build(deps): bump the patch group across 1 directory with 14 updates

[dependabot]

Bumps the patch group with 14 updates in the / directory:

Package	From	To
thiserror	2.0.17	2.0.18
chrono	0.4.42	0.4.43
time	0.3.44	0.3.45
serde_json	1.0.145	1.0.149
rand_core	0.9.3	0.9.5
crypto-bigint	0.7.0-rc.8	0.7.0-rc.10
block-padding	0.4.0-rc.4	0.4.2
block-buffer	0.11.0-rc.5	0.11.0
password-hash	0.6.0-rc.1	0.6.0-rc.8
pem-rfc7468	1.0.0-rc.3	1.0.0
elliptic-curve	0.14.0-rc.15	0.14.0-rc.16
pkcs8	0.11.0-rc.7	0.11.0-rc.8
rfc6979	0.5.0-rc.1	0.5.0-rc.2
crypto-primes	0.7.0-pre.3	0.7.0-pre.4

Updates thiserror from 2.0.17 to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

• Make compatible with project-level needless_lifetimes = "forbid" (#443, thanks @​LucaCappelletti94)

Commits

• dc0f6a2 Release 2.0.18
• 0275292 Touch up PR 443
• 3c33bc6 Merge pull request #443 from LucaCappelletti94/master
• 995939c Reproduce issue 442
• 21653d1 Made clippy lifetime allows conditional
• 45e5388 Update actions/upload-artifact@v5 -> v6
• 386aac1 Update actions/upload-artifact@v4 -> v5
• ec50561 Update actions/checkout@v5 -> v6
• 247eab5 Update name of empty_enum clippy lint
• 91b181f Raise required compiler to Rust 1.68
• Additional commits viewable in compare view

Updates chrono from 0.4.42 to 0.4.43

Release notes

Sourced from chrono's releases.

0.4.43

What's Changed

• Install extra components for lint workflow by @​djc in chronotope/chrono#1741
• Upgrade windows-bindgen to 0.64 by @​djc in chronotope/chrono#1742
• Improve windows-bindgen setup by @​djc in chronotope/chrono#1744
• Drop stabilized feature doc_auto_cfg by @​djc in chronotope/chrono#1745
• Faster RFC 3339 parsing by @​djc in chronotope/chrono#1748
• Update windows-bindgen requirement from 0.64 to 0.65 by @​dependabot[bot] in chronotope/chrono#1751
• add NaiveDate::abs_diff by @​Kinrany in chronotope/chrono#1752
• Add feature gated defmt support. by @​pebender in chronotope/chrono#1747
• Drop deny lints, eager Debug impls are a mixed blessing by @​djc in chronotope/chrono#1753
• chore: minor improvement for docs by @​spuradage in chronotope/chrono#1756
• Added doctest for the NaiveDate years_since function by @​LucasBou in chronotope/chrono#1755
• Prepare 0.4.43 by @​djc in chronotope/chrono#1765
• Update copyright year to 2026 in LICENSE.txt by @​taozui472 in chronotope/chrono#1767

Commits

• 45caaa9 Update copyright year to 2026 in LICENSE.txt
• 1c0b8f0 Bump version to 0.4.43
• a03e43b Upgrade windows-bindgen to 0.66
• 4fedaba Ignore bincode advisory
• f4b7bbd Bump actions/checkout from 5 to 6
• db12973 Added doctest for the NaiveDate years_since function (#1755)
• 34b5f49 chore: minor improvement for docs
• 8c82711 Bump actions/setup-node from 5 to 6
• ea1f11b Drop deny lints, eager Debug impls are a mixed blessing
• 35f9f2d Add feature gated defmt support.
• Additional commits viewable in compare view

Updates time from 0.3.44 to 0.3.45

Release notes

Sourced from time's releases.

v0.3.45

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.45 [2026-01-13]

Added

• time::format_description::StaticFormatDescription type alias for &'static [BorrowedFormatItem<'static>]. This is the type returned by the time::macros::format_description! macro.

Changed

• The minimum supported Rust version is now 1.83.0.
• All floating point methods on Duration are now const fn.
• All setters on Parsed are now const fn.
• The serde dependency has been replaced with serde_core, This reduces compile times by not including unused parts of serde.
• Date::from_julian_day uses a new algorithm, resulting in an approximately 16% performance improvement. This method is used internally by numerous other methods.
• util::is_leap_year uses a new algorithm, resulting in an approximately 8% performance improvement.

Commits

• d41b5e1 v0.3.45 release
• 69db9fb Add noop to utils benchmark
• 30ba933 Change from_julian_day algorithm
• 267d847 Change leap year algorithm
• 41e21ef Make util tests more opaque
• 8f5981a Test whether every year 0-399 is leap year
• 6365c4c Improve accuracy of Date benchmarks
• a4fc845 Dependency upgrade
• c468474 Rename lints for latest rustc
• 037af66 Add type alias for format_description! output
• Additional commits viewable in compare view

Updates serde_json from 1.0.145 to 1.0.149

Release notes

Sourced from serde_json's releases.

v1.0.149

• Align arbitrary_precision number strings with zmij's formatting (#1306, thanks @​b41sh)

v1.0.148

• Update zmij dependency to 1.0

v1.0.147

• Switch float-to-string algorithm from Ryū to Żmij for better f32 and f64 serialization performance (#1304)

v1.0.146

• Set fast_arithmetic=64 for riscv64 (#1305, thanks @​Xeonacid)

Commits

• 4f6dbfa Release 1.0.149
• f3df680 Touch up PR 1306
• e16730f Merge pull request #1306 from b41sh/fix-float-number-display
• eeb2bcd Align arbitrary_precision number strings with zmij’s formatting
• 8b291c4 Release 1.0.148
• 1aefe15 Update to zmij 1.0
• 62d6e8d Release 1.0.147
• fd829a6 Merge pull request #1304 from dtolnay/zmij
• e757a3d Switch from ryu -> zmij for float formatting
• 75ad7e6 Release 1.0.146
• Additional commits viewable in compare view

Updates rand_core from 0.9.3 to 0.9.5

Changelog

Sourced from rand_core's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

0.10.0 - Unreleased

API changes

• Relax Sized bound on impls of SeedableRng (rand#1641)
• Move rand_core::impls::* to rand_core::le module (rand#1667)
• Use Edition 2024 and MSRV 1.85 (rand#1668)
• Remove fn TryRngCore::read_adapter(..) -> RngReadAdapter (replaced with rand::RngReader) (rand#1669)
• Remove feature os_rng, structs OsRng and OsError and fns from_os_rng, try_from_os_rng (rand#1674)
• Remove feature std (rand#1674)
• Removed dependency getrandom (rand#1674)
• Removed optional dependency serde (#28)
• Add SeedableRng::fork methods (#17)
• Rename trait block::BlockRngCore to block::Generator and associated type Results to Output; remove assoc. type Item and remove type bounds (#26)
• Add fn drop to trait block::Generator (#35)
• Remove BlockRng64 (#34)
• Remove impl of RngCore for BlockRng, making the latter more generic (#34)
• Add trait le::Word (#34)
• Add fn BlockRng::reconstruct and fn BlockRng::remaining_results (#36)
• Move le::{Word, next_u64_via_u32} to new utils module; remove le (#38)
• Replace le::fill_bytes_via_next with utils::fill_bytes_via_next_word (#38)
• Replace le::next_u32_via_fill and le::next_u64_via_fill with utils::next_word_via_fill (#38)
• Replace le::read_u32_into and le::read_u64_into with utils::read_words (#38)
• Replace fn BlockRng::index with word_offset (#44)
• Rename fn BlockRng::generate_and_set -> reset_and_skip; remove fn reset (#44)
• RngCore is now an extension trait of TryRngCore<Error = Infallible> (#45)
• Remove UnwrapMut (#45)
• Add error handling to utils functions over TryRngCore or via closure (#45)

Other

• Changed repository from [rust-random/rand] to [rust-random/core].

#17: rust-random/rand-core#17 #26: rust-random/rand-core#28 #28: rust-random/rand-core#28 #34: rust-random/rand-core#34 #35: rust-random/rand-core#35 #36: rust-random/rand-core#36 #38: rust-random/rand-core#38

... (truncated)

Commits

• See full diff in compare view

Updates crypto-bigint from 0.7.0-rc.8 to 0.7.0-rc.10

Commits

• 9cbea3a v0.7.0-rc.10 (#1002)
• 1ed6ce9 Bump rand_core to v0.10.0-rc-2 (#1001)
• 25dd7aa Bump hex-literal from 1.0.0 to 1.1.0 (#997)
• e66b783 chore: make some documents clearer (#993)
• 572c035 Bump crate-ci/typos from 1.38.0 to 1.39.0 (#1000)
• 56e6c4a Bump proptest from 1.8.0 to 1.9.0 (#996)
• 7ba1398 v0.7.0-rc.9 (#989)
• 215e6e4 Make AMM-based modular pow function generic (#988)
• 303845f BoxedMontyForm::pow cleanups (#987)
• f2a47ec Optimize checked multiplication and squaring (#983)
• Additional commits viewable in compare view

Updates block-padding from 0.4.0-rc.4 to 0.4.2

Commits

• 6c8370f block-padding: add 'static bound to Padding (#1248)
• 11783c8 ci: bump actions/checkout from 5 to 6 (#1247)
• bef1d6d Release block-buffer v0.11.0 (#1246)
• 5c88fe4 hex-literal: add support for colon-delimited literals (#1244)
• c210dd6 Release blobby v0.4.0 (#1238)
• 9118661 block-padding: fix pad_detached for NoPadding and ZeroPadding (#1227)
• a3045ea Use the standard order of [package] fields (#1237)
• a66ed6d Release inout v0.2.0 (#1235)
• e0020c5 Release block-padding v0.4.0 (#1233)
• c9f7bfe block-buffer: fix typo (#1234)
• Additional commits viewable in compare view

Updates block-buffer from 0.11.0-rc.5 to 0.11.0

Commits

• bef1d6d Release block-buffer v0.11.0 (#1246)
• 5c88fe4 hex-literal: add support for colon-delimited literals (#1244)
• c210dd6 Release blobby v0.4.0 (#1238)
• 9118661 block-padding: fix pad_detached for NoPadding and ZeroPadding (#1227)
• a3045ea Use the standard order of [package] fields (#1237)
• a66ed6d Release inout v0.2.0 (#1235)
• e0020c5 Release block-padding v0.4.0 (#1233)
• c9f7bfe block-buffer: fix typo (#1234)
• 64c135a Update Cargo.lock
• 1609b3f build(deps): bump digest from 0.11.0-rc.2 to 0.11.0-rc.3 (#1231)
• Additional commits viewable in compare view

Updates password-hash from 0.6.0-rc.1 to 0.6.0-rc.8

Commits

• 49595a8 password-hash v0.6.0-rc.8 (#2183)
• e90f599 password-hash: improve PHC PasswordVerifier blanket impl (#2182)
• 712bb90 password-hash: impl From\<ParseIntError> for Error (#2181)
• 54f35d0 kem: fix crypto-common version pin in Cargo.toml
• a0dd565 kem v0.4.0-rc.2 (#2180)
• ae51f8d elliptic-curve v0.14.0-rc.21 (#2178)
• f3f7feb elliptic-curve: add dev::bench_projective! macro (#2177)
• 5e83836 elliptic-curve: move MockCurve to dev::mock_curve (#2176)
• ded0d22 CI: run elliptic-curve job when its in-repo deps are modified
• 129d67b elliptic-curve: impl TryKeyInit for SecretKey\<C> (#2174)
• Additional commits viewable in compare view

Updates pem-rfc7468 from 1.0.0-rc.3 to 1.0.0

Commits

• 8526cc6 pem-rfc7468 v1.0.0 (#2096)
• 02fdf7d der: make PemReader\<'_> impl Reader\<'static> (#2095)
• 0c63159 der: have PemReader decode to Cow::Owned (#2094)
• c8ff2bd der: impl DecodeValue/EncodeValue/Tagged for Cow (#2093)
• c916ce1 cms+x509-cert+x509-ocsp: bump rsa to v0.10.0-rc.10 (#2092)
• 36e5c5a README.md(s): update MSRV info (#2091)
• 2bc9a73 pkcs5: bump scrypt dependency to v0.12.0-rc.3 (#2090)
• e031c36 pkcs8 v0.11.0-rc.8 (#2089)
• 490993a pkcs5 v0.8.0-rc.9 (#2087)
• 507f79b chore(deps): bump the all-deps group across 1 directory with 19 updates (#2088)
• Additional commits viewable in compare view

Updates elliptic-curve from 0.14.0-rc.15 to 0.14.0-rc.16

Commits

• b604e17 elliptic-curve v0.14.0-rc.16 (#2045)
• b79f84d digest: tweak CollisionResistance docs (#2044)
• 06e4e1a Update Cargo.lock (#2039)
• 0a3871f build(deps): bump crate-ci/typos from 1.38.0 to 1.38.1 (#2040)
• dd8e4ce elliptic-curve: use base16ct::mixed in FromStr impl for ScalarValue (#2...
• c6ab1b1 Derive Default for enums (#2035)
• 8a76ab7 chore(deps): bump block-padding from 0.4.0-rc.4 to 0.4.1 (#2032)
• 8d36026 build(deps): bump crate-ci/typos from 1.36.3 to 1.38.0 (#2034)
• c1047be build(deps): bump crate-ci/typos from 1.36.2 to 1.36.3 (#2031)
• 4fb20b5 build(deps): bump hybrid-array from 0.4.4 to 0.4.5 in the all-deps group (#2030)
• Additional commits viewable in compare view

Updates pkcs8 from 0.11.0-rc.7 to 0.11.0-rc.8

Commits

• e031c36 pkcs8 v0.11.0-rc.8 (#2089)
• 490993a pkcs5 v0.8.0-rc.9 (#2087)
• 507f79b chore(deps): bump the all-deps group across 1 directory with 19 updates (#2088)
• ef0c838 der: docs: rename variable encoder -> writer and improve example (#2078)
• d5b06c5 Bump rand_core to v0.10.0-rc-2 (#2086)
• a152ff1 base64ct, base32ct: proptests for decoder equivalence with base32/64 (#2085)
• f4c5e14 base32ct: avoid panics when decoding inputs; enforce lengths (#2084)
• a551024 chore(deps): bump crate-ci/typos from 1.38.1 to 1.39.0 (#2082)
• 19aa61b der: track reader error position in ObjectIdentifier::decode_value (#2080)
• 5755d9b der: track reader error position in GeneralizedTime::decode_value (#2079)
• Additional commits viewable in compare view

Updates rfc6979 from 0.5.0-rc.1 to 0.5.0-rc.2

Commits

• fe23a8c rfc6979 v0.5.0-rc.2 (#1089)
• 5a2c2e2 Cargo.lock: update dependencies (#1088)
• 3624d47 ecdsa v0.17.0-rc.8 (#1087)
• 6fe8fa1 ecdsa: bump elliptic-curve to v0.14.0-rc.16 (#1086)
• fd12ac0 Switch from doc_auto_cfg to doc_cfg (#1085)
• b58f47a ml-dsa: run tests on no_std targets (#1080)
• b383808 CI: bump typos to v1.38.1 (#1084)
• 21e60ba chore: apply unreachable_pub lint (#1062)
• 305bad5 ecdsa: re-export blobby (#1082)
• 6cf535b ml-dsa: disable default features for sha3 (#1078)
• Additional commits viewable in compare view

Updates crypto-primes from 0.7.0-pre.3 to 0.7.0-pre.4

Changelog

Sourced from crypto-primes's changelog.

[0.7.0-pre.4] - 2025-11-06

Changed

• Bumped rand_core to 0.10.0-rc.2 and crypto-bigint to 0.7.0-pre.10. (#95)

#95: entropyxyz/crypto-primes#95

Commits

• db1c2b4 v0.7.0-pre.4 released
• 25af661 chore: align rustfmt.toml with Cargo.toml (#96)
• d0f86f4 bump rand_core to 0.10.0-rc.2 (#95)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[CBenoit]

Hi! @RRRadicalEdward Can you look into this when you have some time? Thanks!

[RRRadicalEdward]

We have an Infallible error here. I found this handling to be the most convenient. If rand maintainers change it to return a "faliable" error, we will have a compile error here.