deps: bump the rust-dependencies group across 1 directory with 6 updates

[dependabot]

Updates the requirements on lz4_flex, hkdf, sha2, hmac, generic-array and getrandom to permit the latest version.
Updates lz4_flex to 0.13.0

Release notes

Sourced from lz4_flex's releases.

0.13.0

What's Changed

• add minimal security policy by @​Marcono1234 in PSeitz/lz4_flex#203
• Fix get_maximum_output_size overflow on 32-bit targets by @​dglittle in PSeitz/lz4_flex#205
• lz4_block exposes option to reuse compression dict by @​matthewfollegot in PSeitz/lz4_flex#207

New Contributors

• @​Marcono1234 made their first contribution in PSeitz/lz4_flex#203
• @​dglittle made their first contribution in PSeitz/lz4_flex#205
• @​matthewfollegot made their first contribution in PSeitz/lz4_flex#207

Full Changelog: PSeitz/lz4_flex@0.12.0...0.13.0

Changelog

Sourced from lz4_flex's changelog.

0.13.0 (2026-03-15)

Features

• Add option to reuse compression dict #207 (thanks @​matthewfollegot)

Fixes

• Fix handling of invalid match offsets during decompression #055502e (thanks @​Marcono1234)

Invalid match offsets (offset == 0) during decompression were not properly
handled, which could lead to invalid memory reads. This is a security fix
that was also backported to 0.12.1 and 0.11.6.

• Fix get_maximum_output_size overflow on 32-bit targets #205 (thanks @​dglittle)

Cast input_len to u64 before multiplying by 110, avoiding overflow on
32-bit targets (e.g. wasm32) where input_len * 110 overflows usize
when input_len > ~39MB.

0.12.1 (2026-03-14)

Security Fix

• Fix handling of invalid match offsets during decompression #a0b9154 (thanks @​Marcono1234)

Invalid match offsets (offset == 0) during decompression were not properly
handled, which could lead to invalid memory reads on untrusted input.
Users on 0.12.x should upgrade to 0.12.1.

0.12.0 (2025-11-11)

• Fix integer overflows when decoding large payloads #192 (thanks @​teh-cmc)

This fixes an u32 integer overflow when decoding large payloads in the block format.
Note: The block format is not suitable for such large payloads, since it
keeps everything in memory. Consider using the frame format for large data.
This change also removes a unsafe fast-path for write_integer to simplify the code.

The performance impact is on incompressible data, which is already fast enough.

0.11.6 (2026-03-14)

Security Fix

• Fix handling of invalid match offsets during decompression #84cdafb (thanks @​Marcono1234)

Invalid match offsets (offset == 0) during decompression were not properly
handled, which could lead to invalid memory reads on untrusted input.
Users on 0.11.x should upgrade to 0.11.6.

... (truncated)

Commits

• bfaae84 release 0.13.0
• 055502e fix handling of invalid match offsets during decompression
• 7191df8 make hashtable visibility crate public
• 1bdafca add doc comments
• c90fc91 lz4_block exposes option to reuse compression dict
• 22e77f9 Delete .github/workflows/typos.yml
• 2991a09 fix get_maximum_output_size overflow on 32-bit targets
• 7b5fb80 add minimal security policy
• See full diff in compare view

Updates hkdf to 0.13.0

Commits

• bfb3b20 hkdf v0.13.0 (#195)
• 8834f33 Workspace-level lint configuration (#194)
• b802abc Add Trusted Publishing config (#193)
• 9d0a675 hkdf v0.13.0-rc.6 (#192)
• c46732a Bump hmac to v0.13 (#191)
• 29c07ab Bump digest to v0.11 (#190)
• ef4a3ac build(deps): bump the all-deps group across 1 directory with 9 updates (#189)
• a163784 Bump dependencies (#183)
• 2919db3 build(deps): bump the all-deps group with 2 updates (#182)
• 450a0db hkdf v0.13.0-rc.4 (#181)
• Additional commits viewable in compare view

Updates sha2 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates hmac to 0.13.0

Commits

• 0236c8e hmac v0.13.0 (#263)
• b895e50 Migrate tests to the new blobby format (#264)
• 3d1440b Workspace-level lint configuration (#261)
• 11d4f36 hmac: use release versions of dev-dependencies (#260)
• c40b82b hmac: bump sha2 dev-dependency to v0.11 (#259)
• 1fa0781 Cut rc.5 prereleases (#258)
• a008265 hmac v0.13.0-rc.6 (#256)
• da485cd Use (Reset)MacTraits (#254)
• 2c51e3b hmac: derive Clone instead of relying on (Reset)MacTraits (#253)
• 669d805 Relax Clone bounds (#250)
• Additional commits viewable in compare view

Updates generic-array to 1.3.5

Changelog

Sourced from generic-array's changelog.

• (unreleased)

  • Add subtle, arbitrary, bytemuck, bitvec and as-slice implementations for GenericArray.
  • Add GenericSequence::repeat for creating sequences/arrays with repeated elements.
  • Add FallibleGenericSequence with try_generate and from_fallible_iter for fallible generation of sequences/arrays.
  • Add try_fold and try_map to FunctionalSequence for fallible folding/mapping of sequences/arrays.
  • Add try_from_fallible_iter to GenericArray for fallible construction from fallible iterators.
  • Add each_ref/each_mut methods to GenericArray for creating arrays of references to the elements.

• 1.3.5

  • Fixed const_transmute not compiling between Rust versions 1.74.0 and 1.83.0. Yanked 1.3.4.

• 1.3.4

  • Significantly improve stack usage of GenericArray methods in unoptimized (-C opt-level=0) build modes.
  • Introduce the hybrid-array-0_4 feature to allow interop between generic-array 1.x and hybrid-array 0.4 versions.
  • Add ConstGenericArray type alias for easier usage with literal const usizes.
  • Implement ZeroizeOnDrop for GenericArray when T: ZeroizeOnDrop (when using the zeroize feature).

• 1.3.2

  • Introduce the compat-0_14 feature to allow interop between generic-array 1.x and 0.14 versions.

• 1.3.1

  • Lower MSRV to 1.65.0 (minimum required for GATs)
  • Make some functions const only on Rust 1.83.0 or newer, otherwise they are non-const.
  • Implement core::error::Error for LengthError on Rust 1.81.0 or newer.

• 1.3.0

  • Restrict ArrayLength to lengths representable by usize to fix soundness issues #156 (may break invalid code)
  • Flatten internal representation to improve miri performance #157
  • Use serde_core instead of serde

• 1.2.1

  • Replace doc_auto_cfg with doc_cfg #155

• 1.2.0

  • Mark more functions as const
  • Bump MSRV to 1.83.0 (reverted in generic-array 1.3.1)

• 1.1.1

  • Add Flatten and Unflatten traits for converting between nested arrays.

• 1.1.0

  • Add Remove trait that adds remove/swap_remove to GenericArray (inspired by #147)
  • Soft-deprecate internals::ArrayBuilder in favor of internals::IntrusiveArrayBuilder

• 1.0.1

  • Update faster-hex dependency
  • Mark from_iter as #[inline] to significantly improve codegen.

• 1.0.0

  • Use GATs for ArrayLength !

... (truncated)

Commits

• See full diff in compare view

Updates getrandom to 0.4.2

Changelog

Sourced from getrandom's changelog.

0.4.2 - 2026-03-03

Changed

• Bump r-efi dependency to v6 #814

Fixed

• Read errno only when it is set #810
• Check the return value of ProcessPrng on Windows #811

#810: rust-random/getrandom#810 #811: rust-random/getrandom#811 #814: rust-random/getrandom#814

0.4.1 - 2026-02-03

Fixed

• Documentation build on docs.rs #801

#801: rust-random/getrandom#801

0.4.0 - 2026-02-02

Added

• RawOsError type alias #739
• SysRng behind new feature sys_rng #751
• WASIp3 support #779
• extern_impl opt-in backend #786 #794
• Motor OS support #797

Changed

• Use Edition 2024 and MSRV 1.85 #749

#739: rust-random/getrandom#739 #749: rust-random/getrandom#749 #751: rust-random/getrandom#751 #779: rust-random/getrandom#779 #786: rust-random/getrandom#786 #794: rust-random/getrandom#794 #797: rust-random/getrandom#797

[0.3.4] - 2025-10-14

Major change to wasm_js backend

Now, when the wasm_js feature is enabled, the wasm_js backend will be used by default. Users of wasm32-unknown-unknown targeting JavaScript environments like the Web and Node.js will no longer need to specify:

... (truncated)

Commits

• 4d82673 Release v0.4.2 (#821)
• 158fdd4 build(deps): bump the all-deps group with 3 updates (#818)
• 5b0adcc changelog: fix Motor OS PR link (#816)
• f19d321 changelog: move version links to relevant sections (#815)
• b83c779 Avoid accessing errno on unexpected return values. (#810)
• 3d1b151 Update r-efi to v6 (#814)
• 73c17f7 windows: check return value of ProcessPrng (#811)
• 7589557 Update Cargo.lock (#809)
• 6dfd5cb Unify lazy types (#804)
• 5e6b022 Update Cargo.lock (#806)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions