chore(deps): bump the cargo-weekly group across 1 directory with 3 updates by dependabot[bot] · Pull Request #3831 · tempoxyz/tempo

dependabot · 2026-05-06T05:29:52Z

Bumps the cargo-weekly group with 3 updates in the / directory: metrics, reqwest and rustls.

Updates metrics from 0.24.3 to 0.24.4

Commits

8029f66 chore: Release
7c8ea4d update CHANGELOG for metrics
116b81b feat: make key retention more efficient (#688)
9f11534 chore(deps): bump log from 0.4.28 to 0.4.29 (#678)
f793fda chore(deps): bump chrono from 0.4.40 to 0.4.44 (#680)
a88342d chore(metrics-exporter-prometheus): update license to reflect prom protobuf s...
bec950f feat(metrics-util): Expose true count and sum on Drain for reservoir sampling...
aa2ad18 perf: const KeyHasher with rapidhash (#669)
9cf5066 chore(deps): bump proptest from 1.6.0 to 1.10.0 (#674)
4608ae4 chore(deps): bump itoa from 1.0.15 to 1.0.17 (#666)
Additional commits viewable in compare view

Updates reqwest from 0.13.2 to 0.13.3

Release notes

v0.13.3

tl;dr

Fix CertificateRevocationList parsing of PEM values.

Fix logging in resolver to only show host, not full URL.

Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.

Fix HTTP/3 to handle STOP_SENDING as not an error.

Fix HTTP/3 pool to remove timed out QUIC connections.

Fix HTTP/3 connection establishment picking IPv4 and IPv6.

Upgrade rustls-platform-verifier.

(wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

Update docs.rs Features by @JamesWiresmith in seanmonstar/reqwest#2961

fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @monosans in seanmonstar/reqwest#2797

fix: remove timeout con by @cuiweixie in seanmonstar/reqwest#2967

http3: handle stop_sending without error by @anuraaga in seanmonstar/reqwest#2978

resolve: debug log to change only host by @lms0806 in seanmonstar/reqwest#2992

Edit reference link by @lms0806 in seanmonstar/reqwest#2996

docs: more accurate about default HTTP2 window sizes by @seanmonstar in seanmonstar/reqwest#3007

[HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 by @lyuzichong in seanmonstar/reqwest#3006

Upgrade rustls-platform-verifier by @jplatte in seanmonstar/reqwest#3010

use wasm-bindgen ecosystem only for wasm32-unknown-* target by @Ludea in seanmonstar/reqwest#3000

fix rustls crl pem parsing by @Threated in seanmonstar/reqwest#3013

docs(retry): include ReqRep in docsrs by @seanmonstar in seanmonstar/reqwest#3020

New Contributors

@JamesWiresmith made their first contribution in seanmonstar/reqwest#2961

@monosans made their first contribution in seanmonstar/reqwest#2797

@cuiweixie made their first contribution in seanmonstar/reqwest#2967

@anuraaga made their first contribution in seanmonstar/reqwest#2978

@lms0806 made their first contribution in seanmonstar/reqwest#2992

@lyuzichong made their first contribution in seanmonstar/reqwest#3006

@Ludea made their first contribution in seanmonstar/reqwest#3000

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

Fix CertificateRevocationList parsing of PEM values.

Fix logging in resolver to only show host, not full URL.

Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.

Fix HTTP/3 to handle STOP_SENDING as not an error.

Fix HTTP/3 pool to remove timed out QUIC connections.

Fix HTTP/3 connection establishment picking IPv4 and IPv6.

Upgrade rustls-platform-verifier.

(wasm) Only use wasm-bindgen on unknown-* targets.

Commits

a9a88c4 v0.13.3
f3f6d9d docs(retry): include ReqRep in docsrs (#3020)
5f9c231 fix rustls CRL PEM parsing (#3013)
11d835d use wasm-bindgen ecosystem only for wasm32-unknown-* target (#3000)
1f72916 Upgrade rustls-platform-verifier (#3010)
5d5bf35 [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 (#3006)
93dc1b2 docs: more accurate about default HTTP2 window sizes (#3007)
c5e50f0 docs: update outdated link in comments
b25611f resolve: debug log to change only host (#2992)
ca1f479 http3: handle stop_sending without error (#2978)
Additional commits viewable in compare view

Updates rustls from 0.23.39 to 0.23.40

Commits

b44c09f Prepare 0.23.40
e7a555f Prefer Ord::max to core::cmp
c0005be ech: base inner name padding on actual extension
4e49529 ech: test inner name padding
3e06ef1 ech: add both name and "gross" padding
c574ffd ech: avoid short-lived allocation for padding
8bf935c ech: pop comment from match arm
9088004 ech: expand maximum_name_length to usize ASAP
a612901 Default require_ems based on CryptoProvider FIPS status
See full diff in compare view

socket-security · 2026-05-06T05:30:45Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality
reqwest@0.13.2 ⏵ 0.13.3	⁺¹	⁺¹
rustls@0.23.39 ⏵ 0.23.40
metrics@0.24.3 ⏵ 0.24.4

View full report

…dates Bumps the cargo-weekly group with 3 updates in the / directory: [metrics](https://github.com/metrics-rs/metrics), [reqwest](https://github.com/seanmonstar/reqwest) and [rustls](https://github.com/rustls/rustls). Updates `metrics` from 0.24.3 to 0.24.4 - [Changelog](https://github.com/metrics-rs/metrics/blob/main/release.toml) - [Commits](metrics-rs/metrics@metrics-v0.24.3...metrics-v0.24.4) Updates `reqwest` from 0.13.2 to 0.13.3 - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](seanmonstar/reqwest@v0.13.2...v0.13.3) Updates `rustls` from 0.23.39 to 0.23.40 - [Release notes](https://github.com/rustls/rustls/releases) - [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md) - [Commits](rustls/rustls@v/0.23.39...v/0.23.40) --- updated-dependencies: - dependency-name: metrics dependency-version: 0.24.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: cargo-weekly - dependency-name: reqwest dependency-version: 0.13.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: cargo-weekly - dependency-name: rustls dependency-version: 0.23.40 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: cargo-weekly ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the A-dependencies Related to dependency updates label May 6, 2026

dependabot Bot requested a review from Zygimantass as a code owner May 6, 2026 05:29

dependabot Bot added the A-dependencies Related to dependency updates label May 6, 2026

dependabot Bot changed the title ~~chore(deps): bump the cargo-weekly group with 3 updates~~ chore(deps): bump the cargo-weekly group across 1 directory with 3 updates May 6, 2026

dependabot Bot force-pushed the dependabot/cargo/cargo-weekly-83187c6661 branch from ad44443 to c663f47 Compare May 6, 2026 16:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the cargo-weekly group across 1 directory with 3 updates#3831

chore(deps): bump the cargo-weekly group across 1 directory with 3 updates#3831
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/cargo-weekly-83187c6661

dependabot Bot commented on behalf of github May 6, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented May 6, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.13.3

tl;dr

What's Changed

New Contributors

v0.13.3

Uh oh!

socket-security Bot commented May 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 6, 2026 •

edited

Loading

socket-security Bot commented May 6, 2026 •

edited

Loading