSVC: Use 8.3 short paths on Windows to avoid MAX_PATH limits by <a href="https://github.com/walter-zeromatter"><code>@walter-zeromatter</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1081">aws/aws-lc-rs#1081</a></li> </ul> <h3>Issues Being Closed</h3> <ul> <li>Clarify that build needs to run from VS Developer shell for Windows builds -- <a href="https://redirect.github.com/aws/aws-lc-rs/issues/1056">aws/aws-lc-rs#1056</a></li> <li>Add MSAN (MemorySanitizer) support, matching existing ASAN support -- <a href="https://redirect.github.com/aws/aws-lc-rs/issues/1077">aws/aws-lc-rs#1077</a></li> <li>aws-lc-sys fails to compile on iOS arm64 with Clang 15.0.7: undeclared ioctl in urandom.c -- <a href="https://redirect.github.com/aws/aws-lc-rs/issues/1068">aws/aws-lc-rs#1068</a></li> </ul> <h2>Other Merged PRs</h2> <ul> <li>Prepare aws-lc-sys v0.39.1 by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1080">aws/aws-lc-rs#1080</a></li> <li>Bump aws-lc-fips-sys to v0.13.14 by <a href="https://github.com/skmcgrail"><code>@skmcgrail</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1088">aws/aws-lc-rs#1088</a></li> <li>CI: Harden artifact workflows and update action versions by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1091">aws/aws-lc-rs#1091</a></li> <li>Bump actions/checkout from 4 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1096">aws/aws-lc-rs#1096</a></li> <li>Bump actions/setup-go from 4 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1095">aws/aws-lc-rs#1095</a></li> <li>Bump codecov/codecov-action from 4 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1094">aws/aws-lc-rs#1094</a></li> <li>Prepare aws-lc-rs v1.16.3 by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1098">aws/aws-lc-rs#1098</a></li> <li>Prepare aws-lc-sys v0.40.0 by <a href="https://github.com/justsmth"><code>@justsmth</code></a> in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1099">aws/aws-lc-rs#1099</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/cmtm"><code>@cmtm</code></a> made their first contribution in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1071">aws/aws-lc-rs#1071</a></li> <li><a href="https://github.com/walter-zeromatter"><code>@walter-zeromatter</code></a> made their first contribution in <a href="https://redirect.github.com/aws/aws-lc-rs/pull/1086">aws/aws-lc-rs#1086</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/aws/aws-lc-rs/compare/v1.16.2...v1.16.3">https://github.com/aws/aws-lc-rs/compare/v1.16.2...v1.16.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
93e413093f |
build: bump tokio from 1.52.0 to 1.52.1 in the tokio-rs-related group (#44377)
Bumps the tokio-rs-related group with 1 update: [tokio](https://github.com/tokio-rs/tokio). Updates `tokio` from 1.52.0 to 1.52.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.52.1</h2> <h1>1.52.1 (April 16th, 2026)</h1> <h2>Fixed</h2> <ul> <li>runtime: revert <a href="https://redirect.github.com/tokio-rs/tokio/issues/7757">#7757</a> to fix [a regression]<a href="https://redirect.github.com/tokio-rs/tokio/issues/8056">#8056</a> that causes <code>spawn_blocking</code> to hang (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8057">#8057</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7757">#7757</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7757">tokio-rs/tokio#7757</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8056">#8056</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8056">tokio-rs/tokio#8056</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8057">#8057</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8057">tokio-rs/tokio#8057</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c04dc7e77b |
build: bump uuid from 1.23.0 to 1.23.1 (#44380)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.23.0 to 1.23.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uuid-rs/uuid/releases">uuid's releases</a>.</em></p> <blockquote> <h2>v1.23.1</h2> <h2>What's Changed</h2> <ul> <li>Remove deprecated <code>msrv</code> feature from wasm-bindgen dependency by <a href="https://github.com/guybedford"><code>@guybedford</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/877">uuid-rs/uuid#877</a></li> <li>fix: Timestamp::from_gregorian deprecation note by <a href="https://github.com/aznashwan"><code>@aznashwan</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/878">uuid-rs/uuid#878</a></li> <li>Prepare for 1.23.1 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/879">uuid-rs/uuid#879</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/guybedford"><code>@guybedford</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/877">uuid-rs/uuid#877</a></li> <li><a href="https://github.com/aznashwan"><code>@aznashwan</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/878">uuid-rs/uuid#878</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/uuid-rs/uuid/compare/v1.23.0...v1.23.1">https://github.com/uuid-rs/uuid/compare/v1.23.0...v1.23.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
e33b20e445 |
build: bump orbclient from 0.3.51 to 0.3.53 (#44382)
Bumps orbclient from 0.3.51 to 0.3.53. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
f41e1513d9 |
build: bump atomic_refcell from 0.1.13 to 0.1.14 (#44381)
Bumps [atomic_refcell](https://github.com/mozilla/atomic_refcell) from 0.1.13 to 0.1.14. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/mozilla/atomic_refcell/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Nico Burns
|
2c91740059 |
Use our own http server for the webdriver server (#44338)
Helps with: https://github.com/servo/servo/issues/38776. Reduces total Servo crate count by 7 (977 -> 970). This PR simply: - Disables the `server` feature in the `webdriver` crate - Vendors the implementation of the server from the `webdriver` crate - Updates dependencies + fixes code to work with new versions Unfortunately `webdriver` depends on `http` even with the `server` feature disabled, so we still end up with duplicate versions of `http`. But at least the duplicate `hyper` is eliminated. Future work could change the implementation to e.g. move away from `warp` or similar. Testing: WPT tests use webdriver, so this should be exercised heavily by those tests. --------- Signed-off-by: Nico Burns <nico@nicoburns.com> |
||
|
Simon Wülker
|
18d3ad5252 |
script: Support shadowrootslotassignment on template elements (#44246)
This brings up to date with the specification for declarative shadow roots: https://github.com/whatwg/html/pull/12267. The `shadowrootslotassignment` attribute on `<template>` elements specifies the slot assignment mode used by the declarative shadow root created by the template. Testing: New tests start to pass --------- Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> |
||
|
Narfinger
|
68ca2808ee |
net: Refactor obtain_response and split devtools (#44271)
This PR refactors parts of the net crate with one minor functional change. Most of the main functions in the net crate are quite long and rather unwieldly. This PR tries to help make them more understandable. - Split parts of obtain_response to have the Router callback setup in another function. - Move functions related to devtools into another file. - Add some servo_tracing. - http_network_or_cache_fetch has another function for append_cache_data to headers. - One functional change: previously in obtain_response, we used the encoded_url via copies and multiple replace calls. We now use the percent_encode crate which is already included in content_security_policy to do this a bit more efficiently. In practice the compiler probably fixed the multiple copies but this is more straightforward. The output should be identical. Testing: As this is mostly a refactor compilation is the test. The percent_encode change is tested in multiple unit tests. --------- Signed-off-by: Narfinger <Narfinger@users.noreply.github.com> |
||
|
Martin Robinson
|
789974975f |
layout: Remove dependency on xi-unicode (#44303)
This functionality already provided by `icu_properties` which is already in our dependency graph, so this change allows us to remove one dependency. Testing: This should not change behavior, so is covered by existing tests. Signed-off-by: Martin Robinson <mrobinson@igalia.com> |
||
|
Simon Wülker
|
fdf1e09a2a |
style: When animating a property, ignore keyframes that don't declare that property (#43461)
Companion PR for https://github.com/servo/stylo/pull/338 (Refer to that PR for a proper description) Testing: This change adds a test Fixes: https://github.com/servo/servo/issues/41302 --------- Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> |
||
|
Nico Burns
|
df3f915465 |
layout: depend on web_atoms rather than html5ever (#44277)
`servo-layout` only depends on `html5ever` for it's atom types which are now split out into the `web_atoms` crate. This switches the dependency to `web_atoms` to remove the unncessary dependency Testing: This just imports the same types from a different crate. So if it builds, it should work. Signed-off-by: Nico Burns <nico@nicoburns.com> |
||
|
Euclid Ye
|
1099aceb39 |
deps: Unblock CI by upgrading rustls-webpki to 0.103.12 (#44229)
[rustls-webpki](https://rustsec.org/packages/rustls-webpki.html) has [vulnerability report](https://rustsec.org/advisories/RUSTSEC-2026-0098.html). This is fixed in newer 0.103.12. Testing: Cargo deny will now pass causing the CI to pass. Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com> |
||
|
Kelechi Ebiri
|
a2213091c4 |
script: Implement wake lock api (#43617)
Implement the WakeLock API Fixes: #41493 --------- Signed-off-by: Kelechi Ebiri <ebiritg@gmail.com> |
||
|
dependabot[bot]
|
54f466fdcb |
build: bump indexmap from 2.11.4 to 2.14.0 (#44220)
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.11.4 to 2.14.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md">indexmap's changelog</a>.</em></p> <blockquote> <h2>2.14.0 (2026-04-09)</h2> <ul> <li><strong>MSRV</strong>: Rust 1.85.0 or later is now required.</li> <li>Updated the <code>hashbrown</code> dependency to 0.17.</li> <li>Made more <code>map::Slice</code> methods <code>const</code>: <code>new_mut</code>, <code>first_mut</code>, <code>last_mut</code>, <code>split_at_mut</code>, <code>split_at_mut_checked</code>, <code>split_first_mut</code>, <code>split_last_mut</code></li> </ul> <h2>2.13.1 (2026-04-02)</h2> <ul> <li>Made some <code>Slice</code> methods <code>const</code>: <ul> <li><code>map::Slice::{first,last,split_at,split_at_checked,split_first,split_last}</code></li> <li><code>set::Slice::{first,last,split_at,split_at_checked,split_first,split_last}</code></li> </ul> </li> </ul> <h2>2.13.0 (2026-01-07)</h2> <ul> <li>Implemented <code>Clone</code> for <code>IntoKeys</code> and <code>IntoValues</code>.</li> <li>Added <code>map::Slice::split_at_checked</code> and <code>split_at_mut_checked</code>.</li> <li>Added <code>set::Slice::split_at_checked</code>.</li> </ul> <h2>2.12.1 (2025-11-20)</h2> <ul> <li>Simplified a lot of internals using <code>hashbrown</code>'s new bucket API.</li> </ul> <h2>2.12.0 (2025-10-17)</h2> <ul> <li><strong>MSRV</strong>: Rust 1.82.0 or later is now required.</li> <li>Updated the <code>hashbrown</code> dependency to 0.16 alone.</li> <li>Error types now implement <code>core::error::Error</code>.</li> <li>Added <code>pop_if</code> methods to <code>IndexMap</code> and <code>IndexSet</code>, similar to the method for <code>Vec</code> added in Rust 1.86.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
da6aaf7eb9 |
build: bump thin-vec from 0.2.15 to 0.2.16 (#44219)
Bumps [thin-vec](https://github.com/mozilla/thin-vec) from 0.2.15 to 0.2.16. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mozilla/thin-vec/blob/main/RELEASES.md">thin-vec's changelog</a>.</em></p> <blockquote> <h1>Version 0.2.16 (2026-04-14)</h1> <ul> <li>Fix reserve() on auto arrays in gecko-ffi mode.</li> <li>Fix two double-drop issues with ThinVec::clear() and ThinVec::into_iter() when the Drop implementation of the item panics.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0fc59f67ed |
build: bump rayon from 1.11.0 to 1.12.0 (#44218)
Bumps [rayon](https://github.com/rayon-rs/rayon) from 1.11.0 to 1.12.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rayon-rs/rayon/blob/main/RELEASES.md">rayon's changelog</a>.</em></p> <blockquote> <h1>Release rayon 1.12.0 (2026-04-13)</h1> <ul> <li>Fixed a bug in parallel <code>Range<char></code> when the end is 0xE000, just past the surrogate boundary, which was unsafely producing invalid <code>char</code> values.</li> <li>The new method <code>ParallelSlice::par_array_windows</code> works like <code>par_windows</code> but with a constant length, producing <code>&[T; N]</code> items.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a2fa5a8ab8 |
build: bump tokio from 1.51.1 to 1.52.0 in the tokio-rs-related group (#44217)
Bumps the tokio-rs-related group with 1 update: [tokio](https://github.com/tokio-rs/tokio). Updates `tokio` from 1.51.1 to 1.52.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.52.0</h2> <h1>1.52.0 (April 14th, 2026)</h1> <h2>Added</h2> <ul> <li>io: <code>AioSource::register_borrowed</code> for I/O safety support (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7992">#7992</a>)</li> <li>net: add <code>try_io</code> function to <code>unix::pipe</code> sender and receiver types (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8030">#8030</a>)</li> </ul> <h2>Added (unstable)</h2> <ul> <li>runtime: <code>Builder::enable_eager_driver_handoff</code> setting enable eager hand off of the I/O and time drivers before polling tasks (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8010">#8010</a>)</li> <li>taskdump: add <code>trace_with()</code> for customized task dumps (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8025">#8025</a>)</li> <li>taskdump: allow <code>impl FnMut()</code> in <code>trace_with</code> instead of just <code>fn()</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8040">#8040</a>)</li> <li>fs: support <code>io_uring</code> in <code>AsyncRead</code> for <code>File</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7907">#7907</a>)</li> </ul> <h2>Changed</h2> <ul> <li>runtime: improve <code>spawn_blocking</code> scalability with sharded queue (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7757">#7757</a>)</li> <li>runtime: use <code>compare_exchange_weak()</code> in worker queue (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8028">#8028</a>)</li> </ul> <h2>Fixed</h2> <ul> <li>runtime: overflow second half of tasks when local queue is filled instead of first half (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8029">#8029</a>)</li> </ul> <h2>Documented</h2> <ul> <li>docs: fix typo in <code>oneshot::Sender::send</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8026">#8026</a>)</li> <li>docs: hide #[tokio::main] attribute in the docs of <code>sync::watch</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8035">#8035</a>)</li> <li>net: add docs on <code>ConnectionRefused</code> errors with UDP sockets (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7870">#7870</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7757">#7757</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7757">tokio-rs/tokio#7757</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7870">#7870</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7870">tokio-rs/tokio#7870</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7907">#7907</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7907">tokio-rs/tokio#7907</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7992">#7992</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7992">tokio-rs/tokio#7992</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8010">#8010</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8010">tokio-rs/tokio#8010</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8025">#8025</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8025">tokio-rs/tokio#8025</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8026">#8026</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8026">tokio-rs/tokio#8026</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8028">#8028</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8028">tokio-rs/tokio#8028</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8029">#8029</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8029">tokio-rs/tokio#8029</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8030">#8030</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8030">tokio-rs/tokio#8030</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8035">#8035</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8035">tokio-rs/tokio#8035</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8040">#8040</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8040">tokio-rs/tokio#8040</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Alice
|
d11fc3a1c6 |
layout: Add a basic accessibility tree implementation for web contents (#42338)
This change introduces the `accessibility_tree` module, containing code to build an in-memory representation of a very basic accessibility tree for web contents. Currently, the tree for a given document contains: - a `RootWebArea` which has the document root node as its sole child, - an `Unknown` node for the root DOM node, - a `GenericContainer` node for each DOM element, and - a `TextRun` node for each text node. This allows us to make basic assertions about the tree contents in the `accessibility` test by doing a tree walk to find text nodes and checking their contents. Right now, the tree is rebuilt from scratch when accessibility is enabled and when a navigation occurs (via `Constellation::set_frame_tree_for_webview()` sending `ScriptThreadMessage::SetAccessibilityActive`); it's not responsive to changes in the page. This change also changes the way we handle updating the graft node between the webview's accessibility tree and its top level pipeline's accessibility tree. Previously, `Constellation::set_frame_tree_for_webview()` would send a `ConstellationToEmbedderMsg::DocumentAccessibilityTreeIdChange` method informing the webview of the accesskit TreeId of the top-level pipeline. However, this resulted in flaky timing as we couldn't depend on that message being handled before the message containing the TreeUpdate from the WebContents, which would lead to a panic as the new TreeId wasn't grafted into the combined tree yet. This change introduces an epoch value which flows from the ConstellationWebview, where it's updated every time the `active_top_level_pipeline_id` changes, to the layout accessibility tree, and finally to the webview with each TreeUpdate. Whenever a TreeUpdate arrives at the webview which has a newer epoch than the last known epoch, the webview-to-contents graft node is updated before the TreeUpdate is forwarded. If a TreeUpdate arrives at the webview with an epoch _older_ than the last known epoch, it's dropped, as it must be for a no-longer-active pipeline. Fixes: Part of #4344 --------- Signed-off-by: delan azabani <dazabani@igalia.com> Signed-off-by: Alice Boxhall <alice@igalia.com> Co-authored-by: delan azabani <dazabani@igalia.com> Co-authored-by: Luke Warlow <lwarlow@igalia.com> |
||
|
Nico Burns
|
b89cbf1201 |
deps: Upgrade Taffy to v0.10.1 (#44203)
Fixes CSS Grid auto-repeat track count resolution in CSS Grid. This caused an integer underflow in some cases and in others simply computed the incorrect number of tracks. Hopefully fixes: #44201 --------- Signed-off-by: Nico Burns <nico@nicoburns.com> |
||
|
dependabot[bot]
|
2a1290a591 |
build: bump rustls from 0.23.37 to 0.23.38 (#44187)
Bumps [rustls](https://github.com/rustls/rustls) from 0.23.37 to 0.23.38. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
460c14bbbe |
build: bump lru from 0.16.3 to 0.16.4 (#44191)
Bumps [lru](https://github.com/jeromefroe/lru-rs) from 0.16.3 to 0.16.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md">lru's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/jeromefroe/lru-rs/tree/0.16.4">v0.16.4</a> - 2026-04-13</h2> <ul> <li>Add <code>get_or_insert_with_key</code> and variants.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6c2bc8fd1e |
build: bump libc from 0.2.184 to 0.2.185 (#44189)
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.184 to 0.2.185. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/releases">libc's releases</a>.</em></p> <blockquote> <h2>0.2.185</h2> <h3>Added</h3> <ul> <li>EspIDF: Add <code>espidf_picolibc</code> cfg for picolibc <code>O_*</code> flag values (<a href="https://redirect.github.com/rust-lang/libc/pull/5035">#5035</a>)</li> <li>Hexagon: add missing constants and fix types for linux-musl (<a href="https://redirect.github.com/rust-lang/libc/pull/5042">#5042</a>)</li> <li>Redox: Add semaphore functions (<a href="https://redirect.github.com/rust-lang/libc/pull/5051">#5051</a>)</li> <li>Windows: Add <code>sprintf</code>, <code>snprintf</code>, and the <code>scanf</code> family (<a href="https://redirect.github.com/rust-lang/libc/pull/5024">#5024</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Hexagon: Decouple <code>time64</code> types from musl symbol redirects (<a href="https://redirect.github.com/rust-lang/libc/pull/5040">#5040</a>)</li> <li>Horizon: Change <code>POLL</code> constants from <code>c_short</code> to <code>c_int</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/5045">#5045</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/blob/0.2.185/CHANGELOG.md">libc's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/rust-lang/libc/compare/0.2.184...0.2.185">0.2.185</a> - 2026-04-13</h2> <h3>Added</h3> <ul> <li>EspIDF: Add <code>espidf_picolibc</code> cfg for picolibc <code>O_*</code> flag values (<a href="https://redirect.github.com/rust-lang/libc/pull/5035">#5035</a>)</li> <li>Hexagon: add missing constants and fix types for linux-musl (<a href="https://redirect.github.com/rust-lang/libc/pull/5042">#5042</a>)</li> <li>Redox: Add semaphore functions (<a href="https://redirect.github.com/rust-lang/libc/pull/5051">#5051</a>)</li> <li>Windows: Add <code>sprintf</code>, <code>snprintf</code>, and the <code>scanf</code> family (<a href="https://redirect.github.com/rust-lang/libc/pull/5024">#5024</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Hexagon: Decouple <code>time64</code> types from musl symbol redirects (<a href="https://redirect.github.com/rust-lang/libc/pull/5040">#5040</a>)</li> <li>Horizon: Change <code>POLL</code> constants from <code>c_short</code> to <code>c_int</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/5045">#5045</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b4a7caea01 |
build: bump cc from 1.2.59 to 1.2.60 (#44188)
Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.2.59 to 1.2.60. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/cc-rs/releases">cc's releases</a>.</em></p> <blockquote> <h2>cc-v1.2.60</h2> <h3>Fixed</h3> <ul> <li><em>(ar)</em> suppress warnings from <code>D</code> modifier probe (<a href="https://redirect.github.com/rust-lang/cc-rs/pull/1700">#1700</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md">cc's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/rust-lang/cc-rs/compare/cc-v1.2.59...cc-v1.2.60">1.2.60</a> - 2026-04-10</h2> <h3>Fixed</h3> <ul> <li><em>(ar)</em> suppress warnings from <code>D</code> modifier probe (<a href="https://redirect.github.com/rust-lang/cc-rs/pull/1700">#1700</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3379bf634f |
build: bump hyper-rustls from 0.27.7 to 0.27.8 (#44144)
Bumps [hyper-rustls](https://github.com/rustls/hyper-rustls) from 0.27.7 to 0.27.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/hyper-rustls/releases">hyper-rustls's releases</a>.</em></p> <blockquote> <h2>0.27.8</h2> <h2>What's Changed</h2> <ul> <li>Added HttpsConnector::new function by <a href="https://github.com/0xIO32"><code>@0xIO32</code></a> in <a href="https://redirect.github.com/rustls/hyper-rustls/pull/301">rustls/hyper-rustls#301</a></li> <li>Exclude development scripts from published package by <a href="https://github.com/weiznich"><code>@weiznich</code></a> in <a href="https://redirect.github.com/rustls/hyper-rustls/pull/320">rustls/hyper-rustls#320</a></li> <li>Drop dependency on rustls-pemfile by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/hyper-rustls/pull/323">rustls/hyper-rustls#323</a></li> <li>Fix tests to run on a random port by <a href="https://github.com/erickt"><code>@erickt</code></a> in <a href="https://redirect.github.com/rustls/hyper-rustls/pull/330">rustls/hyper-rustls#330</a></li> <li>Upgrade to rustls-platform-verifier 0.7 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/hyper-rustls/pull/338">rustls/hyper-rustls#338</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b6620593ae |
build: bump rustls-webpki from 0.103.10 to 0.103.11 (#44148)
Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.103.10 to 0.103.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/webpki/releases">rustls-webpki's releases</a>.</em></p> <blockquote> <h2>0.103.11</h2> <p>In response to <a href="https://redirect.github.com/rustls/webpki/issues/464">#464</a>, we've slightly relaxed requirements for <code>anchor_from_trust_cert()</code> to ignore unknown extensions even if they're marked as critical. This only affects parsing a <code>TrustAnchor</code> from DER, for which most extensions are ignored anyway.</p> <h2>What's Changed</h2> <ul> <li>Backport parsing trust anchors with unknown critical extensions to 0.103 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/rustls/webpki/pull/466">rustls/webpki#466</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c6987ebb82 |
build: bump pkg-config from 0.3.32 to 0.3.33 (#44146)
Bumps [pkg-config](https://github.com/rust-lang/pkg-config-rs) from 0.3.32 to 0.3.33. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/pkg-config-rs/blob/master/CHANGELOG.md">pkg-config's changelog</a>.</em></p> <blockquote> <h2>[0.3.33] - 2026-04-12</h2> <h3>Changed</h3> <ul> <li>Error output from <code>pkg-config</code> is included in the message again to help with finding the cause (<a href="https://redirect.github.com/rust-lang/pkg-config-rs/issues/187">#187</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/rust-lang/pkg-config-rs/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Josh Matthews
|
f70f94ad0e |
servoshell: Update egui to 0.34. (#44053)
Testing: We have no automated testing for the servoshell UI. Some quick manual testing of servo.org seemed to work as expected. Signed-off-by: Josh Matthews <josh@joshmatthews.net> |
||
|
Kelechi Ebiri
|
5606cf3f65 |
Stylo: Enable text align match parent servo (#44073)
Companion PR for servo/stylo#350 Testing: Various WPT improve Fixes: #43575 --------- Signed-off-by: Kelechi Ebiri <ebiritg@gmail.com> |
||
|
dependabot[bot]
|
eb9784c9fb |
build: bump libredox from 0.1.15 to 0.1.16 (#44077)
Bumps libredox from 0.1.15 to 0.1.16. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
046ed0f236 |
build: bump tokio from 1.51.0 to 1.51.1 in the tokio-rs-related group (#44048)
Bumps the tokio-rs-related group with 1 update: [tokio](https://github.com/tokio-rs/tokio). Updates `tokio` from 1.51.0 to 1.51.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.51.1</h2> <h1>1.51.1 (April 8th, 2026)</h1> <h3>Fixed</h3> <ul> <li>sync: fix semaphore reopens after forget (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8021">#8021</a>)</li> <li>net: surface errors from <code>SO_ERROR</code> on <code>recv</code> for UDP sockets on Linux (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8001">#8001</a>)</li> </ul> <h3>Fixed (unstable)</h3> <ul> <li>metrics: fix <code>worker_local_schedule_count</code> test (<a href="https://redirect.github.com/tokio-rs/tokio/issues/8008">#8008</a>)</li> <li>rt: do not leak fd when cancelling io_uring open operation (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7983">#7983</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7983">#7983</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7983">tokio-rs/tokio#7983</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8001">#8001</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8001">tokio-rs/tokio#8001</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8008">#8008</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8008">tokio-rs/tokio#8008</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/8021">#8021</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/8021">tokio-rs/tokio#8021</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |