From c34477bfae691646125edf38846c0eed08b9e0ac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 15 Mar 2026 09:53:50 +0000
Subject: [PATCH] Bump the minor-and-patch group with 3 updates

Bumps the minor-and-patch group with 3 updates: [chrono](https://github.com/chronotope/chrono), [zip](https://github.com/zip-rs/zip2) and [sha3](https://github.com/RustCrypto/hashes).


Updates `chrono` from 0.4.43 to 0.4.44
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.43...v0.4.44)

Updates `zip` from 8.0.0 to 8.2.0
- [Release notes](https://github.com/zip-rs/zip2/releases)
- [Changelog](https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zip-rs/zip2/compare/v8.0.0...v8.2.0)

Updates `sha3` from 0.11.0-rc.7 to 0.11.0-rc.8
- [Commits](https://github.com/RustCrypto/hashes/compare/sha3-v0.11.0-rc.7...sha3-v0.11.0-rc.8)

---
updated-dependencies:
- dependency-name: chrono
  dependency-version: 0.4.44
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: zip
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: sha3
  dependency-version: 0.11.0-rc.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Cargo.lock          | 43 ++++++++++++-------------------------------
 cdx-core/Cargo.toml |  4 ++--
 2 files changed, 14 insertions(+), 33 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 08f8c88..b1307fa 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -389,7 +389,7 @@ dependencies = [
  "serde",
  "serde_json",
  "sha2 0.10.9",
- "sha3 0.10.8",
+ "sha3",
  "strum",
  "tempfile",
  "thiserror",
@@ -435,9 +435,9 @@ dependencies = [
 
 [[package]]
 name = "chrono"
-version = "0.4.43"
+version = "0.4.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118"
+checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0"
 dependencies = [
  "num-traits",
  "serde",
@@ -1555,20 +1555,11 @@ dependencies = [
 
 [[package]]
 name = "keccak"
-version = "0.1.6"
+version = "0.2.0-rc.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653"
+checksum = "882b69cb15b1f78b51342322a97ccd16f5123d1dc8a3da981a95244f488e8692"
 dependencies = [
- "cpufeatures 0.2.17",
-]
-
-[[package]]
-name = "keccak"
-version = "0.2.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a412fe37705d515cba9dbf1448291a717e187e2351df908cfc0137cbec3d480"
-dependencies = [
- "cpufeatures 0.2.17",
+ "cpufeatures 0.3.0",
 ]
 
 [[package]]
@@ -1657,7 +1648,7 @@ dependencies = [
  "module-lattice",
  "pkcs8 0.11.0-rc.11",
  "rand_core 0.10.0",
- "sha3 0.11.0-rc.7",
+ "sha3",
  "signature 3.0.0-rc.10",
 ]
 
@@ -2625,22 +2616,12 @@ dependencies = [
 
 [[package]]
 name = "sha3"
-version = "0.10.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60"
-dependencies = [
- "digest 0.10.7",
- "keccak 0.1.6",
-]
-
-[[package]]
-name = "sha3"
-version = "0.11.0-rc.7"
+version = "0.11.0-rc.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c5bfe7820113e633d8886e839aae78c1184b8d7011000db6bc7eb61e34f28350"
+checksum = "95f78cd62cc39ece5aefbeb6caaa2ea44f70b4815d4b85f7e150ac685ada2bb5"
 dependencies = [
  "digest 0.11.0",
- "keccak 0.2.0-rc.1",
+ "keccak",
 ]
 
 [[package]]
@@ -3707,9 +3688,9 @@ dependencies = [
 
 [[package]]
 name = "zip"
-version = "8.0.0"
+version = "8.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79b32dd4ad3aca14ae109f8cce0495ac1c57f6f4f00ad459a40e582f89440d97"
+checksum = "b680f2a0cd479b4cff6e1233c483fdead418106eae419dc60200ae9850f6d004"
 dependencies = [
  "crc32fast",
  "flate2",
diff --git a/cdx-core/Cargo.toml b/cdx-core/Cargo.toml
index 2a4871b..a4778e6 100644
--- a/cdx-core/Cargo.toml
+++ b/cdx-core/Cargo.toml
@@ -53,11 +53,11 @@ serde_json = "1.0"
 json-canon = "0.1"  # RFC 8785 JSON Canonicalization
 
 # ZIP handling
-zip = { version = "8.0", default-features = false, features = ["deflate"] }
+zip = { version = "8.2", default-features = false, features = ["deflate"] }
 
 # Cryptography
 sha2 = "0.10"
-sha3 = "0.10"
+sha3 = "0.11"
 blake3 = "1.5"
 
 # Signatures (optional)