uv

79f79182 - Update Rust crate webpki to v0.103.12 (#19029)

Update Rust crate webpki to v0.103.12 (#19029) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [webpki](https://redirect.github.com/rustls/webpki) | workspace.dependencies | patch | `0.103.10` → `0.103.12` | ### GitHub Vulnerability Alerts #### [GHSA-xgp8-3hg3-c2mh](https://redirect.github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh) Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint. This is very similar to [CVE-2025-61727](https://go.dev/issue/76442). Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit. ##### Severity - CVSS Score: 2.2 / 10 (Low) - Vector String: `CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N` #### [GHSA-965h-392x-2mh5](https://redirect.github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5) Name constraints for URI names were ignored and therefore accepted. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented. URI name constraints are now rejected unconditionally. Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit. ##### Severity - CVSS Score: 2.2 / 10 (Low) - Vector String: `CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N` --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/uv). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCIsInNlY3VyaXR5Il19--> --------- Signed-off-by: William Woodruff <william@astral.sh> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: William Woodruff <william@astral.sh>