Sourced from bytes's releases.

Bytes v1.11.1

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

Bytes v1.11.0

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Bytes v1.10.1

1.10.1 (March 5th, 2025)

Fixed

• Fix memory leak when using to_vec with Bytes::from_owner (#773)

#773: tokio-rs/bytes#773

Bytes v1.10.0

1.10.0 (February 3rd, 2025)

Added

• Add feature to support platforms without atomic CAS (#467)
• try_get_* methods for Buf trait (#753)
• Implement Buf::chunks_vectored for Take (#617)
• Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

• Remove incorrect guarantee for chunks_vectored (#754)
• Ensure that tests pass under panic=abort (#749)

... (truncated)

Sourced from bytes's changelog.

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

1.10.1 (March 5th, 2025)

Fixed

• Fix memory leak when using to_vec with Bytes::from_owner (#773)

1.10.0 (February 3rd, 2025)

Added

• Add feature to support platforms without atomic CAS (#467)
• try_get_* methods for Buf trait (#753)
• Implement Buf::chunks_vectored for Take (#617)
• Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

• Remove incorrect guarantee for chunks_vectored (#754)
• Ensure that tests pass under panic=abort (#749)

1.9.0 (November 27, 2024)

Added

• Add Bytes::from_owner to enable externally-allocated memory (#742)

Documented

... (truncated)

• 417dccd Release bytes v1.11.1 (#820)
• d0293b0 Merge commit from fork
• a7952fb chore: prepare bytes v1.11.0 (#804)
• 60cbb77 fix: BytesMut only reuse if src has remaining (#803)
• 7ce330f Move drop_fn of from_owner into vtable (#801)
• 4b53a29 Tweak BytesMut::remaining_mut (#795)
• 016fdbd Reserve capacity in BytesMut::put (#794)
• ef7f257 Specialize BytesMut::put::<Bytes> (#793)
• 8b4f54d Ignore BytesMut::freeze doctest on wasm (#790)
• 16132ad Fix latest clippy warnings (#787)
• Additional commits viewable in compare view

• See full diff in compare view

Sourced from rand's changelog.

[0.9.3] — 2026-02-11

This release back-ports a fix from v0.10. See also #1763.

Changes

• Deprecate feature log (#1764)
• Replace usages of doc_auto_cfg (#1764)

#1763: rust-random/rand#1763

[0.9.2] — 2025-07-20

Deprecated

• Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

• Enable WeightedIndex<usize> (de)serialization (#1646)

[0.9.1] - 2025-04-17

Security and unsafe

• Revise "not a crypto library" policy again (#1565)
• Remove zerocopy dependency from rand (#1579)

Fixes

• Fix feature simd_support for recent nightly rust (#1586)

Changes

• Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#1623), reverting an undocumented change (#1382) to the previous release.

Additions

• Add rand::distr::Alphabetic distribution. (#1587)
• Re-export rand_core (#1604)

[0.9.0] - 2025-01-27

Security and unsafe

• Policy: "rand is not a crypto library" (#1514)
• Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
• Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

• Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
• Update to rand_core v0.9.0 (#1558)

Features

• Support std feature without getrandom or rand_chacha (#1354)
• Enable feature small_rng by default (#1455)
• Remove implicit feature rand_chacha; use std_rng instead. (#1473)
• Rename feature serde1 to serde (#1477)
• Rename feature getrandom to os_rng (#1537)
• Add feature thread_rng (#1547)

API changes: rand_core traits

... (truncated)

• 1aeee9f Prepare v0.9.3: deprecate feature log (#1764)
• 98473ee Prepare rand 0.9.2 (#1648)
• 031a1f5 examples/print-next.rs (#1647)
• 6cb75ee Make UniformUsize serializable (#1646)
• 0c955c5 Add some tests for BlockRng, BlockRng64 and Xoshiro RNGs (#1639)
• 204084a Fix: Remove accidental editor swap file (#1636)
• 86262ac Deprecate rand::rngs::mock module and StepRng (#1634)
• a6e217f Update statrs link (#1630)
• db993ec Prepare rand v0.9.1 (#1629)
• 3057641 Remove zerocopy from rand (#1579)
• Additional commits viewable in compare view

• See full diff in compare view

Sourced from h2's releases.

v0.3.26

What's Changed

• Limit number of CONTINUATION frames for misbehaving connections.

See https://seanmonstar.com/blog/hyper-http2-continuation-flood/ for more info.

v0.3.25

What's Changed

• perf: optimize header list size calculations by @​Noah-Kennedy in hyperium/h2#750

Full Changelog: hyperium/h2@v0.3.24...v0.3.25

v0.3.24

Fixed

• Limit error resets for misbehaving connections.

v0.3.23

What's Changed

• cherry-pick fix: streams awaiting capacity lockout in hyperium/h2#734

v0.3.22

What's Changed

• Add header_table_size(usize) option to client and server builders.
• Improve throughput when vectored IO is not available.
• Update indexmap to 2.

New Contributors

• @​tottoto made their first contribution in hyperium/h2#714
• @​xiaoyawei made their first contribution in hyperium/h2#712
• @​Protryon made their first contribution in hyperium/h2#719
• @​4JX made their first contribution in hyperium/h2#638
• @​vuittont60 made their first contribution in hyperium/h2#724

Sourced from h2's changelog.

0.3.27 (July 11, 2025)

• Fix notifying wakers when detecting local stream errors.

0.3.26 (April 3, 2024)

• Limit number of CONTINUATION frames for misbehaving connections.

0.3.25 (March 15, 2024)

• Improve performance decoding many headers.

0.3.24 (January 17, 2024)

• Limit error resets for misbehaving connections.

0.3.23 (January 10, 2024)

• Backport fix from 0.4.1 for stream capacity assignment.

0.3.22 (November 15, 2023)

• Add header_table_size(usize) option to client and server builders.
• Improve throughput when vectored IO is not available.
• Update indexmap to 2.

• f6237ac v0.3.27
• f61332e refactor: change local reset counter to use type system more
• 3f1a8e3 style: fix anonymous lifetime syntax
• 778aa7e fix: notify_recv after send_reset() in reset_on_recv_stream_err() to ensure l...
• be10b77 ci: pin more deps for MSRV job (#817)
• c0d9feb ci: pin deps for MSRV
• 5ccd9cf lints: fix unexpected cfgs warnings
• e6e3e9c fix: return a WriteZero error if frames cannot be written (#783)
• 357127e v0.3.26
• 1a357aa fix: limit number of CONTINUATION frames allowed
• Additional commits viewable in compare view

• a8936d9 keccak v0.1.6
• 40c50c1 keccak v0.1.5 (#69)
• 2dc13bf keccak: enable asm backend for p1600 (#68)
• a3a4e01 Revert "Update Cargo.lock" (#67)
• 3a9a29e Update Cargo.lock
• 9e4f6bc keccak: don't test simd feature in minimal-versions workflow (#66)
• 329d4cd Replace cross tests with MIRI (#63)
• 48cc4ac build(deps): bump actions/checkout from 3 to 4 (#61)
• 651a34e keccak: replace CI tests on MIPS with PPC32 (#62)
• 4730c6f benches: remove criterion deps workaround (#60)
• Additional commits viewable in compare view

Sourced from mio's changelog.

0.8.11

• Fix receiving IOCP events after deregistering a Windows named pipe (tokio-rs/mio#1760, backport pr: tokio-rs/mio#1761).

0.8.10

Added

• Solaris support (tokio-rs/mio#1724).

• 0328bde Release v0.8.11
• 7084498 Fix warnings
• 90d4fe0 named-pipes: fix receiving IOCP events after deregister
• c710a30 Add v0.8.x to the CI
• c29e21c Release v0.8.10
• f6a20da Add Solaris operating system support (#1724)
• See full diff in compare view

Sourced from openssl's releases.

openssl-v0.10.68

What's Changed

• fixes #2317 -- restore compatibility with our MSRV and release openssl 0.9.68 by @​alex in sfackler/rust-openssl#2318

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.67...openssl-v0.10.68

openssl-v0.10.67

What's Changed

• Added a utility function to ensure we never have an issue with 0-length slices from pointers again by @​alex in sfackler/rust-openssl#2268
• Fix CI for the latest rustc by @​alex in sfackler/rust-openssl#2271
• Add binding for EVP_DigestSqueeze by @​initsecret in sfackler/rust-openssl#2270
• libressl 4.0: const correctness for X509_LOOKUP_METHOD by @​botovq in sfackler/rust-openssl#2276
• Bump hex dev-dependency version by @​alex in sfackler/rust-openssl#2277
• Raise bindgen version by @​alex in sfackler/rust-openssl#2278
• Ensure Rsa::check_key doesn't leave errors on the stack by @​alex in sfackler/rust-openssl#2279
• Update some docs to use the corresponds macro by @​rushilmehra in sfackler/rust-openssl#2282
• Don't leave errors on the stack in MdCtxRef::digest_verify_final by @​alex in sfackler/rust-openssl#2283
• Adjustments for LibreSSL 4 by @​botovq in sfackler/rust-openssl#2287
• Explicit rustfmt config by @​kornelski in sfackler/rust-openssl#2285
• add basic EVP_KDF bindings by @​reaperhulk in sfackler/rust-openssl#2289
• add ossl3 thread pool bindings by @​reaperhulk in sfackler/rust-openssl#2293
• add argon2id support for ossl 3.2+ by @​reaperhulk in sfackler/rust-openssl#2290
• fix 3.2.0 thread support and simplify by @​reaperhulk in sfackler/rust-openssl#2294
• add libctx arg to argon2id by @​reaperhulk in sfackler/rust-openssl#2295
• support using threads in argon2id by @​reaperhulk in sfackler/rust-openssl#2296
• Ensure beginning and end of the error output is readable by @​kornelski in sfackler/rust-openssl#2284
• Test against 3.4.0-alpha1 by @​sfackler in sfackler/rust-openssl#2302
• Resolve clippy warnings from nightly by @​alex in sfackler/rust-openssl#2310
• fixes #2311 -- silencer resolver warnings by @​alex in sfackler/rust-openssl#2312
• Bump to 3.4.0-beta1 by @​sfackler in sfackler/rust-openssl#2313
• LibreSSL 4.0.0 by @​botovq in sfackler/rust-openssl#2315
• Release openssl v0.10.67 and openssl-sys v0.9.104 by @​alex in sfackler/rust-openssl#2316

New Contributors

• @​initsecret made their first contribution in sfackler/rust-openssl#2270
• @​rushilmehra made their first contribution in sfackler/rust-openssl#2282
• @​kornelski made their first contribution in sfackler/rust-openssl#2285

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.66...openssl-v0.10.67

openssl-v0.10.66

What's Changed

• Fixed invariant violation in MemBio::get_buf with empty results by @​alex in sfackler/rust-openssl#2266
• Release openssl v0.10.66 by @​alex in sfackler/rust-openssl#2267

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.65...openssl-v0.10.66

openssl-v0.10.65

... (truncated)

• be8dcfd Merge pull request #2318 from alex/msrv-fix
• 065cc77 fixes #2317 -- restore compatibility with our MSRV and release openssl 0.9.68
• 7b3ec80 Merge pull request #2316 from alex/bump-for-release
• b510e8c Release openssl v0.10.67 and openssl-sys v0.9.104
• ee3b024 Merge pull request #2315 from botovq/libressl-4.0.0
• c4dabc2 CI: Update LibreSSL CI
• f9027b7 LibreSSL 4.0.0 is released & stable
• 1b51ba5 Merge pull request #2313 from sfackler/sfackler-patch-1
• de8a97c Bump to 3.4.0-beta1
• 3930464 Merge pull request #2312 from sfackler/alex-patch-1
• Additional commits viewable in compare view

Sourced from ruint's releases.

v1.9.0

What's Changed

• Fix some typos by @​striezel in recmo/uint#235
• chore: add prestwich to code owners by @​prestwich in recmo/uint#237
• Fix issue #230 by @​recmo in recmo/uint#234
• Bump fastrlp from 0.3.0 to 0.3.1 by @​dependabot in recmo/uint#239
• fix incorrect wrapping_mul doc by @​DaniPopes in recmo/uint#218
• Bump serde from 1.0.160 to 1.0.163 by @​dependabot in recmo/uint#242
• Replace unmaintained actions-rs/* actions in CI workflows by @​striezel in recmo/uint#236
• feat: make serde::Deserialize impl more permissive by @​DaniPopes in recmo/uint#246
• feature: minimal human-readable serialization of uints by @​prestwich in recmo/uint#243
• fix: prevent overflowing instantiation in from_base_be by @​prestwich in recmo/uint#249
• fix: from_base_be overflow by @​DaniPopes in recmo/uint#253
• fix: from_base_le by @​DaniPopes in recmo/uint#255
• chore: extract inline benches to a separate directory by @​DaniPopes in recmo/uint#262
• feat: merge alloy-rs/ruint (ruint2), take 2 by @​DaniPopes in recmo/uint#264
• chore(meta): add MSRV policy, remove Cargo.lock by @​DaniPopes in recmo/uint#265
• feat: ark version differentiation by @​DaniPopes in recmo/uint#266
• feature: ark version differentiation by @​prestwich in recmo/uint#241
• fix: circular dep in ruint by @​gakonst in recmo/uint#268
• feat: implement TryFrom by @​DaniPopes in recmo/uint#269
• fix: ruint-macro doctests by @​DaniPopes in recmo/uint#271
• feat: add Uint::byte by @​DaniPopes in recmo/uint#270
• chore: release 1.9.0 by @​DaniPopes in recmo/uint#272

New Contributors

• @​striezel made their first contribution in recmo/uint#235
• @​prestwich made their first contribution in recmo/uint#237
• @​dependabot made their first contribution in recmo/uint#239
• @​DaniPopes made their first contribution in recmo/uint#218
• @​gakonst made their first contribution in recmo/uint#268

Full Changelog: recmo/uint@v1.8.0...v1.9.0

Sourced from ruint's changelog.

[1.9.0] - 2023-07-25

Added

• Introduce ark-ff-04 feature flag for conversion to ark-ff@0.4 types
• Support for alloy-rlp
• MSRV (Minimum Supported Rust Version) is now set at 1.65.0, from previously undefined
• Implement TryFrom<bool> for Uint
• New method: byte

Changed

• Make serde::Deserialize impl more permissive
• Use Ethereum Quantity encoding for serde serialization when human-readable
• Fix error in from_base_be that allowed instantiation of overflowing Uint
• Updated fastrlp to 0.3, pyo3 to 0.19, and sqlx-core to 0.7
• Improved fastrlp perfomance
• Improved proptest performance
• Made support module and its modules public
• Made more algorithm functions public
• Constified as_le_slice and as_le_bytes

Removed

• Automatic detection of nightly features. Enable them instead with the nightly cargo feature
• Dependency on derive_more

Fixed

• from_base_le implementation by reversing the input iterator

[1.8.0] — 2023-04-19

Added

• Support bn-rs, serde and uint! for Bits

Fixed

• Serde human readable now encodes the empty bitstring as 0x0 and rejects zero prefixes.

• 4b04138 Merge pull request #272 from DaniPopes/release-1-9-0
• 4d989b8 chore: release 1.9.0
• e4a7270 Merge pull request #270 from DaniPopes/byte-fn
• 8d6ea93 Merge branch 'main' into byte-fn
• c8a021f feat: add Uint::byte
• 1519f44 Merge pull request #271 from DaniPopes/fix-doctests
• 8679e17 Merge branch 'main' into fix-doctests
• 36480e3 Merge pull request #269 from DaniPopes/from-bool
• d109f37 fix: ruint-macro doctests
• af00163 feat: implement TryFrom<bool>
• Additional commits viewable in compare view

Sourced from tokio's releases.

Tokio v1.51.1

1.51.1 (April 8th, 2026)

Fixed

• sync: fix semaphore reopens after forget (#8021)
• net: surface errors from SO_ERROR on recv for UDP sockets on Linux (#8001)

Fixed (unstable)

• metrics: fix worker_local_schedule_count test (#8008)
• rt: do not leak fd when cancelling io_uring open operation (#7983)

#7983: tokio-rs/tokio#7983 #8001: tokio-rs/tokio#8001 #8008: tokio-rs/tokio#8008 #8021: tokio-rs/tokio#8021

Tokio v1.51.0

1.51.0 (April 3rd, 2026)

Added

• net: implement get_peer_cred on Hurd (#7989)
• runtime: add tokio::runtime::worker_index() (#7921)
• runtime: add runtime name (#7924)
• runtime: stabilize LocalRuntime (#7557)
• wasm: add wasm32-wasip2 networking support (#7933)

Changed

• runtime: steal tasks from the LIFO slot (#7431)

Fixed

• docs: do not show "Available on non-loom only." doc label (#7977)
• macros: improve overall macro hygiene (#7997)
• sync: fix notify_waiters priority in Notify (#7996)
• sync: fix panic in Chan::recv_many when called with non-empty vector on closed channel (#7991)

#7431: tokio-rs/tokio#7431 #7557: tokio-rs/tokio#7557 #7921: tokio-rs/tokio#7921 #7924: tokio-rs/tokio#7924 #7933: tokio-rs/tokio#7933 #7977: tokio-rs/tokio#7977 #7989: tokio-rs/tokio#7989 #7991: tokio-rs/tokio#7991 #7996: tokio-rs/tokio#7996 #7997: tokio-rs/tokio#7997

... (truncated)

• 98df02d chore: prepare Tokio v1.51.1 (#8023)
• 3ea11e2 sync: fix semaphore reopens after forget (#8021)
• c791213 rt: do not leak fd when cancelling io_uring open operation (#7983)
• ad8c59a net: surface errors from SO_ERROR on recv for UDP sockets on Linux (#8001)
• 654d38b metrics: fix worker_local_schedule_count test (#8008)
• 857ba80 docs: improve contributing docs on how to specify crates dependency versions ...
• 95b9342 chore: remove path deps for tokio-macros 2.7.0 (#8007)
• 0af06b7 chore: prepare Tokio v1.51.0 (#8005)
• 01a7f1d chore: prepare tokio-macros v2.7.0 (#8004)
• eeb55c7 runtime: steal tasks from the LIFO slot (#7431)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.