From f41f6966789c711022e988b3bf764970b823680f Mon Sep 17 00:00:00 2001
From: Yuki Okushi <huyuumi.dev@gmail.com>
Date: Mon, 23 Mar 2026 19:15:01 +0900
Subject: [PATCH 1/5] Add new security advisories to deny.toml (#3984)

* Add new security advisories to deny.toml

For old rustls.

* Add more
---
 deny.toml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/deny.toml b/deny.toml
index f775089f4..b8dcd8f38 100644
--- a/deny.toml
+++ b/deny.toml
@@ -41,5 +41,8 @@ executables = "deny"
 ignore = [
     "RUSTSEC-2024-0336",
     "RUSTSEC-2025-0009",
-    "RUSTSEC-2025-0010"
+    "RUSTSEC-2025-0010",
+    "RUSTSEC-2026-0044",
+    "RUSTSEC-2026-0048",
+    "RUSTSEC-2026-0049"
 ]

From cb0a4e440293fbef94f18652fb1f7f72fbfc18b6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Mar 2026 10:34:11 +0000
Subject: [PATCH 2/5] build(deps): bump itoa from 1.0.17 to 1.0.18 (#3981)

Bumps [itoa](https://github.com/dtolnay/itoa) from 1.0.17 to 1.0.18.
- [Release notes](https://github.com/dtolnay/itoa/releases)
- [Commits](https://github.com/dtolnay/itoa/compare/1.0.17...1.0.18)

---
updated-dependencies:
- dependency-name: itoa
  dependency-version: 1.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuki Okushi <huyuumi.dev@gmail.com>
---
 Cargo.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index c4b1a3131..5602423e9 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1764,9 +1764,9 @@ dependencies = [
 
 [[package]]
 name = "itoa"
-version = "1.0.17"
+version = "1.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2"
+checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682"
 
 [[package]]
 name = "jiff"

From 7d59d7713238fc455ea5833c042d76b218e03f0b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Mar 2026 10:34:35 +0000
Subject: [PATCH 3/5] build(deps): bump codecov/codecov-action from 5.5.2 to
 5.5.3 (#3982)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.2 to 5.5.3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/671740ac38dd9b0130fbe1cec585b89eea48d3de...1af58845a975a7985b0beb0cbe6fbbb71a41dbad)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuki Okushi <huyuumi.dev@gmail.com>
---
 .github/workflows/coverage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 4213f4844..0fa836ff2 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -32,7 +32,7 @@ jobs:
         run: just test-coverage-codecov
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3
         with:
           files: codecov.json
           fail_ci_if_error: true

From edd3e2cc8d69672e731b74ee1f362f21a150dbe1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Mar 2026 10:37:28 +0000
Subject: [PATCH 4/5] build(deps): bump
 actions-rust-lang/msrv/.github/workflows/msrv.yml from 0.1.0 to 0.1.1 (#3983)

build(deps): bump actions-rust-lang/msrv/.github/workflows/msrv.yml

Bumps [actions-rust-lang/msrv/.github/workflows/msrv.yml](https://github.com/actions-rust-lang/msrv) from 0.1.0 to 0.1.1.
- [Release notes](https://github.com/actions-rust-lang/msrv/releases)
- [Commits](https://github.com/actions-rust-lang/msrv/compare/8b553824444060021f2843d7b4d803f3624d15e5...b95a3a81b0efee6438b858b41a84aff627e01351)

---
updated-dependencies:
- dependency-name: actions-rust-lang/msrv/.github/workflows/msrv.yml
  dependency-version: 0.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuki Okushi <huyuumi.dev@gmail.com>
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5a5a3465b..1a429b330 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,7 +18,7 @@ concurrency:
 jobs:
   read_msrv:
     name: Read MSRV
-    uses: actions-rust-lang/msrv/.github/workflows/msrv.yml@8b553824444060021f2843d7b4d803f3624d15e5 # v0.1.0
+    uses: actions-rust-lang/msrv/.github/workflows/msrv.yml@b95a3a81b0efee6438b858b41a84aff627e01351 # v0.1.1
 
   build_and_test:
     needs: read_msrv

From b9d3adfa4d4b70d2a110897adb2207f97e074a77 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Mar 2026 10:58:47 +0000
Subject: [PATCH 5/5] build(deps): bump taiki-e/install-action from 2.68.32 to
 2.69.6 (#3980)

Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.68.32 to 2.69.6.
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/install-action/compare/f916cfac5d8efd040e250d0cd6b967616504b3a4...06203676c62f0d3c765be3f2fcfbebbcb02d09f5)

---
updated-dependencies:
- dependency-name: taiki-e/install-action
  dependency-version: 2.69.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuki Okushi <huyuumi.dev@gmail.com>
---
 .github/workflows/ci-post-merge.yml | 4 ++--
 .github/workflows/ci.yml            | 4 ++--
 .github/workflows/coverage.yml      | 2 +-
 .github/workflows/lint.yml          | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci-post-merge.yml b/.github/workflows/ci-post-merge.yml
index d2b50294d..918765d63 100644
--- a/.github/workflows/ci-post-merge.yml
+++ b/.github/workflows/ci-post-merge.yml
@@ -49,7 +49,7 @@ jobs:
           toolchain: ${{ matrix.version.version }}
 
       - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean
-        uses: taiki-e/install-action@f916cfac5d8efd040e250d0cd6b967616504b3a4 # v2.68.32
+        uses: taiki-e/install-action@06203676c62f0d3c765be3f2fcfbebbcb02d09f5 # v2.69.6
         with:
           tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean
 
@@ -83,7 +83,7 @@ jobs:
         uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.15.4
 
       - name: Install just, cargo-hack
-        uses: taiki-e/install-action@f916cfac5d8efd040e250d0cd6b967616504b3a4 # v2.68.32
+        uses: taiki-e/install-action@06203676c62f0d3c765be3f2fcfbebbcb02d09f5 # v2.69.6
         with:
           tool: just,cargo-hack
 
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1a429b330..f0487ab80 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -64,7 +64,7 @@ jobs:
           toolchain: ${{ matrix.version.version }}
 
       - name: Install just, cargo-hack, cargo-nextest, cargo-ci-cache-clean
-        uses: taiki-e/install-action@f916cfac5d8efd040e250d0cd6b967616504b3a4 # v2.68.32
+        uses: taiki-e/install-action@06203676c62f0d3c765be3f2fcfbebbcb02d09f5 # v2.69.6
         with:
           tool: just,cargo-hack,cargo-nextest,cargo-ci-cache-clean
 
@@ -117,7 +117,7 @@ jobs:
           toolchain: nightly
 
       - name: Install just
-        uses: taiki-e/install-action@f916cfac5d8efd040e250d0cd6b967616504b3a4 # v2.68.32
+        uses: taiki-e/install-action@06203676c62f0d3c765be3f2fcfbebbcb02d09f5 # v2.69.6
         with:
           tool: just
 
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 0fa836ff2..36ffa2a6d 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -24,7 +24,7 @@ jobs:
           components: llvm-tools
 
       - name: Install just, cargo-llvm-cov, cargo-nextest
-        uses: taiki-e/install-action@f916cfac5d8efd040e250d0cd6b967616504b3a4 # v2.68.32
+        uses: taiki-e/install-action@06203676c62f0d3c765be3f2fcfbebbcb02d09f5 # v2.69.6
         with:
           tool: just,cargo-llvm-cov,cargo-nextest
 
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index af5e58734..0250424bf 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -77,7 +77,7 @@ jobs:
           toolchain: ${{ vars.RUST_VERSION_EXTERNAL_TYPES }}
 
       - name: Install just
-        uses: taiki-e/install-action@f916cfac5d8efd040e250d0cd6b967616504b3a4 # v2.68.32
+        uses: taiki-e/install-action@06203676c62f0d3c765be3f2fcfbebbcb02d09f5 # v2.69.6
         with:
           tool: just