René's URL Explorer Experiment


Title: chore(deps): Bump rustls-webpki from 0.103.9 to 0.103.13 by dependabot[bot] · Pull Request #66 · SocketDev/socket-patch · GitHub

Open Graph Title: chore(deps): Bump rustls-webpki from 0.103.9 to 0.103.13 by dependabot[bot] · Pull Request #66 · SocketDev/socket-patch

X Title: chore(deps): Bump rustls-webpki from 0.103.9 to 0.103.13 by dependabot[bot] · Pull Request #66 · SocketDev/socket-patch

Description: Bumps rustls-webpki from 0.103.9 to 0.103.13. Release notes Sourced from rustls-webpki's releases. 0.103.13 Fix reachable panic in parsing a CRL. This was reported to us as GHSA-82j2-j2ch-gfr8. Users who don't use CRLs are not affected. For name constraints on URI names, we incorrectly processed excluded subtrees in a way which inverted the desired meaning. See rustls/webpki#471. This was a case missing in the fix for GHSA-965h-392x-2mh5. What's Changed Actually fail closed for URI matching against excluded subtrees by @​djc in rustls/webpki#473 Prepare 0.103.13 by @​ctz in rustls/webpki#474 Full Changelog: rustls/webpki@v/0.103.12...v/0.103.13 0.103.12 This release fixes two bugs in name constraint enforcement: GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented. GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727. Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit. What's Changed Prepare 0.103.12 by @​djc in rustls/webpki#470 Full Changelog: rustls/webpki@v/0.103.11...v/0.103.12 0.103.11 In response to #464, we've slightly relaxed requirements for anchor_from_trust_cert() to ignore unknown extensions even if they're marked as critical. This only affects parsing a TrustAnchor from DER, for which most extensions are ignored anyway. What's Changed Backport parsing trust anchors with unknown critical extensions to 0.103 by @​djc in rustls/webpki#466 0.103.10 Correct selection of candidate CRLs by Distribution Point and Issuing Distribution Point. If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored. The impact was that correctly provided CRLs would not be consulted to check revocation. With UnknownStatusPolicy::Deny (the default) this would lead to incorrect but safe Error::UnknownRevocationStatus. With UnknownStatusPolicy::Allow this would lead to inappropriate acceptance of revoked certificates. This vulnerability is thought to be of limited impact. This is because both the certificate and CRL are signed -- an attacker would need to compromise a trusted issuing authority to trigger this bug. An attacker with such capabilities could likely bypass revocation checking through other more impactful means (such as publishing a valid, empty CRL.) More likely, this bug would be latent in normal use, and an attacker could leverage faulty revocation checking to continue using a revoked credential. This vulnerability is identified by GHSA-pwjx-qhcg-rvj4. Thank you to @​1seal for the report. What's Changed Freshen up rel-0.103 by @​ctz in rustls/webpki#455 Prepare 0.103.10 by @​ctz in rustls/webpki#458 Full Changelog: rustls/webpki@v/0.103.9...v/0.103.10 Commits 2879b2c Prepare 0.103.13 2c49773 Improve tests for padding of BitStringFlags 4e3c0b3 Correct validation of BIT STRING constraints 39c91d2 Actually fail closed for URI matching against excluded subtrees 27131d4 Bump version to 0.103.12 6ecb876 Clean up stuttery enum variant names 318b3e6 Ignore wildcard labels when matching name constraints 1219622 Rewrite constraint matching to avoid permissive catch-all branch 57bc62c Bump version to 0.103.11 d0fa01e Allow parsing trust anchors with unknown criticial extensions Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot show ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Open Graph Description: Bumps rustls-webpki from 0.103.9 to 0.103.13. Release notes Sourced from rustls-webpki's releases. 0.103.13 Fix reachable panic in parsing a CRL. This was reported to us as GHSA-82j2-j2ch-gf...

X Description: Bumps rustls-webpki from 0.103.9 to 0.103.13. Release notes Sourced from rustls-webpki's releases. 0.103.13 Fix reachable panic in parsing a CRL. This was reported to us as GHSA-82j2-j2c...

Opengraph URL: https://github.com/SocketDev/socket-patch/pull/66

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository/pull/:id/files(.:format)
route-controllerpull_requests
route-actionfiles
fetch-noncev2:636b9e79-36aa-7433-5a2e-ba704eaea4f2
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-id8A4E:C3948:3777AF9:4CA610D:6A4F3F8F
html-safe-noncedb0a129f1395ecd576e2871cc5add000cdb50403a6bce037b3caa31337aacc0f
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4QTRFOkMzOTQ4OjM3NzdBRjk6NENBNjEwRDo2QTRGM0Y4RiIsInZpc2l0b3JfaWQiOiIyNjEwODMwMzg2NzM3OTIxOTM1IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitor-hmac2e41e2c6ca7592ce2e15db1b8e69a2d1b621d9559dc1e5cb1423ba01fc44b5c8
hovercard-subject-tagpull_request:3580483311
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/files
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/SocketDev/socket-patch/pull/66/files
twitter:imagehttps://avatars.githubusercontent.com/in/29110?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/in/29110?s=400&v=4
og:image:altBumps rustls-webpki from 0.103.9 to 0.103.13. Release notes Sourced from rustls-webpki's releases. 0.103.13 Fix reachable panic in parsing a CRL. This was reported to us as GHSA-82j2-j2ch-gf...
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Noneb92d11c0aa4a77d54ef4af1078b6a15fb5a70a215b30c4ecf28889d5a8e656d9
turbo-cache-controlno-preview
diff-viewunified
go-importgithub.com/SocketDev/socket-patch git https://github.com/SocketDev/socket-patch.git
octolytics-dimension-user_id69326764
octolytics-dimension-user_loginSocketDev
octolytics-dimension-repository_id1093661456
octolytics-dimension-repository_nwoSocketDev/socket-patch
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id1093661456
octolytics-dimension-repository_network_root_nwoSocketDev/socket-patch
turbo-body-classeslogged-out env-production page-responsive
disable-turbotrue
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release4b249b445842943ed31549e027f57a8ade9881ed
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/SocketDev/socket-patch/pull/66/files#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2FSocketDev%2Fsocket-patch%2Fpull%2F66%2Ffiles
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2FSocketDev%2Fsocket-patch%2Fpull%2F66%2Ffiles
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Ffiles&source=header-repo&source_repo=SocketDev%2Fsocket-patch
Reloadhttps://github.com/SocketDev/socket-patch/pull/66/files
Reloadhttps://github.com/SocketDev/socket-patch/pull/66/files
Reloadhttps://github.com/SocketDev/socket-patch/pull/66/files
Please reload this pagehttps://github.com/SocketDev/socket-patch/pull/66/files
SocketDev https://github.com/SocketDev
socket-patchhttps://github.com/SocketDev/socket-patch
Notifications https://github.com/login?return_to=%2FSocketDev%2Fsocket-patch
Fork 0 https://github.com/login?return_to=%2FSocketDev%2Fsocket-patch
Star 3 https://github.com/login?return_to=%2FSocketDev%2Fsocket-patch
Code https://github.com/SocketDev/socket-patch
Issues 1 https://github.com/SocketDev/socket-patch/issues
Pull requests 1 https://github.com/SocketDev/socket-patch/pulls
Actions https://github.com/SocketDev/socket-patch/actions
Models https://github.com/SocketDev/socket-patch/models
Security and quality 0 https://github.com/SocketDev/socket-patch/security
Insights https://github.com/SocketDev/socket-patch/pulse
Code https://github.com/SocketDev/socket-patch
Issues https://github.com/SocketDev/socket-patch/issues
Pull requests https://github.com/SocketDev/socket-patch/pulls
Actions https://github.com/SocketDev/socket-patch/actions
Models https://github.com/SocketDev/socket-patch/models
Security and quality https://github.com/SocketDev/socket-patch/security
Insights https://github.com/SocketDev/socket-patch/pulse
Sign up for GitHub https://github.com/signup?return_to=%2FSocketDev%2Fsocket-patch%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2FSocketDev%2Fsocket-patch%2Fissues%2Fnew%2Fchoose
Mikola Lysenko (mikolalysenko)https://github.com/mikolalysenko
mainhttps://github.com/SocketDev/socket-patch/tree/main
dependabot/cargo/rustls-webpki-0.103.13https://github.com/SocketDev/socket-patch/tree/dependabot/cargo/rustls-webpki-0.103.13
Conversation 0 https://github.com/SocketDev/socket-patch/pull/66
Commits 1 https://github.com/SocketDev/socket-patch/pull/66/commits
Checks 19 https://github.com/SocketDev/socket-patch/pull/66/checks
Files changed https://github.com/SocketDev/socket-patch/pull/66/files
Please reload this pagehttps://github.com/SocketDev/socket-patch/pull/66/files
chore(deps): Bump rustls-webpki from 0.103.9 to 0.103.13 https://github.com/SocketDev/socket-patch/pull/66/files#top
Show all changes 1 commit https://github.com/SocketDev/socket-patch/pull/66/files
3ae6070 chore(deps): Bump rustls-webpki from 0.103.9 to 0.103.13 dependabot[bot] Apr 24, 2026 https://github.com/SocketDev/socket-patch/pull/66/commits/3ae607013309f45f4ea5e76da64c81eca55af640
Clear filters https://github.com/SocketDev/socket-patch/pull/66/files
Please reload this pagehttps://github.com/SocketDev/socket-patch/pull/66/files
Please reload this pagehttps://github.com/SocketDev/socket-patch/pull/66/files
Cargo.lockhttps://github.com/SocketDev/socket-patch/pull/66/files#diff-13ee4b2252c9e516a0547f2891aa2105c3ca71c6d7a1e682c69be97998dfc87e
View file https://github.com/SocketDev/socket-patch/blob/3ae607013309f45f4ea5e76da64c81eca55af640/Cargo.lock
Open in desktop https://desktop.github.com
how customized files appear on GitHubhttps://docs.github.com/github/administering-a-repository/customizing-how-changed-files-appear-on-github
Please reload this pagehttps://github.com/SocketDev/socket-patch/pull/66/files
Please reload this pagehttps://github.com/SocketDev/socket-patch/pull/66/files
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.