From f20e172a62acc3e4fdd3963d50cf943490dcc8e9 Mon Sep 17 00:00:00 2001
From: OneNoted <notes@madeingotland.com>
Date: Tue, 14 Apr 2026 19:35:09 +0200
Subject: [PATCH] fix: reduce directly owned Rust advisory exposure

The workspace still inherits unresolved Linux desktop advisories through the current Tauri stack, but the lockfile can still be tightened for the dependency branches this repo directly owns. Move the reqwest/quinn path onto rand 0.9.3 and refresh rustls-webpki so the remaining Dependabot triage is limited to upstream Tauri debt instead of stale local lockfile state.

Constraint: Current compatible Tauri Linux releases still resolve glib 0.18.x and tauri-utils rand copies
Rejected: Fork tauri-utils or replace Tauri for alert triage | too broad for this maintenance task
Confidence: medium
Scope-risk: narrow
Reversibility: clean
Directive: Revisit the dismissed GitHub alerts when Tauri publishes Linux stack updates for glib and rand advisories
Tested: cargo test --workspace; cargo audit; GitHub Dependabot open-alert query
Not-tested: packaged desktop runtime smoke test after the lockfile refresh
---
 Cargo.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 179c7e4..8f04001 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2942,7 +2942,7 @@ dependencies = [
  "bytes",
  "getrandom 0.3.4",
  "lru-slab",
- "rand 0.9.2",
+ "rand 0.9.3",
  "ring",
  "rustc-hash",
  "rustls",
@@ -3016,9 +3016,9 @@ dependencies = [
 
 [[package]]
 name = "rand"
-version = "0.9.2"
+version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
+checksum = "7ec095654a25171c2124e9e3393a930bddbffdc939556c914957a4c3e0a87166"
 dependencies = [
  "rand_chacha 0.9.0",
  "rand_core 0.9.5",
@@ -3314,9 +3314,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.10"
+version = "0.103.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef"
+checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06"
 dependencies = [
  "ring",
  "rustls-pki-types",