deps(rust)(deps): bump the all-minor-patch group with 20 updates

[dependabot]

Bumps the all-minor-patch group with 20 updates:

Package	From	To
serde_json	1.0.149	1.0.150
chrono	0.4.44	0.4.45
rand	0.8.5	0.8.6
zeroize	1.8.2	1.9.0
log	0.4.29	0.4.32
uuid	1.22.0	1.23.3
blake3	1.8.3	1.8.5
similar	3.1.0	3.1.1
reqwest	0.13.2	0.13.4
rustls	0.23.37	0.23.40
rustls-pki-types	1.14.0	1.14.1
rayon	1.11.0	1.12.0
libc	0.2.183	0.2.186
dashmap	6.1.0	6.2.1
didwebvh-rs	0.4.0	0.4.2
affinidi-data-integrity	0.5.0	0.5.4
affinidi-secrets-resolver	0.5.2	0.5.6
tss-esapi	7.6.0	7.7.0
clap	4.6.0	4.6.1
clap_complete	4.6.0	4.6.5

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

• fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow by @​SAY-5 in chronotope/chrono#1787
• tz_data: fix tzdata locations on Android by @​caruschalalamove in chronotope/chrono#1789

Commits

• 1703382 Prepare 0.4.45 release
• 881f9ab tz_data: fix tzdata locations on Android
• f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
• c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
• 120686c Bump codecov/codecov-action from 5 to 6
• See full diff in compare view

Updates rand from 0.8.5 to 0.8.6

Changelog

Sourced from rand's changelog.

[0.8.6] - 2026-04-14

This release back-ports a fix from v0.10. See also #1763.

Changes

• Deprecate feature log (#1772)

#1763: rust-random/rand#1763 #1772: rust-random/rand#1772

• Drop the experimental simd_support feature.

Commits

• 5309f25 0.8.6 (#1772): update for recent nightly rustc and backport #1764
• 1126d03 When testing rustc 1.36, use compatible dependencies.
• 143b602 Add Cargo.lock.msrv.
• 9be86f2 Fix cross build test.
• 5e0d50d Drop simd_support.
• 8ff02f0 Upgrade cache action.
• 4ad0cc3 Don't test for unsupported target architecture.
• 258e6d0 Address warning.
• 9f0e676 Mark some internal traits as potentially unused.
• 6f123c1 Workaround never constructed and never used warning.
• Additional commits viewable in compare view

Updates zeroize from 1.8.2 to 1.9.0

Commits

• 0b71573 zeroize v1.9.0 (#1494)
• 3e3f18c zeroize: always enable AVX-512 support (#1493)
• 1ea42bb zeroize_derive v1.5.0 (#1492)
• 8d785d1 zeroize: rustdoc improvements (#1491)
• d844f36 zeroize: incorporate README.md into rustdoc (#1490)
• c65c09d ctutils: use reason instead of comment in forbid attribute (#1489)
• cbd0963 Release block-buffer v0.12.1 (#1488)
• 9aa541d block-buffer: fix exception safety (#1487)
• 5c7e4f9 cmov v0.5.4 (#1485)
• 87cadbc cmov: fix clippy (#1484)
• Additional commits viewable in compare view

Updates log from 0.4.29 to 0.4.32

Release notes

Sourced from log's releases.

0.4.32

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729
• Prepare for 0.4.32 release by @​KodrAus in rust-lang/log#730

Full Changelog: rust-lang/log@0.4.31...0.4.32

0.4.31

What's Changed

• fix typos in kv compile errors and log documentation by @​Isvane in rust-lang/log#726
• Leverage static str key when possible by @​tisonkun in rust-lang/log#727
• Prepare for 0.4.31 release by @​KodrAus in rust-lang/log#728

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

0.4.30

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Changelog

Sourced from log's changelog.

[0.4.32] - 2026-06-04

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729

Full Changelog: rust-lang/log@0.4.31...0.4.32

[0.4.31] - 2026-06-02

What's Changed

• Leverage static str key when possible by @​tisonkun in rust-lang/log#727

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

[0.4.30] - 2026-05-21

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Commits

• a5b5b21 Merge pull request #730 from rust-lang/cargo/0.4.32
• c8d3b12 prepare for 0.4.32 release
• ce6cd9f Merge pull request #729 from tisonkun/kv-std-support
• 20b3b05 drop cfg-feature=kv as it is already met
• 7bc1200 kv::std_support may not need value-bag
• 5808392 Merge pull request #728 from rust-lang/cargo/0.4.31
• 86d739f prepare for 0.4.31 release
• c906cfb Merge pull request #727 from tisonkun/leverage-static-str-key-when-possible
• 756c279 leverage str literal as well
• 3dd250d rename Key::from_static_str to from_str_static
• Additional commits viewable in compare view

Updates uuid from 1.22.0 to 1.23.3

Release notes

Sourced from uuid's releases.

v1.23.3

What's Changed

• Fix up parser panic on empty input by @​KodrAus in uuid-rs/uuid#886
• Prepare for 1.23.3 release by @​KodrAus in uuid-rs/uuid#887

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3

v1.23.2

What's Changed

• Improve error messages for ambiguous formats by @​KodrAus in uuid-rs/uuid#882
• Prepare for 1.23.2 release by @​KodrAus in uuid-rs/uuid#883

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

v1.23.1

What's Changed

• Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
• fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
• Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

• @​guybedford made their first contribution in uuid-rs/uuid#877
• @​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

v1.23.0

What's Changed

• feat: add support for 'hyphenated' format in the serde module by @​FrenchDilettante in uuid-rs/uuid#865
• Fix a number of bugs in time-related code by @​KodrAus in uuid-rs/uuid#872
• Reword invalid char error message by @​KodrAus in uuid-rs/uuid#873
• Impl cleanups by @​KodrAus in uuid-rs/uuid#874
• Use LazyLock to synchronize v1/v6 context initialization by @​KodrAus in uuid-rs/uuid#875
• Prepare for 1.23.0 release by @​KodrAus in uuid-rs/uuid#876

New Contributors

• @​FrenchDilettante made their first contribution in uuid-rs/uuid#865

Special thanks

@​meng-xu-cs raised a series of bugs against the timestamp logic in uuid using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better uuid library for everyone. Thanks!

Deprecations

This release includes the following deprecations:

• Context: Renamed to ContextV1
• Timestamp::from_gregorian: Renamed to Timestamp::from_gregorian_time

... (truncated)

Commits

• 20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
• 62232ca prepare for 1.23.3 release
• 2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
• 2d034d4 fix some invalid indexers on error reporting
• a8b9f14 update fuzz infra and run in CI
• d119657 Merge pull request #883 from uuid-rs/cargo/v1.23.2
• 0651cfc prepare for 1.23.2 release
• e8dea0c Merge pull request #882 from uuid-rs/fix/error-msgs
• bdc429a fix up serde messages
• d4342e4 make indexes 0 based and fix up more error messages
• Additional commits viewable in compare view

Updates blake3 from 1.8.3 to 1.8.5

Release notes

Sourced from blake3's releases.

1.8.5

version 1.8.5

Changes since 1.8.4:

• Forcibly disable LTO when compiling C intrinsics from the Rust build. This fixes a build break on Arch Linux ARM: BLAKE3-team/BLAKE3#550

1.8.4

version 1.8.4

Changes since 1.8.3:

• Updated the digest dependency from v0.10 to v0.11. THIS IS A POTENTIALLY BREAKING CHANGE for callers using the traits-preview Cargo feature. But this is not considered a breaking change for the blake3 crate itself; see the docs for traits-preview.
• Performance for WASM SIMD targets is improved by ~20% when the wasm32_simd feature is enabled. Contributed by @​lamb356.

Commits

• 93a431c version 1.8.5
• 299b1e2 fix LTO builds by disabling LTO
• 6a45fee add LTO builds to CI
• 15e83a5 c: Use correct SIMD flags when compiling with Clang-Cl (#549)
• 2e3727d cargo fmt everywhere
• b97a24f version 1.8.4
• 0ebe469 update to new rustcrypto trait releases
• d4b005a wasm32_simd: use i8x16_shuffle for rot8 and rot16
• 6eebbbd fix a struct size mismatch in tests
• fb1411e c: use SIZE_MAX instead of -1 for size_t sentinels, add <stdint.h>
• See full diff in compare view

Updates similar from 3.1.0 to 3.1.1

Changelog

Sourced from similar's changelog.

3.1.1

• Fixed DiffOp cursor positions when compacting adjacent inserts/deletes and in Algorithm::Histogram full-replacement output, ensuring operations form contiguous ranges. #95
• Renamed sample diff input files to a lexicographic caseNN.01.before_* / caseNN.02.after_* scheme.

Commits

• 0210f53 chore(release): prepare 3.1.1
• bc9657d docs(changelog): update unreleased changes
• d154c8b fix(algorithms): preserve diff op cursors
• 53c943e feat: Update screenshot
• 5d1f1b6 ref: rename diff examples
• 8577da2 fix: rustfmt
• See full diff in compare view

Updates reqwest from 0.13.2 to 0.13.4

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

What's Changed

• fix(tls): improve rustls-no-provider panic message and add module docs by @​smythg4 in seanmonstar/reqwest#3021
• fix: do not lose the url in error when decoding json by @​Dushistov in seanmonstar/reqwest#3026
• Add tls_sslkeylogfile builder method by @​passcod in seanmonstar/reqwest#2923
• fix(redirect): strip sensitive headers on scheme change across redirects by @​SAY-5 in seanmonstar/reqwest#3034
• chore: upgrade MSRV to 1.85 by @​seanmonstar in seanmonstar/reqwest#3038
• chore: clean up minimal-versions CI job by @​seanmonstar in seanmonstar/reqwest#3039
• fix(http3): use happy eyeballs for h3 connect by @​lyuzichong in seanmonstar/reqwest#3030
• fix: update hickory-resolver to 0.26 and adjust code accordingly by @​seanmonstar in seanmonstar/reqwest#3040
• fix: remove unwrap in hickory initialization by @​mat813 in seanmonstar/reqwest#3041
• feat(https): support TLS 1.3 as min version under native-tls 🎉 by @​AverageHelper in seanmonstar/reqwest#2975
• Expose keep alive configurations in blocking client by @​aeb-dev in seanmonstar/reqwest#3043
• Prepare v0.13.4 by @​seanmonstar in seanmonstar/reqwest#3046

New Contributors

• @​smythg4 made their first contribution in seanmonstar/reqwest#3021
• @​Dushistov made their first contribution in seanmonstar/reqwest#3026
• @​SAY-5 made their first contribution in seanmonstar/reqwest#3034
• @​mat813 made their first contribution in seanmonstar/reqwest#3041
• @​AverageHelper made their first contribution in seanmonstar/reqwest#2975
• @​aeb-dev made their first contribution in seanmonstar/reqwest#3043

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

v0.13.3

tl;dr

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

• Update docs.rs Features by @​JamesWiresmith in seanmonstar/reqwest#2961
• fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @​monosans in seanmonstar/reqwest#2797
• fix: remove timeout con by @​cuiweixie in seanmonstar/reqwest#2967
• http3: handle stop_sending without error by @​anuraaga in seanmonstar/reqwest#2978

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.4

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

v0.13.3

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

Commits

• 11489b3 v0.13.4
• d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
• 79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
• fb7bf6a fix: remove unwrap in hickory initialization (#3041)
• 3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
• c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
• 9cbb65b chore: clean up minimal-versions CI job (#3039)
• 17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
• 03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
• 4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
• Additional commits viewable in compare view

Updates rustls from 0.23.37 to 0.23.40

Commits

• b44c09f Prepare 0.23.40
• e7a555f Prefer Ord::max to core::cmp
• c0005be ech: base inner name padding on actual extension
• 4e49529 ech: test inner name padding
• 3e06ef1 ech: add both name and "gross" padding
• c574ffd ech: avoid short-lived allocation for padding
• 8bf935c ech: pop comment from match arm
• 9088004 ech: expand maximum_name_length to usize ASAP
• a612901 Default require_ems based on CryptoProvider FIPS status
• 0541605 Cargo: version 0.23.38 -> 0.23.39
• Additional commits viewable in compare view

Updates rustls-pki-types from 1.14.0 to 1.14.1

Release notes

Sourced from rustls-pki-types's releases.

1.14.1

Parsing PEM will now error for PEM sections larger than 256 MB in size, to avoid running out of memory during parsing. The limit was chosen based on historical data from large certificate revocation lists from the web PKI.

What's Changed

• Remove mention of rustls-pemfile from docs by @​ranile in rustls/pki-types#103
• Update ECH reference to RFC9849 by @​ctz in rustls/pki-types#104
• pem: error for sections that are too large by @​djc in rustls/pki-types#106
• Update ECH reference to RFC 9849 by @​ctz in rustls/pki-types#107
• Adjust PEM size limit to account for huge CRLs by @​ctz in rustls/pki-types#108

Commits

• bb3c1da Adjust PEM size limit to account for huge CRLs
• 20bcfe1 Bump version to 1.14.1
• b796d3d pem: error for sections that are too large
• 422d8cf Update ECH reference to RFC 9849
• 14ce65c Remove mention of rustls-pemfile from docs
• See full diff in compare view

Updates rayon from 1.11.0 to 1.12.0

Changelog

Sourced from rayon's changelog.

Release rayon 1.12.0 (2026-04-13)

• Fixed a bug in parallel Range<char> when the end is 0xE000, just past the surrogate boundary, which was unsafely producing invalid char values.
• The new method ParallelSlice::par_array_windows works like par_windows but with a constant length, producing &[T; N] items.

Commits

• 7449d7d Merge #1093
• b3d9e3f Release rayon 1.8.0 and rayon-core 1.12.0
• 3fe51e5 Fix clippy::let_and_return
• 082f215 Merge #1087
• ea0c06d core: registry: Factor out "wait till out of work" part of the main loop.
• 75524e2 Merge #1063
• 01d2800 Ignore the multi-threaded test on emscripten/wasm
• 40b59c0 core: Make use_current_thread error rather than panic when already in the pool.
• f4db4d7 core: tests: Add some basic tests for ThreadPoolBuilder::use_current_thread.
• 87274ad core: registry: Add some more documentation for ThreadPoolBuilder::use_curren...
• Additional commits viewable in compare view

Updates libc from 0.2.183 to 0.2.186

Release notes

Sourced from libc's releases.

0.2.186

Added

• Apple: Add KEVENT_FLAG_* constants (#5070)
• Linux: Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE (#5060)

Changed

• CI: Migrate FreeBSD CI from Cirrus CI to GitHub Actions (#5058)

0.2.185

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

0.2.184

MSRV

This release increases the MSRV of libc to 1.65. With this update, you can now always use the core::ffi::c_* types with libc definitions, since libc has been changed to reexport from core rather than redefining them. (This usually worked before but had edge cases.) (#4972)

Added

• BSD: Add IP_MINTTL to bsd (#5026)
• Cygwin: Add TIOCM_DSR (#5031)
• FreeBSD: Added xfile structe and file descriptor types (#5002)
• Linux: Add CAN netlink bindings (#5011)
• Linux: Add struct ethhdr (#4239)
• Linux: Add struct ifinfomsg (#5012)
• Linux: Define max_align_t for riscv64 (#5029)
• NetBSD: Add missing CLOCK_ constants (#5020)
• NuttX: Add _SC_HOST_NAME_MAX (#5004)
• VxWorks: Add flock and F_*LCK constants (#4043)
• WASI: Add all _SC_* sysconf constants (#5023)

Deprecated

The remaining fixed-width integer aliases, __uint128_t, __uint128, __int128_t, and __int128, have been deprecated. Use i128 and u128 instead. (#4343)

... (truncated)

Changelog

Sourced from libc's changelog.

0.2.186 - 2026-04-24

Added

• Apple: Add KEVENT_FLAG_* constants (#5070)
• Linux: Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE (#5060)

Changed

• CI: Migrate FreeBSD CI from Cirrus CI to GitHub Actions (#5058)

0.2.185 - 2026-04-13

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

0.2.184 - 2026-04-01

MSRV

This release increases the MSRV of libc to 1.65. With this update, you can now always use the core::ffi::c_* types with libc definitions, since libc has been changed to reexport from core rather than redefining them. (This usually worked before but had edge cases.) (#4972)

Added

• BSD: Add IP_MINTTL to bsd (#5026)
• Cygwin: Add TIOCM_DSR (#5031)
• FreeBSD: Added xfile structe and file descriptor types (#5002)
• Linux: Add CAN netlink bindings (#5011)
• Linux: Add struct ethhdr (#4239)
• Linux: Add struct ifinfomsg (#5012)
• Linux: Define max_align_t for riscv64 (#5029)
• NetBSD: Add missing CLOCK_ constants (#5020)
• NuttX: Add _SC_HOST_NAME_MAX (#5004)
• VxWorks: Add flock and F_*LCK constants (#4043)
• WASI: Add all _SC_* sysconf constants (#5023)

Deprecated

... (truncated)

Commits

• 42620ff [0.2] libc: Release 0.2.186
• 9db2eaa apple: add KEVENT_FLAG_* constants
• 3840939 Add PR_SET_MEMORY_MERGE and PR_GET_MEMORY_MERGE for linux
• f697deb chore: migrate from Cirrus CI to GHA
• 71d5bfc libc: Release 0.2.185
• 1027d1c Revert "ci: Pin nightly to 2026-04-01"
• 0e9c6e5 redox: Add semaphore functions
• 24ef457 feat: add back support for gnu windows x86 in ci
• aa75caf horizon: Change POLL constants from c_short to c_int
• b7eda5a hexagon: add missing constants and fix types for linux-musl
• Additional commits viewable in compare view

Updates dashmap from 6.1.0 to 6.2.1

Release notes

Sourced from dashmap's releases.

v6.2.1

This is an interim maintenance release for the existing v6 branch before v7 can be released. This bumps the MSRV to 1.85 and updates dependencies to their latest versions.

Commits

• 749ed1f v6.2.1
• d02b945 v6.2.0
• b983625 update dependencies
• 94a294a bump msrv to 1.85
• See full diff in compare view

Updates didwebvh-rs from 0.4.0 to 0.4.2

Release notes

Sourced from didwebvh-rs's releases.

Release 0.4.2

Fixes

• Remove yanked core2/multihash dependency — replaced with inline SHA-256 multihash encoder to unblock builds after core2 was yanked from crates.io
• Update aws-lc-sys 0.38.0 → 0.39.1 — fixes RUSTSEC-2026-0044 (X.509 Name Constraints Bypass)
• Update rustls-webpki 0.103.9 → 0.103.12 — fixes RUSTSEC-2026-0049 (CRL Distribution Point matching)
• Commit Cargo.lock to pin resolved dependencies and prevent build failures from yanked transitive deps

Full Changelog: decentralized-identity/didwebvh-rs@v0.4.1...v0.4.2

Release 0.4.1

New

• cli feature flag — Embeddable interactive CLI flows for 3rd-party applications. Adds dialoguer, console, and affinidi-tdk as optional dependencies. Not included in WASM builds.
• interactive_create_did() (cli_create module) — Interactive DID creation flow with builder-based pre-configuration. Supports full interactivity, partial pre-configuration, or fully automated creation. Includes {DID} placeholder rewriting in services and VM IDs.
• interactive_update_did() (cli_update module) — Interactive DID update flow supporting modify (document/parameters), migrate (domain move), and deactivate operations.
• update_did() (update module) — Programmatic DID update API complementing create_did(). Supports document changes, key rotation, parameter updates (witnesses, watchers, TTL, pre-rotation, portability), domain migration, and deactivation with automatic pre-rotation teardown.
• UpdateSecrets — Secret management type with hash-based and public-key-based lookups, bridging create → update workflows.

Improvements

• Inline concept explanations in all interactive prompts (witnesses, pre-rotation, controllers, verification relationships, services, portability)
• Key-type-aware verification relationships — Ed25519 skips keyAgreement (signing only), X25519 auto-assigns keyAgreement (encryption only), P-256/secp256k1/P-384 offer all relationships
• Robust witness ID handling — Fixed dual-format support for both raw multibase keys and full did:key: DIDs
• Key type guidance, TTL/threshold recommendations, and format hints in all prompts
• Wizard example refactored from ~1800 lines (9 files) to ~280 lines (3 files) using library CLI flows
• All examples updated to use create_did() and update_did() APIs with doc comments

Test Coverage

• 441 tests total
• 15 new update_did integration tests
• 11 new CLI module integration tests
• Witness tests updated to cover both raw-key and full-DID formats

Full Changelog: https://github.com/decentralized-identity/didwebvh-rs/blob/main/CHANGELOG.md

Changelog

Sourced from didwebvh-rs's changelog.

Release 0.4.2

Removed

• Removed multihash dependency — The multihash crate (and its transitive core2 dependency) has been replaced with an inline SHA-256 multihash encoder. The core2 crate has been yanked from crates.io, making multihash 0.19 uninstallable for new users. The library only used multihash for a simple 2-byte prefix encoding, so this is now handled directly without any external dependency. No public API changes.

Security

• Updated aws-lc-sys to 0.39.1 — Fixes RUSTSEC-2026-0044 (X.509 Name Constraints Bypass via Wildcard/Unicode CN).
• Updated rustls-webpki to 0.103.12 — Fixes RUSTSEC-2026-0049 (CRLs not considered authoritative by Distribution Point due to faulty matching logic).

Maintenance

• Committed Cargo.lock — Pinning resolved dependency versions to prevent CI and fresh builds from failing due to the yanked core2 crate (transitive dependency of the ssi crate via ssi-ucan → libipld → multihash 0.16).

1st April 2026

Release 0.4.1

New

• cli feature flag — Embeddable interactive CLI flows for 3rd-party applications. Adds dialoguer, console, and affinidi-tdk as optional dependencies. Not included in WASM builds.
• interactive_create_did() (cli_create module) — Interactive DID creation flow with the same guided experience as the built-in wizard. Third-party apps can embed this in their own CLIs. Supports:
  • Full interactivity (all values prompted) via InteractiveCreateConfig::default()
  <...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: automated, dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.