Skip to content

Bump the cargo group across 2 directories with 3 updates#5241

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/cargo-d0084181e1
Open

Bump the cargo group across 2 directories with 3 updates#5241
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/cargo-d0084181e1

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026
edited
Loading

Bumps the cargo group with 3 updates in the / directory: rand, keccak and tracing-subscriber.
Bumps the cargo group with 1 update in the /scripts/apply_load/token directory: rand.

Updates rand from 0.8.5 to 0.8.6

Changelog

Sourced from rand's changelog.

[0.8.6] - 2026-04-14

This release back-ports a fix from v0.10. See also #1763.

Changes

  • Deprecate feature log (#1772)

#1763: rust-random/rand#1763 #1772: rust-random/rand#1772

  • Drop the experimental simd_support feature.
Commits
  • 5309f25 0.8.6 (#1772): update for recent nightly rustc and backport #1764
  • 1126d03 When testing rustc 1.36, use compatible dependencies.
  • 143b602 Add Cargo.lock.msrv.
  • 9be86f2 Fix cross build test.
  • 5e0d50d Drop simd_support.
  • 8ff02f0 Upgrade cache action.
  • 4ad0cc3 Don't test for unsupported target architecture.
  • 258e6d0 Address warning.
  • 9f0e676 Mark some internal traits as potentially unused.
  • 6f123c1 Workaround never constructed and never used warning.
  • Additional commits viewable in compare view

Updates keccak from 0.1.5 to 0.1.6

Commits

Updates tracing-subscriber from 0.3.17 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

  • Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

tracing-subscriber 0.3.22

Important

The previous release [0.3.21] was yanked as it depended explicitly on [tracing-0.1.42], which was yanked due to a breaking change (see #3424 for details). This release contains all the changes from the previous release, plus an update to the newer version of tracing.

Changed

  • tracing: updated to 0.1.43 (#3427)

#3424: tokio-rs/tracing#3424 #3427: tokio-rs/tracing#3427 [0.3.21]: https://github.com/tokio-rs/tracing/releases/tag/tracing-subscriber-0.3.21 [tracing-0.1.42]: https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.42

tracing-subscriber 0.3.21

Fixed

  • Change registry exit to decrement local span ref only (#3331)
  • Make Layered propagate on_register_dispatch (#3379)

Changed

  • tracing: updated to 0.1.42 (#3418)

Performance

  • Remove clone_span on enter (#3289)

Documented

  • Fix a few small things in the format module (#3339)
  • Fix extra closing brace in layer docs (#3350)
  • Fix link in FmtSpan docs (#3411)

#3289: tokio-rs/tracing#3289 #3331: tokio-rs/tracing#3331 #3339: tokio-rs/tracing#3339 #3350: tokio-rs/tracing#3350 #3379: tokio-rs/tracing#3379 #3411: tokio-rs/tracing#3411

... (truncated)

Commits

Updates keccak from 0.1.5 to 0.1.6

Commits

Updates rand from 0.8.5 to 0.8.6

Changelog

Sourced from rand's changelog.

[0.8.6] - 2026-04-14

This release back-ports a fix from v0.10. See also #1763.

Changes

  • Deprecate feature log (#1772)

#1763: rust-random/rand#1763 #1772: rust-random/rand#1772

  • Drop the experimental simd_support feature.
Commits
  • 5309f25 0.8.6 (#1772): update for recent nightly rustc and backport #1764
  • 1126d03 When testing rustc 1.36, use compatible dependencies.
  • 143b602 Add Cargo.lock.msrv.
  • 9be86f2 Fix cross build test.
  • 5e0d50d Drop simd_support.
  • 8ff02f0 Upgrade cache action.
  • 4ad0cc3 Don't test for unsupported target architecture.
  • 258e6d0 Address warning.
  • 9f0e676 Mark some internal traits as potentially unused.
  • 6f123c1 Workaround never constructed and never used warning.
  • Additional commits viewable in compare view

Updates rand from 0.8.5 to 0.8.6

Changelog

Sourced from rand's changelog.

[0.8.6] - 2026-04-14

This release back-ports a fix from v0.10. See also #1763.

Changes

  • Deprecate feature log (#1772)

#1763: rust-random/rand#1763 #1772: rust-random/rand#1772

  • Drop the experimental simd_support feature.
Commits
  • 5309f25 0.8.6 (#1772): update for recent nightly rustc and backport #1764
  • 1126d03 When testing rustc 1.36, use compatible dependencies.
  • 143b602 Add Cargo.lock.msrv.
  • 9be86f2 Fix cross build test.
  • 5e0d50d Drop simd_support.
  • 8ff02f0 Upgrade cache action.
  • 4ad0cc3 Don't test for unsupported target architecture.
  • 258e6d0 Address warning.
  • 9f0e676 Mark some internal traits as potentially unused.
  • 6f123c1 Workaround never constructed and never used warning.
  • Additional commits viewable in compare view

Updates rand from 0.8.5 to 0.8.6

Changelog

Sourced from rand's changelog.

[0.8.6] - 2026-04-14

This release back-ports a fix from v0.10. See also #1763.

Changes

  • Deprecate feature log (#1772)

#1763: rust-random/rand#1763 #1772: rust-random/rand#1772

  • Drop the experimental simd_support feature.
Commits
  • 5309f25 0.8.6 (#1772): update for recent nightly rustc and backport #1764
  • 1126d03 When testing rustc 1.36, use compatible dependencies.
  • 143b602 Add Cargo.lock.msrv.
  • 9be86f2 Fix cross build test.
  • 5e0d50d Drop simd_support.
  • 8ff02f0 Upgrade cache action.
  • 4ad0cc3 Don't test for unsupported target architecture.
  • 258e6d0 Address warning.
  • 9f0e676 Mark some internal traits as potentially unused.
  • 6f123c1 Workaround never constructed and never used warning.
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Apr 22, 2026
Copilot AI review requested due to automatic review settings April 22, 2026 23:22
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Apr 22, 2026
@dependabot dependabot Bot review requested due to automatic review settings April 22, 2026 23:22
@dependabot dependabot Bot mentioned this pull request Apr 22, 2026
Closed
@dependabot
Bump the cargo group across 2 directories with 3 updates
da31565 
Bumps the cargo group with 3 updates in the / directory: [rand](https://github.com/rust-random/rand), [keccak](https://github.com/RustCrypto/sponges) and [tracing-subscriber](https://github.com/tokio-rs/tracing).
Bumps the cargo group with 1 update in the /scripts/apply_load/token directory: [rand](https://github.com/rust-random/rand).


Updates `rand` from 0.8.5 to 0.8.6
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.5...0.8.6)

Updates `keccak` from 0.1.5 to 0.1.6
- [Commits](RustCrypto/sponges@keccak-v0.1.5...keccak-v0.1.6)

Updates `tracing-subscriber` from 0.3.17 to 0.3.23
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](tokio-rs/tracing@tracing-subscriber-0.3.17...tracing-subscriber-0.3.23)

Updates `keccak` from 0.1.5 to 0.1.6
- [Commits](RustCrypto/sponges@keccak-v0.1.5...keccak-v0.1.6)

Updates `rand` from 0.8.5 to 0.8.6
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.5...0.8.6)

Updates `rand` from 0.8.5 to 0.8.6
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.5...0.8.6)

Updates `rand` from 0.8.5 to 0.8.6
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.5...0.8.6)

---
updated-dependencies:
- dependency-name: keccak
  dependency-version: 0.1.6
  dependency-type: indirect
- dependency-name: rand
  dependency-version: 0.8.6
  dependency-type: direct:production
- dependency-name: rand
  dependency-version: 0.8.6
  dependency-type: indirect
- dependency-name: tracing-subscriber
  dependency-version: 0.3.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/cargo-d0084181e1 branch from 2f6ebe7 to da31565 Compare May 5, 2026 20:30
@dependabot dependabot Bot requested review from Copilot and removed request for Copilot May 5, 2026 20:30
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 5, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedcargo/​rand@​0.8.5 ⏵ 0.8.6100 +1100 +193100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants