chore(deps): bump the validation-deps group across 1 directory with 13 updates

[dependabot]

Bumps the validation-deps group with 11 updates in the /validation/local_ping_pong_openssl directory:

Package	From	To
rustls	0.23.37	0.23.38
openssl	0.10.76	0.10.77
aes	0.9.0-rc.4	0.9.0
cc	1.2.59	1.2.60
ctr	0.10.0-rc.4	0.10.0
elliptic-curve	0.14.0-rc.29	0.14.0-rc.30
indexmap	2.13.1	2.14.0
libc	0.2.184	0.2.185
pkg-config	0.3.32	0.3.33
rand_core	0.10.0	0.10.1
rustls-webpki	0.103.10	0.103.11

Updates rustls from 0.23.37 to 0.23.38

Commits

• 6b116bc Bump version of rustls
• a1da268 client: allow skipping selected ALPN validation
• 5b3ef11 Fix ambiguous panic! warning
• 0f0fbf5 Fix clippy::result_large_err
• 7e99b52 Update semver-compatible dependencies
• See full diff in compare view

Updates openssl from 0.10.76 to 0.10.77

Release notes

Sourced from openssl's releases.

openssl-v0.10.77

What's Changed

• CI: Hash-pin all action usage, avoid credential persistence in actions/checkout by @​woodruffw in rust-openssl/rust-openssl#2587
• Bump aws-lc-sys to 0.39 by @​goffrie in rust-openssl/rust-openssl#2588
• md_ctx: enable sign/verify/reset on BoringSSL, LibreSSL, and AWS-LC by @​alex in rust-openssl/rust-openssl#2589
• Release openssl v0.10.77 and openssl-sys v0.9.113 by @​alex in rust-openssl/rust-openssl#2590

New Contributors

• @​woodruffw made their first contribution in rust-openssl/rust-openssl#2587

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.76...openssl-v0.10.77

Commits

• 78efb65 Release openssl v0.10.77 and openssl-sys v0.9.113 (#2590)
• 5507b22 md_ctx: enable sign/verify/reset on BoringSSL, LibreSSL, and AWS-LC (#2589)
• ba21087 Merge pull request #2588 from goffrie/bump
• 9cc57fa Bump aws-lc-sys to 0.39
• ee5c685 CI: Hash-pin all action usage, avoid credential persistence in actions/checko...
• See full diff in compare view

Updates aes from 0.9.0-rc.4 to 0.9.0

Commits

• 001e740 Adopt Trusted Publishing (#552)
• d908618 Release aes v0.9.0 (#539)
• b612904 aes: remove zeroize_works test (#551)
• 042fa86 Update Cargo.lock (#547)
• 7290b2b ci: use Dependabot to update Cargo.lock (#546)
• d1910c1 ci: bump actions/checkout to v6 (#545)
• 1120a51 Bump Clippy to 1.94 and fix clippy::manual_rotate (#544)
• d52b5b6 aes: remove weak key test entry from changelog (#543)
• 6531730 aes: replace aes_compact configuration flag with `aes_backend_soft="compact...
• f102c4f aes: consolidate backend configuration under aes_backend (#541)
• Additional commits viewable in compare view

Updates cc from 1.2.59 to 1.2.60

Release notes

Sourced from cc's releases.

cc-v1.2.60

Fixed

• (ar) suppress warnings from D modifier probe (#1700)

Changelog

Sourced from cc's changelog.

1.2.60 - 2026-04-10

Fixed

• (ar) suppress warnings from D modifier probe (#1700)

Commits

• 7cad9f5 chore(cc): release v1.2.60 (#1701)
• c15c3eb fix(ar): suppress warnings from D modifier probe (#1700)
• See full diff in compare view

Updates ctr from 0.10.0-rc.4 to 0.10.0

Commits

• e9a0336 Release new versions dependent on cipher v0.5 (#113)
• 504f0a6 belt-ctr: use type alias to define BeltCtr (#112)
• 0ff441c Add allow(missing_docs) for benchmarks (#111)
• 63a37c8 Use release versions of block cipher crates (#110)
• a19e7bd Workspace-level lint configuration (#108)
• See full diff in compare view

Updates elliptic-curve from 0.14.0-rc.29 to 0.14.0-rc.30

Commits

• cf5b810 elliptic-curve v0.14.0-rc.30 (#2373)
• 2b8c0c5 elliptic-curve: bump ff/group dependencies to v0.14.0-rc.1 (#2372)
• d1954d8 password-hash v0.6.1 (#2371)
• 2501d4f password-hash: change bounds for PHC verify blanket impl [BREAKING] (#2370)
• f18bb80 digest: add dev::initialized_mac_test function (#2367)
• adcbc44 build(deps): bump crate-ci/typos from 1.44.0 to 1.45.0 (#2368)
• fb3f1ea build(deps): bump the all-deps group across 1 directory with 11 updates (#2369)
• 23118ea kem v0.3.0 (#2356)
• 13beea5 kem: add serialization docs (#2355)
• ea57736 kem: add basic usage with example (#2354)
• Additional commits viewable in compare view

Updates hkdf from 0.13.0-rc.5 to 0.13.0

Commits

• bfb3b20 hkdf v0.13.0 (#195)
• 8834f33 Workspace-level lint configuration (#194)
• b802abc Add Trusted Publishing config (#193)
• 9d0a675 hkdf v0.13.0-rc.6 (#192)
• c46732a Bump hmac to v0.13 (#191)
• 29c07ab Bump digest to v0.11 (#190)
• ef4a3ac build(deps): bump the all-deps group across 1 directory with 9 updates (#189)
• See full diff in compare view

Updates indexmap from 2.13.1 to 2.14.0

Changelog

Sourced from indexmap's changelog.

2.14.0 (2026-04-09)

• MSRV: Rust 1.85.0 or later is now required.
• Updated the hashbrown dependency to 0.17.
• Made more map::Slice methods const: new_mut, first_mut, last_mut, split_at_mut, split_at_mut_checked, split_first_mut, split_last_mut

Commits

• bcd165b Merge pull request #439 from cuviper/release-2.14.0
• 4ef06a7 Release 2.14.0
• d21826c Merge pull request #438 from cuviper/hashbrown-0.17
• 2566bec Upgrade to hashbrown v0.17
• 4b62776 Merge pull request #437 from cuviper/disjoint-panic
• 478fba2 Normalize the panic doc of get_disjoint_mut
• fb6dafd Merge pull request #436 from cuviper/const-slice-mut
• 5c237a2 Make Slice::{first,last,split_*}_mut methods const
• 48ff9ce Merge pull request #435 from cuviper/edition-2024
• 648be98 cargo fmt with edition 2024
• Additional commits viewable in compare view

Updates libc from 0.2.184 to 0.2.185

Release notes

Sourced from libc's releases.

0.2.185

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Changelog

Sourced from libc's changelog.

0.2.185 - 2026-04-13

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

Commits

• 71d5bfc libc: Release 0.2.185
• 1027d1c Revert "ci: Pin nightly to 2026-04-01"
• 0e9c6e5 redox: Add semaphore functions
• 24ef457 feat: add back support for gnu windows x86 in ci
• aa75caf horizon: Change POLL constants from c_short to c_int
• b7eda5a hexagon: add missing constants and fix types for linux-musl
• d4613f9 newlib/espidf: Add espidf_picolibc cfg for picolibc O_* flag values
• c89fd76 Fix typo in Padding comments
• b3264b2 hexagon: decouple time64 types from musl symbol redirects
• db1ebee ci: Pin nightly to 2026-04-01
• Additional commits viewable in compare view

Updates openssl-sys from 0.9.112 to 0.9.113

Release notes

Sourced from openssl-sys's releases.

openssl-sys-v0.9.113

What's Changed

• CI: Hash-pin all action usage, avoid credential persistence in actions/checkout by @​woodruffw in rust-openssl/rust-openssl#2587
• Bump aws-lc-sys to 0.39 by @​goffrie in rust-openssl/rust-openssl#2588
• md_ctx: enable sign/verify/reset on BoringSSL, LibreSSL, and AWS-LC by @​alex in rust-openssl/rust-openssl#2589
• Release openssl v0.10.77 and openssl-sys v0.9.113 by @​alex in rust-openssl/rust-openssl#2590

New Contributors

• @​woodruffw made their first contribution in rust-openssl/rust-openssl#2587

Full Changelog: rust-openssl/rust-openssl@openssl-sys-v0.9.112...openssl-sys-v0.9.113

Commits

• 78efb65 Release openssl v0.10.77 and openssl-sys v0.9.113 (#2590)
• 5507b22 md_ctx: enable sign/verify/reset on BoringSSL, LibreSSL, and AWS-LC (#2589)
• ba21087 Merge pull request #2588 from goffrie/bump
• 9cc57fa Bump aws-lc-sys to 0.39
• ee5c685 CI: Hash-pin all action usage, avoid credential persistence in actions/checko...
• See full diff in compare view

Updates pkg-config from 0.3.32 to 0.3.33

Changelog

Sourced from pkg-config's changelog.

[0.3.33] - 2026-04-12

Changed

• Error output from pkg-config is included in the message again to help with finding the cause (#187)

Commits

• f4ac872 Release 0.3.33
• bc42854 Merge pull request #187 from Hofer-Julian/fix/error-message
• 3ca2dd7 fix: add pkg-config stderr to Rust error
• 057321c Merge pull request #178 from altunenes/patch-1
• 5da039f simple typo
• See full diff in compare view

Updates rand_core from 0.10.0 to 0.10.1

Release notes

Sourced from rand_core's releases.

v0.10.1

Fixed

• Reference to the rand crate in TryRng docs (#75)

#75: rust-random/rand_core#75

New Contributors

• @​jtojnar made their first contribution in rust-random/rand_core#75

Full Changelog: rust-random/rand_core@v0.10.0...v0.10.1

Changelog

Sourced from rand_core's changelog.

0.10.1 - 2026-04-13

Fixed

• Reference to the rand crate in TryRng docs (#75)

#75: rust-random/rand_core#75

Commits

• 5cd7df4 Release v0.10.1 (#76)
• a2a15a9 Fix rand::Rng reference (#75)
• See full diff in compare view

Updates rustls-webpki from 0.103.10 to 0.103.11

Release notes

Sourced from rustls-webpki's releases.

0.103.11

In response to #464, we've slightly relaxed requirements for anchor_from_trust_cert() to ignore unknown extensions even if they're marked as critical. This only affects parsing a TrustAnchor from DER, for which most extensions are ignored anyway.

What's Changed

• Backport parsing trust anchors with unknown critical extensions to 0.103 by @​djc in rustls/webpki#466

Commits

• 57bc62c Bump version to 0.103.11
• d0fa01e Allow parsing trust anchors with unknown criticial extensions
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions