Skip to content

chore(deps): combined dependency updates#206

Merged
mostafa merged 8 commits into
mainfrom
chore/combined-dep-updates
Jun 13, 2026
Merged

chore(deps): combined dependency updates#206
mostafa merged 8 commits into
mainfrom
chore/combined-dep-updates

Conversation

@mostafa

@mostafa mostafa commented Jun 13, 2026
edited
Loading

Copy link
Copy Markdown
Member

Combines the open Dependabot dependency update PRs into a single PR via cherry-pick. Excludes the rusqlite 0.39.0 to 0.40.0 bump (#176), which is left as its own PR since it is a non-patch version bump.

Cargo

GitHub Actions

VS Code extension (editors/vscode)

Notes

  • The three VS Code npm bumps overlapped in package.json and package-lock.json. Conflicts were resolved by taking the newest version of each dependency, and the lockfile was regenerated with npm install --package-lock-only.
  • Both Cargo.lock and fuzz/Cargo.lock verified consistent with their manifests via cargo metadata --locked.

Closes #194
Closes #195
Closes #196
Closes #197
Closes #198
Closes #203

Security fix (cargo audit)

The audit job flagged three DoS advisories published 2026-06-12 against the transitive postgres stack pulled in via rsigma-convert. Fixed with a targeted lock-only update:

  • postgres-protocol 0.6.11 to 0.6.12, postgres-types 0.2.13 to 0.2.14 (RUSTSEC-2026-0179, RUSTSEC-2026-0180)
  • tokio-postgres 0.7.17 to 0.7.18 (RUSTSEC-2026-0178)

cargo audit now passes (the remaining encoding unmaintained warning is already allowlisted).

dependabot Bot and others added 8 commits June 13, 2026 20:54
@dependabot @mostafa
chore(deps): bump the actions-updates group with 3 updates
d6ab66f 
Bumps the actions-updates group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [taiki-e/install-action](https://github.com/taiki-e/install-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...df4cb1c)

Updates `taiki-e/install-action` from 2.79.12 to 2.81.4
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](taiki-e/install-action@6ed6112...cde8c9e)

Updates `github/codeql-action` from 4.36.0 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@7211b7c...8aad20d)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-updates
- dependency-name: taiki-e/install-action
  dependency-version: 2.81.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-updates
- dependency-name: github/codeql-action
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @mostafa
chore(deps): bump the patch-updates group with 6 updates
451407d 
Bumps the patch-updates group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [log](https://github.com/rust-lang/log) | `0.4.30` | `0.4.32` |
| [chrono](https://github.com/chronotope/chrono) | `0.4.44` | `0.4.45` |
| [daachorse](https://github.com/daac-tools/daachorse) | `3.0.0` | `3.0.1` |
| [async-nats](https://github.com/nats-io/nats.rs) | `0.49.0` | `0.49.1` |
| [hyper](https://github.com/hyperium/hyper) | `1.10.0` | `1.10.1` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.23.1` | `1.23.2` |


Updates `log` from 0.4.30 to 0.4.32
- [Release notes](https://github.com/rust-lang/log/releases)
- [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md)
- [Commits](rust-lang/log@0.4.30...0.4.32)

Updates `chrono` from 0.4.44 to 0.4.45
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](chronotope/chrono@v0.4.44...v0.4.45)

Updates `daachorse` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/daac-tools/daachorse/releases)
- [Commits](daac-tools/daachorse@v3.0.0...v3.0.1)

Updates `async-nats` from 0.49.0 to 0.49.1
- [Release notes](https://github.com/nats-io/nats.rs/releases)
- [Commits](nats-io/nats.rs@async-nats/v0.49.0...async-nats/v0.49.1)

Updates `hyper` from 1.10.0 to 1.10.1
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](hyperium/hyper@v1.10.0...v1.10.1)

Updates `uuid` from 1.23.1 to 1.23.2
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](uuid-rs/uuid@v1.23.1...v1.23.2)

---
updated-dependencies:
- dependency-name: log
  dependency-version: 0.4.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: chrono
  dependency-version: 0.4.45
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: daachorse
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: async-nats
  dependency-version: 0.49.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: hyper
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: uuid
  dependency-version: 1.23.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @mostafa
chore(deps): bump libfuzzer-sys in /fuzz in the patch-updates group
19b7340 
Bumps the patch-updates group in /fuzz with 1 update: [libfuzzer-sys](https://github.com/rust-fuzz/libfuzzer).


Updates `libfuzzer-sys` from 0.4.12 to 0.4.13
- [Changelog](https://github.com/rust-fuzz/libfuzzer/blob/main/CHANGELOG.md)
- [Commits](rust-fuzz/libfuzzer@0.4.12...0.4.13)

---
updated-dependencies:
- dependency-name: libfuzzer-sys
  dependency-version: 0.4.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @mostafa
chore(deps-dev): bump @vscode/vsce
51d9f1c 
Bumps the npm-updates group in /editors/vscode with 1 update: [@vscode/vsce](https://github.com/Microsoft/vsce).


Updates `@vscode/vsce` from 3.9.1 to 3.9.2
- [Release notes](https://github.com/Microsoft/vsce/releases)
- [Commits](microsoft/vscode-vsce@v3.9.1...v3.9.2)

---
updated-dependencies:
- dependency-name: "@vscode/vsce"
  dependency-version: 3.9.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @mostafa
chore(deps): bump vscode-languageclient in /editors/vscode
8ea4584 
Bumps [vscode-languageclient](https://github.com/Microsoft/vscode-languageserver-node/tree/HEAD/client) from 9.0.1 to 10.0.0.
- [Release notes](https://github.com/Microsoft/vscode-languageserver-node/releases)
- [Commits](https://github.com/Microsoft/vscode-languageserver-node/commits/release/client/10.0.0/client)

---
updated-dependencies:
- dependency-name: vscode-languageclient
  dependency-version: 10.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @mostafa
chore(deps-dev): bump esbuild from 0.28.0 to 0.28.1 in /editors/vscode
8ec6bfe 
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.28.0 to 0.28.1.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.28.0...v0.28.1)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@mostafa
chore(deps): bump postgres-protocol, postgres-types, tokio-postgres
371b9b3 
Fixes RUSTSEC-2026-0178, RUSTSEC-2026-0179, and RUSTSEC-2026-0180 (DoS
advisories published 2026-06-12) by bumping the transitive postgres stack
pulled in via rsigma-convert:

- postgres-protocol 0.6.11 -> 0.6.12
- postgres-types 0.2.13 -> 0.2.14
- tokio-postgres 0.7.17 -> 0.7.18

Lock-only change via targeted cargo update; cargo audit passes.
@mostafa
docs(changelog): document dependency/security bumps and Fibratus mapp…
9adc79b 
…ing fixes

Add Unreleased entries for the rolled-up Dependabot updates and postgres
RustSec fixes (#206) and for the Fibratus field-mapping and registry
event-scoping corrections (#202).
@mostafa mostafa merged commit 91e1fcf into main Jun 13, 2026
17 checks passed
@mostafa mostafa deleted the chore/combined-dep-updates branch June 13, 2026 19:19
@mostafa mostafa mentioned this pull request Jun 14, 2026
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mostafa