chore(deps): Update dependencies and fix security vulnerabilities

[mpiton]

Summary

• Update toml 1.0.6 → 1.0.7 (patch: winnow 1.0 internal update)
• Update rustls-webpki 0.103.9 → 0.103.10 in fuzz/Cargo.lock — fixes certificate revocation enforcement bug (GHSA-pwjx-qhcg-rvj4)
• Update aws-lc-sys 0.38.0 → 0.39.0 in fuzz/Cargo.lock — fixes CRL Distribution Point scope check logic error and X.509 Name Constraints bypass via wildcard/unicode CN
• Run cargo update on both main and fuzz lockfiles to pick up all transitive patches

Resolves Dependabot alerts #11, #13, #15.
Supersedes #188 and #189 (can be closed).

Test plan

• cargo clippy --all-targets -- -D warnings — clean
• cargo test --lib — 494 passed
• cargo test --test integration_test — 7 passed
• Verified rustls-webpki = 0.103.10 in both lockfiles
• Verified aws-lc-sys = 0.39.0 in both lockfiles

Summary by CodeRabbit

• Security

  • Updated rustls-webpki with certificate and CRL validation fixes.
  • Updated aws-lc-sys with security improvements.

• Chores

  • Updated toml and transitive dependencies.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request updates the toml dependency from 1.0.6 to 1.0.7 in dependi-lsp/Cargo.toml and documents this change along with security updates to rustls-webpki and aws-lc-sys in the CHANGELOG.

Changes

Cohort / File(s)	Summary
Changelog Documentation CHANGELOG.md	Added Security subsection documenting rustls-webpki 0.103.9 → 0.103.10 and aws-lc-sys 0.38.0 → 0.39.0 updates; added Changed subsection for toml 1.0.6 → 1.0.7 and transitive dependency updates.
Dependency Update dependi-lsp/Cargo.toml	Updated toml dependency from version 1.0.6 to 1.0.7.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• chore: bump reqwest to 0.13, chrono, toml, tracing-subscriber #177: Modifies the same toml dependency declaration in dependi-lsp/Cargo.toml.
• chore: consolidate CI dependency upgrades and bump Cargo packages #164: Updates the same toml crate dependency in dependi-lsp/Cargo.toml.
• deps: update dependencies (anyhow, clap, futures, toml, serial_test) #149: Modifies the toml crate dependency in dependi-lsp/Cargo.toml.

Suggested labels

documentation

Poem

🐰 A version bump, so small and sweet,
Toml takes a hop to stay complete,
The changelog sings of rustls delight,
Security patches shine so bright! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(deps): Update dependencies and fix security vulnerabilities' is directly related to the changeset, which updates the toml dependency and addresses security vulnerabilities in rustls-webpki and aws-lc-sys.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/update-deps-security

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

CHANGELOG.md (1)

13-13: Consider adding an advisory/CVE reference for aws-lc-sys for consistency.

The rustls-webpki line includes a GHSA link; adding one here too would make the security section uniformly traceable.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CHANGELOG.md` at line 13, Update the CHANGELOG entry for "Update `aws-lc-sys`
0.38.0 → 0.39.0" to include a security advisory/CVE link (same style as the
rustls-webpki GHSA reference) so the security note is traceable; locate the line
containing the aws-lc-sys version bump and append the appropriate advisory URL
or CVE identifier and short label.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@CHANGELOG.md`:
- Line 13: Update the CHANGELOG entry for "Update `aws-lc-sys` 0.38.0 → 0.39.0"
to include a security advisory/CVE link (same style as the rustls-webpki GHSA
reference) so the security note is traceable; locate the line containing the
aws-lc-sys version bump and append the appropriate advisory URL or CVE
identifier and short label.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b33de253-3833-4e80-942a-d16fe30cf122

📥 Commits

Reviewing files that changed from the base of the PR and between 9529fa1 and 3406fcd.

⛔ Files ignored due to path filters (2)

• dependi-lsp/Cargo.lock is excluded by !**/*.lock
• dependi-lsp/fuzz/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• CHANGELOG.md
• dependi-lsp/Cargo.toml