build(deps): bump the patch group across 2 directories with 10 updates

[dependabot]

Bumps the patch group with 9 updates in the / directory:

Package	From	To
chrono	0.4.44	0.4.45
time	0.3.47	0.3.49
http	1.4.1	1.4.2
ed25519-dalek	3.0.0-pre.6	3.0.0-pre.7
aes	0.9.0	0.9.1
aes-kw	0.3.0	0.3.1
aead	0.6.0-rc.10	0.6.0
ecdsa	0.17.0-rc.17	0.17.0-rc.18
uuid	1.23.1	1.23.3

Bumps the patch group with 1 update in the /ffi/wasm directory: wasm-bindgen-test.

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

• fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow by @​SAY-5 in chronotope/chrono#1787
• tz_data: fix tzdata locations on Android by @​caruschalalamove in chronotope/chrono#1789

Commits

• 1703382 Prepare 0.4.45 release
• 881f9ab tz_data: fix tzdata locations on Android
• f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
• c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
• 120686c Bump codecov/codecov-action from 5 to 6
• See full diff in compare view

Updates time from 0.3.47 to 0.3.49

Release notes

Sourced from time's releases.

v0.3.49

See the changelog for details.

v0.3.48

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.49 [2026-06-13]

Fixed

• Due to a long-standing bug in the Rust compiler, v0.3.48 caused a number of crates to stop compiling. A patch has been added that avoids triggering the bug.

0.3.48 [2026-06-12] [YANKED]

Security

• The number of digits parsed by [subsecond digits:1+] is capped at 32 to avoid parsing unbounded user input. Digits after the 9th have no semantic meaning.
• Explicitly specify #[repr] for Weekday. The value of the variants is relied upon in multiple locations for soundness. The practical effect of this change is nothing, as Rust has always mapped C-like enums to 0..N in memory.

Compatibility

• Non-UTF-8 formatting and parsing is deprecated without replacement. It is recommended to only format and parse valid UTF-8.
• format_description::parse is deprecated. It is recommended to use format_description::parse_borrowed::<3> or format_description::parse_owned::<3>.

Added

• All types in the unit module have a generic parameter, though this is currently not used for much. Usage will be expanded in the future.
• Comparisons between types in the unit module and the generic Unit type are permitted.
• Support for rand 0.10
• Version 3 format descriptions
  • Only UTF-8 is supported. As a side effect of this, [ignore] requires that the remaining input not begin mid-codepoint.
  • Representation is deliberately opaque to allow for arbitrary changes going forward.
  • format:false is supported on [optional] components. This is not possible in version 1 and version 2 format descriptions due to API compatibility.
  • The time::serde::format_description! macro uses a new, clearer syntax for version 3.
    • time::serde::format_description!(mod foo [Date] = "[year]-[month]-[day]");
    • Unlike version 1 and version 2 format descriptions, the type is not automatically brought into scope. You must import it yourself.
  • Nonsensical combinations of modifiers are rejected. For example, you cannot specify case-sensitivity when parsing a numerical month.
  • [year] defaults to range:standard
  • Components and modifiers are case sensitive (and always lowercase).

Changed

• The convert module has been renamed to unit.

Fixed

... (truncated)

Commits

• ff8683c v0.3.49 release
• f189886 fix: resolve E0119 trait coherence error in rustc >= 1.95.0
• 5d8737c v0.3.48 release
• 1bfca87 Use widen instead of extend in sys code
• c57284f fix: return error instead of panicking on truncated strftime padding modifier
• a74f35f Use v3 format descriptions for serde defaults
• 96ff36c Allow eliding serde format description version
• edc58b1 Permit duplicates in v1/v2 in permit_modifiers!
• a838f69 Bump codecov action
• f2f99f8 Fix unused warning
• Additional commits viewable in compare view

Updates http from 1.4.1 to 1.4.2

Changelog

Sourced from http's changelog.

1.4.2 (June 8, 2026)

• Fix uri::Builder to allow "*" as the path when scheme and authority are also set, used in HTTP/2 requests.
• Fix Uri to properly reject DEL characters.

Commits

• 82db5b8 v1.4.2
• a9cdbf8 fix(uri): reject DEL character (#842)
• df75ca3 fix(uri): allow STAR paths with scheme/auth (#843)
• ec3f8ce feat(method): impl PartialOrd + Ord (#840)
• See full diff in compare view

Updates ed25519-dalek from 3.0.0-pre.6 to 3.0.0-pre.7

Commits

• 5b796f3 ed: Prepare for pre.7 release (#904)
• 5948086 ed25519-dalek: bump ed25519 crate dependency to v3.0.0 (#903)
• 28611ad build(deps): bump rand from 0.9.2 to 0.9.4 (#896)
• 3958e0e bump rustcrypto dependencies to released versions (#902)
• 71d7e87 ed: Fix README feature matrix (#900)
• eb7df80 Link formal verification results (#899)
• fc23dd4 ed: Unvendor STROBE (#895)
• bad078d Bump cpufeatures to v0.3 (#894)
• 53a86c7 Bump digest and sha2 to v0.11 (#893)
• ddb8c68 ed25519-dalek: bump keccak dependency to v0.2 (#892)
• Additional commits viewable in compare view

Updates aes from 0.9.0 to 0.9.1

Commits

• 507938c Release aes v0.9.1 (#563)
• 957dba9 aes: fix min version of zeroize and build warnings on AArch64 (#562)
• c69a235 Release new versions dependent on cipher v0.5 (#553)
• 582b178 Move gift to gift-cipher and speck to speck-cipher (#554)
• See full diff in compare view

Updates aes-kw from 0.3.0 to 0.3.1

Commits

• a61a8a2 Release aes-kw v0.3.1 (#85)
• ed8faa4 aes-kw: derive Copy, Clone, and Hash for Error (#78)
• 54f856a aes-kw: add zeroize crate feature (#80)
• 99e399b Use doc_cfg instead of doc_auto_cfg (#84)
• 8134cc6 ci: re-enable minimal versions job for aes-kw (#83)
• bc2aa70 ci: disable minimal versions job for aes-kw (#82)
• See full diff in compare view

Updates aead from 0.6.0-rc.10 to 0.6.0

Commits

• 387aa9c aead v0.6.0 (#2440)
• 699c371 elliptic-curve: add WnafScalar::from_le_bytes (#2438)
• db57dfc elliptic-curve: add WnafBase::multiscalar_mul_array (#2439)
• 89fe92f Fix wnaf_table overallocation (#2437)
• 2220ddd elliptic-curve v0.14.0-rc.33 (#2436)
• 6d685a5 elliptic-curve: fix clippy::manual_clear (#2435)
• 0969352 Update Cargo.lock (#2432)
• 83fa377 elliptic-curve: fix missing le_repr conversion (#2434)
• aa20d60 ci: bump crate-ci/typos from 1.46.2 to 1.47.1 (#2433)
• 912c498 elliptic-curve: use ff/group v0.14 releases; vendor wnaf (#2431)
• Additional commits viewable in compare view

Updates ecdsa from 0.17.0-rc.17 to 0.17.0-rc.18

Commits

• 58bae19 Cut new prereleases (#1319)
• 2eadc3c ml-dsa: bump module-lattice to v0.2.2 (#1318)
• 452633d ecdsa: bump elliptic-curve to v0.14.0-rc.32 (#1317)
• 86c035a Bump pkcs8 dependency to v0.11 (#1316)
• f873b8e build(deps): bump hybrid-array from 0.4.10 to 0.4.11 (#1314)
• d8b1875 Bump pkcs8 to v0.11.0-rc.12 (#1312)
• 00e6eed build(deps): bump typenum from 1.19.0 to 1.20.0 (#1306)
• f93d502 ml-dsa: fix unreachable_pub lint by making Eta pub (#1311)
• 0efe0f8 ecdsa: use absolute 128-bit floor for bits2field (#1310)
• See full diff in compare view

Updates uuid from 1.23.1 to 1.23.3

Release notes

Sourced from uuid's releases.

v1.23.3

What's Changed

• Fix up parser panic on empty input by @​KodrAus in uuid-rs/uuid#886
• Prepare for 1.23.3 release by @​KodrAus in uuid-rs/uuid#887

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3

v1.23.2

What's Changed

• Improve error messages for ambiguous formats by @​KodrAus in uuid-rs/uuid#882
• Prepare for 1.23.2 release by @​KodrAus in uuid-rs/uuid#883

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

Commits

• 20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
• 62232ca prepare for 1.23.3 release
• 2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
• 2d034d4 fix some invalid indexers on error reporting
• a8b9f14 update fuzz infra and run in CI
• d119657 Merge pull request #883 from uuid-rs/cargo/v1.23.2
• 0651cfc prepare for 1.23.2 release
• e8dea0c Merge pull request #882 from uuid-rs/fix/error-msgs
• bdc429a fix up serde messages
• d4342e4 make indexes 0 based and fix up more error messages
• Additional commits viewable in compare view

Updates wasm-bindgen-test from 0.3.72 to 0.3.75

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions