chore(deps): bump the validation-deps group across 1 directory with 6 updates

[dependabot]

Bumps the validation-deps group with 6 updates in the /validation/local_ping_pong_openssl directory:

Package	From	To
cc	1.2.56	1.2.57
crypto-bigint	0.7.1	0.7.2
digest	0.11.1	0.11.2
hmac	0.13.0-rc.5	0.13.0-rc.6
itoa	1.0.17	1.0.18
rustls-webpki	0.103.9	0.103.10

Updates cc from 1.2.56 to 1.2.57

Release notes

Sourced from cc's releases.

cc-v1.2.57

Other

• Size archiver batches according to argument length not argument count (#1689)
• Added Build::env for setting environment variables of compiler invocations and other child processes (#1656 #1682)

Changelog

Sourced from cc's changelog.

1.2.57 - 2026-03-13

Other

• Size archiver batches according to argument length not argument count (#1689)
• Added Build::env for setting environment variables of compiler invocations and other child processes (#1656 #1682)

Commits

• 77f8866 chore(cc): release v1.2.57 (#1681)
• c541d9b Size archiver batches according to argument length not argument count (#1689)
• 1654cb9 Improve the semantics of Build::env (#1682)
• 5868a0f Use cargo-nextest in main.yml (#1686)
• c5610e1 Update which requirement from ^4.0 to ^8.0 (#1683)
• d41559b Serialize tests that need environment variables (#1685)
• e35ca93 Rename job 'regenerate' to 'rustc_target_test' (#1687)
• 41965a9 Don't run CI twice on every PR (#1684)
• 9c4720b rename __set_env to env and make it un-hidden (#1656)
• See full diff in compare view

Updates crypto-bigint from 0.7.1 to 0.7.2

Changelog

Sourced from crypto-bigint's changelog.

0.7.2 (2026-03-20)

Added

• Invert to MontyForm supertraits (#1226)

Changed

• BREAKING: seal the Integer trait (#1227)

#1226: RustCrypto/crypto-bigint#1226 #1227: RustCrypto/crypto-bigint#1227

Commits

• 9ba2ef6 v0.7.2 (#1228)
• 4182ba0 Add Invert to MontyForm supertraits (#1226)
• e458a92 BREAKING: seal the Integer trait (#1227)
• See full diff in compare view

Updates digest from 0.11.1 to 0.11.2

Commits

• 2465f98 digest: bump version to v0.11.2 (#2343)
• a87b567 Release digest v0.11.2 (#2342)
• 84476d3 digest: remove Clone from MacTraits (#2341)
• 6954eab elliptic-curve v0.14.0-rc.29 (#2340)
• a250cbd elliptic-curve: bump sec1 to v0.8 (#2339)
• 01b44a6 password-hash v0.6.0 (#2338)
• 866ef69 password-hash: add Error::RngFailure (#2337)
• 4c2365e build(deps): bump the all-deps group with 4 updates (#2335)
• ae7d4be password-hash: rustdoc fixups (#2336)
• 35e0e9a password-hash: remove McfHasher trait (#2334)
• Additional commits viewable in compare view

Updates hmac from 0.13.0-rc.5 to 0.13.0-rc.6

Commits

• a008265 hmac v0.13.0-rc.6 (#256)
• da485cd Use (Reset)MacTraits (#254)
• 2c51e3b hmac: derive Clone instead of relying on (Reset)MacTraits (#253)
• 669d805 Relax Clone bounds (#250)
• 945339b Migrate to digest v0.11.1 (#249)
• 551f89d ci: update workspace config (#245)
• 8e45e73 Adopt Trusted Publishing (#244)
• a8dc8e8 Bump digest to v0.11 (#243)
• e56667e Bump cipher to v0.5 (#242)
• 3c38276 Bump the all-deps group with 4 updates (#241)
• See full diff in compare view

Updates itoa from 1.0.17 to 1.0.18

Release notes

Sourced from itoa's releases.

1.0.18

• Simplify pointer usage in Buffer::format method (#67, thanks @​xtqqczze)
• Optimize 128-bit integer formatting (#68, thanks @​jhpratt)

Commits

• af77385 Release 1.0.18
• 73a7c03 Merge pull request #68 from jhpratt/master
• 7b4c86b Optimize 128-bit integer formatting
• 0d8a489 Fill in pointer cast type
• e693c49 Merge pull request #67 from xtqqczze/as_mut_ptr
• 29b3410 Simplify pointer usage in Buffer::format method
• bbf077f Switch to 9975WX benchmark data
• 65bc721 Delete old chart code
• See full diff in compare view

Updates rustls-webpki from 0.103.9 to 0.103.10

Release notes

Sourced from rustls-webpki's releases.

0.103.10

Correct selection of candidate CRLs by Distribution Point and Issuing Distribution Point. If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored.

The impact was that correctly provided CRLs would not be consulted to check revocation. With UnknownStatusPolicy::Deny (the default) this would lead to incorrect but safe Error::UnknownRevocationStatus. With UnknownStatusPolicy::Allow this would lead to inappropriate acceptance of revoked certificates.

This vulnerability is thought to be of limited impact. This is because both the certificate and CRL are signed -- an attacker would need to compromise a trusted issuing authority to trigger this bug. An attacker with such capabilities could likely bypass revocation checking through other more impactful means (such as publishing a valid, empty CRL.)

More likely, this bug would be latent in normal use, and an attacker could leverage faulty revocation checking to continue using a revoked credential.

This vulnerability is identified by GHSA-pwjx-qhcg-rvj4. Thank you to @​1seal for the report.

What's Changed

• Freshen up rel-0.103 by @​ctz in rustls/webpki#455
• Prepare 0.103.10 by @​ctz in rustls/webpki#458

Full Changelog: rustls/webpki@v/0.103.9...v/0.103.10

Commits

• 348ce01 Prepare 0.103.10
• dbde592 crl: fix authoritative_for() support for multiple URIs
• 9c4838e avoid std::prelude imports
• 009ef66 fix rust 1.94 ambiguous panic macro warnings
• c41360d build(deps): bump taiki-e/cache-cargo-install-action from 2 to 3
• e401d00 generate.py: reformat for black 2026.1.0
• 06cedec Take semver-compatible deps
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions