Skip to content

Bump base64-ng from 1.0.5 to 1.3.5#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/base64-ng-1.3.5
Open

Bump base64-ng from 1.0.5 to 1.3.5#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/base64-ng-1.3.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown

Bumps base64-ng from 1.0.5 to 1.3.5.

Release notes

Sourced from base64-ng's releases.

base64-ng 1.3.5

1.3.5 is a RISC-V evidence and release-governance patch for the base64-ng crate family.

Highlights

  • Added required riscv64gc-unknown-linux-gnu QEMU user-mode evidence for functional correctness and scalar/fallback runtime behavior.
  • Added release-gated RISC-V posture checks documenting that stable Rust does not currently expose an admitted RVV backend for base64-ng.
  • Documented that RISC-V acceleration is deliberately not admitted in this release. QEMU evidence is correctness/fallback evidence only, not hardware performance, timing, side-channel, register-retention, or production-CPU equivalence evidence.
  • Added RISC-V release evidence into the stable release gate alongside the existing x86, AArch64, wasm, and big-endian evidence paths.
  • Synchronized all workspace crate package versions to 1.3.5.

Notes

The admitted SIMD acceleration scope is unchanged from 1.3.4. RISC-V targets remain scalar/fallback-only until stable Rust exposes reviewed RVV intrinsic paths and the project receives real hardware evidence from capable RVV systems.

base64-ng 1.3.4

1.3.4 is a big-endian evidence and release-governance patch for the base64-ng crate family.

Highlights

  • Added required s390x-unknown-linux-gnu QEMU user-mode evidence for big-endian functional correctness and scalar/fallback runtime behavior.
  • Added release-gated checks proving stable Rust still gates s390x and PowerPC64 vector intrinsics behind unstable stdarch_* features on the active release toolchain.
  • Documented that big-endian acceleration is deliberately not admitted in this release. QEMU evidence is correctness/fallback evidence only, not hardware performance, timing, side-channel, register-retention, or production-CPU equivalence evidence.
  • Improved the optional PowerPC64 QEMU path with an early glibc sysroot preflight, so maintainers get a clear missing-sysroot error when only the cross compiler is installed.
  • Synchronized all workspace crate package versions to 1.3.4.

Notes

The admitted SIMD acceleration scope is unchanged from 1.3.3. Big-endian targets remain scalar/fallback-only until stable Rust exposes reviewed

... (truncated)

Changelog

Sourced from base64-ng's changelog.

1.3.5 - 2026-07-04

  • Added required riscv64gc-unknown-linux-gnu QEMU user-mode evidence for RISC-V functional correctness, scalar/fallback runtime reporting, malformed-input behavior, clear-tail behavior, in-place behavior, wrapped/legacy compatibility, strict SIMD decode dispatch surface fallback, and stream behavior.
  • Added stable Rust blocker checks proving core::arch::riscv64 remains behind the unstable riscv_ext_intrinsics feature gate on the active release toolchain.
  • Documented that RISC-V RVV acceleration is deliberately not admitted in this release; QEMU evidence is fallback/correctness evidence only, not hardware performance, timing, side-channel, or register-retention evidence.
  • Added RISC-V release-gate posture validation and package-included review documentation requesting community evidence from real RVV 1.0 systems.
  • Synchronized all workspace crate package versions to 1.3.5.

1.3.4 - 2026-07-03

  • Added required s390x-unknown-linux-gnu QEMU user-mode evidence for big-endian functional correctness, scalar/fallback runtime reporting, malformed-input behavior, clear-tail behavior, in-place behavior, wrapped/legacy compatibility, and stream behavior.
  • Added stable Rust blocker checks proving core::arch::s390x and core::arch::powerpc64 remain behind unstable stdarch_* feature gates on the active release toolchain.
  • Documented that big-endian acceleration is deliberately not admitted in this release; QEMU evidence is fallback/correctness evidence only, not hardware performance, timing, side-channel, or register-retention evidence.
  • Improved the optional PowerPC64 QEMU path with an early glibc sysroot preflight so maintainers get a clear missing-sysroot error instead of a linker dump.
  • Synchronized all workspace crate package versions to 1.3.4.

1.3.3 - 2026-07-03

  • Admitted narrow wasm simd128 runtime dispatch for Standard and URL-safe public encode plus normal strict decode when wasm32 binaries are compiled with target-feature=+simd128, simd, and the explicit allow-wasm32-best-effort-wipe feature.
  • Added Node/V8 and Wasmtime runtime smoke evidence requiring wasm-simd128 candidate, active encode, and active decode backend reporting plus Standard and URL-safe deterministic length sweeps, independent scalar reference encode checks, malformed-input rejection, and public API round trips.
  • Added Chromium-family browser runtime smoke evidence for the same admitted wasm simd128 profile.
  • Added Firefox/SpiderMonkey WebDriver runtime smoke evidence through geckodriver and Safari/WebKit WebDriver runtime smoke evidence through safaridriver.

... (truncated)

Commits
  • 5174a9b Refresh 1.3.5 pentest report
  • 4e14850 Add 1.3.5 release notes
  • c33dab4 Record 1.3.5 pentest pass
  • 501f46f Add RISC-V QEMU evidence gate
  • 5d6d797 Refresh 1.3.4 pentest report
  • 4d2358f Bound Miri release gate coverage
  • 2efe0bb Refresh 1.3.4 pentest report
  • cafa62e Bootstrap big-endian intrinsic check targets
  • d7a96f2 Record 1.3.4 pentest pass
  • 6dfd316 Prepare 1.3.4 release metadata
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [base64-ng](https://github.com/valkyoth/base64-ng) from 1.0.5 to 1.3.5.
- [Release notes](https://github.com/valkyoth/base64-ng/releases)
- [Changelog](https://github.com/valkyoth/base64-ng/blob/main/CHANGELOG.md)
- [Commits](valkyoth/base64-ng@v1.0.5...v1.3.5)

---
updated-dependencies:
- dependency-name: base64-ng
  dependency-version: 1.3.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants