From b5a70bbb847c60cc5d2834fb7bbf812d5f8b5dd6 Mon Sep 17 00:00:00 2001
From: hyperpolymath <6759885+hyperpolymath@users.noreply.github.com>
Date: Tue, 16 Jun 2026 20:46:50 +0100
Subject: [PATCH] security(deps): lockfile bumps clearing open Cargo advisories
 (Track E)

Lockfile-only (cargo update -p; Cargo.toml untouched):
  openssl  0.10.76 -> 0.10.80  (clears GHSA-8c75/ghm9/hppc/phqj/pqf5/xmgf/xp3w/xv59)
  rand     0.9.2   -> 0.9.3    (RUSTSEC-2026-0097 / GHSA-cq8v-f236-94qc)
  thin-vec 0.2.14  -> 0.2.16   (RUSTSEC-2026-0103 / GHSA-xphw-cqx3-667j)

Clears the live Dependabot Rust advisories on this repo (docmatrix#21, Track E).
Same recipe as 007 #44. Residual RUSTSEC unmaintained-crate advisories
(ansi_term/yaml-rust/bincode/rustls-pemfile) are NOT vulnerabilities and need
dep removal/replacement separately.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 Cargo.lock | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 5188119..bf67f5e 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2099,15 +2099,14 @@ checksum = "d6790f58c7ff633d8771f42965289203411a5e5c68388703c06e14f24770b41e"
 
 [[package]]
 name = "openssl"
-version = "0.10.76"
+version = "0.10.80"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "951c002c75e16ea2c65b8c7e4d3d51d5530d8dfa7d060b4776828c88cfb18ecf"
+checksum = "a45fa2aa886c42762255da344f0a0d313e254066c46aad76f300c3d3da62d967"
 dependencies = [
  "bitflags 2.11.0",
  "cfg-if",
  "foreign-types",
  "libc",
- "once_cell",
  "openssl-macros",
  "openssl-sys",
 ]
@@ -2131,9 +2130,9 @@ checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe"
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.112"
+version = "0.9.117"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57d55af3b3e226502be1526dfdba67ab0e9c96fc293004e79576b2b9edb0dbdb"
+checksum = "b47e7e6bb2c38cd930d25a23b40fa52e068c10e85f3e03a7f5ba5aaca5713695"
 dependencies = [
  "cc",
  "libc",
@@ -2478,9 +2477,9 @@ dependencies = [
 
 [[package]]
 name = "rand"
-version = "0.9.2"
+version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
+checksum = "7ec095654a25171c2124e9e3393a930bddbffdc939556c914957a4c3e0a87166"
 dependencies = [
  "rand_chacha",
  "rand_core",
@@ -3295,9 +3294,9 @@ dependencies = [
 
 [[package]]
 name = "thin-vec"
-version = "0.2.14"
+version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "144f754d318415ac792f9d69fc87abbbfc043ce2ef041c60f16ad828f638717d"
+checksum = "259cdf8ed4e4aca6f1e9d011e10bd53f524a2d0637d7b28450f6c64ac298c4c6"
 
 [[package]]
 name = "thiserror"