From ad1fd3ac8caf9f5e0321da9d15c0478bb0c5ad54 Mon Sep 17 00:00:00 2001
From: Michael Pursifull <mike@arcaven.com>
Date: Wed, 22 Apr 2026 12:48:07 -0500
Subject: [PATCH] =?UTF-8?q?fix(deps):=20bump=20rustls-webpki=200.103.12=20?=
 =?UTF-8?q?=E2=86=92=200.103.13?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RUSTSEC-2026-0104: reachable panic parsing empty BIT STRING in
onlySomeReasons of IssuingDistributionPoint CRL extension.

forestage uses reqwest for portrait downloads (CDN over TLS) but
does not perform CRL revocation, so the bug is not exploitable
here. cargo-deny fails CI on any advisory. Patch bump only,
no code change.
---
 Cargo.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 92c6ee0..730061d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2180,9 +2180,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.12"
+version = "0.103.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06"
+checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
 dependencies = [
  "ring",
  "rustls-pki-types",