From: merge-script Date: Wed, 25 Mar 2026 22:21:20 +0000 (+0100) Subject: Merge bitcoindevkit/bdk-cli#251: Deps: Update transitive dependencies `quinn-proto... X-Git-Url: http://internal-gitweb-vhost/parse/src/example_cli/%22https:/encode/relative/m.span%28?a=commitdiff_plain;p=bdk-cli Merge bitcoindevkit/bdk-cli#251: Deps: Update transitive dependencies `quinn-proto` and `aws-lc-sys` fb9fe29cee11a414f747c0c6f480ddccbb78a6d2 chore: update project deps (Vihiga Tyonum) 5c63453f5d310b6e55cfcae6fa0cf344c21c5c32 deps: Update rustls-webpki to 0.103.10 (Vihiga Tyonum) 88cdceea26903c6023fe1fd0426fd04c533ea5b2 deps: Update aws-lc-sys to v0.39.0 & parent crate (Vihiga Tyonum) 5980919a637842c7615566737d90d7390f395524 deps: Update quinn-proto to v0.11.14 (Vihiga Tyonum) Pull request description: ### Description This PR updates transitive dependencies `quinn-proto` and `aws-lc-sys` to fix identified vulnerabilities. Other `aws-lc-sys` linked vulnerabilities fixed by this update include: - AWS-LC has Timing Side-Channel in AES-CCM Tag Verification - AWS-LC has PKCS7_verify Signature Validation Bypass - CRLs not considered authorative by Distribution Point due to faulty matching logic in `rustls-webpki` v0.103.8 This PR also update: - clap to v4.6 - clap_complete to v4.6 - env_logger to v0.11.10 - thiserror to v2.0.18 - tracing to v0.1.44 - toml to v1.1.0 - bdk_electrum to v0.23.2 - bdk_kyoto to v0.15.4 - bdk_redb to v0.1.1 - reqwest to v0.13.2 - url to v2.5.8 Fixes #249, #250, #258, #259, #260, #261, #262 and #264 #### All Submissions: * [x] I've signed all my commits * [x] I followed the [contribution guidelines](https://github.com/bitcoindevkit/bdk-cli/blob/master/CONTRIBUTING.md) * [x] I ran `cargo fmt` and `cargo clippy` before committing ACKs for top commit: notmandatory: tACK fb9fe29cee11a414f747c0c6f480ddccbb78a6d2 Tree-SHA512: d637dbea336c518f8511b83f3b343cb3b8e01ed4c3a2b946b3f607ef6f848d15dab6289232b0d2cf0acc8dcd99075b0d418ad8c4386c33ecc7636ea5eeb5a933 --- b788a8d4d3087a32b9fc364eb909e541373c7881