Skip to content

Bump openssl from 0.10.76 to 0.10.79 in /integration#1940

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/cargo/integration/openssl-0.10.79
Open

Bump openssl from 0.10.76 to 0.10.79 in /integration#1940
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/cargo/integration/openssl-0.10.79

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026
edited
Loading

Bumps openssl from 0.10.76 to 0.10.79.

Release notes

Sourced from openssl's releases.

openssl-v0.10.79

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79

openssl-v0.10.78

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.77...openssl-v0.10.78

openssl-v0.10.77

What's Changed

... (truncated)

Commits
  • 649f2d9 Release openssl 0.10.79 and openssl-sys 0.9.115 (#2632)
  • 257f9b2 Fix output buffer overflow for AES key-wrap-with-padding ciphers (#2630)
  • d43e917 Reject non-UTF-8 OCSP responder URLs in X509Ref::ocsp_responders (#2631)
  • f46519c Add PkeyCtxRef::set_context_string for ML-DSA (#2629)
  • ad9ae31 Bind OSSL_PARAM_modified and use it for seed_into (#2628)
  • 4e25c9b Fix process abort when verify/PSK callbacks fire after SSL_CTX swap (#2624)
  • 3dd8f42 Add PKeyRef::seed_into for ML-DSA/ML-KEM seed extraction (#2626)
  • 2c5e5a8 parallelize more builds in CI for cold caches (#2625)
  • 6685591 Add PKey::private_key_from_seed for ML-DSA/ML-KEM key import (#2621)
  • 8f8fdce Drop once_cell in favor of std::sync::{LazyLock, OnceLock} (#2623)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels May 6, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 6, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Medium
Recently published: cargo openssl-sys published 5 days ago

Location: Package overview

From: ?cargo/sqlx@0.8.6cargo/openssl-sys@0.9.115

ℹ Read more on: This package | This alert | What are recently published artifacts?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should either be allowlisted to allow recently-published versions, or an older version should be used instead.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/openssl-sys@0.9.115. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Recently published: cargo openssl published 5 days ago

Location: Package overview

From: ?cargo/sqlx@0.8.6cargo/openssl@0.10.79

ℹ Read more on: This package | This alert | What are recently published artifacts?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should either be allowlisted to allow recently-published versions, or an older version should be used instead.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/openssl@0.10.79. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot
Bump openssl from 0.10.76 to 0.10.79 in /integration
2dee916 
Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.76 to 0.10.79.
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.76...openssl-v0.10.79)

---
updated-dependencies:
- dependency-name: openssl
  dependency-version: 0.10.79
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/integration/openssl-0.10.79 branch from 5518886 to 2dee916 Compare May 8, 2026 20:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants