deps: bump webpki-roots from 0.26.11 to 1.0.6

[dependabot]

Bumps webpki-roots from 0.26.11 to 1.0.6.

Release notes

Sourced from webpki-roots's releases.

1.0.6

"e-Szigno TLS Root CA 2023" added, see https://bugzilla.mozilla.org/show_bug.cgi?id=1873057

What's Changed

• Update dependencies by @​djc in rustls/webpki-roots#111
• Trigger CI workflow on merge groups by @​djc in rustls/webpki-roots#113
• webpki-roots: 1.0.6 by @​ctz in rustls/webpki-roots#115

Full Changelog: rustls/webpki-roots@v/1.0.5...v/1.0.6

1.0.5

Removes the following trust anchors which have passed their distrust-after-last-issuance dates:

• Entrust Root Certification Authority - EC1
• Entrust Root Certification Authority - G2
• Entrust Root Certification Authority
• AffirmTrust Commercial
• AffirmTrust Networking
• AffirmTrust Premium
• AffirmTrust Premium ECC

What's Changed

• ccadb: add CertificateMetadata::test_website_revoked field by @​djc in rustls/webpki-roots#110
• webpki-root[s|-certs]: 1.0.4 -> 1.0.5 by @​cpu in rustls/webpki-roots#112

Full Changelog: rustls/webpki-roots@v/1.0.4...v/1.0.5

1.0.4

CommScope removal

https://bugzilla.mozilla.org/show_bug.cgi?id=1994866 tracks the voluntary removal of:

• CommScope Public Trust ECC Root-01
• CommScope Public Trust ECC Root-02
• CommScope Public Trust RSA Root-01
• CommScope Public Trust RSA Root-02

What's Changed

• 1.0.4: track removal of CommScope by @​ctz in rustls/webpki-roots#109

Full Changelog: rustls/webpki-roots@v/1.0.3...v/1.0.4

1.0.3

Addition of "OISTE Server Root RSA G1" & "OISTE Server Root ECC G1": https://bugzilla.mozilla.org/show_bug.cgi?id=1988913.

What's Changed

• 1.0.3: track October 2025 additions by @​ctz in rustls/webpki-roots#108

... (truncated)

Commits

• c97def9 webpki-roots: 1.0.6 (#115)
• d30d248 Trigger CI workflow on merge groups
• 2a4b845 Take semver-compatible dependency updates
• 17c2013 Bump webpki-ccadb version to 0.2.1
• 3883a16 Upgrade to x509-parser 0.18
• 6bfc62d Upgrade reqwest to 0.13
• a1f3433 webpki-root[s|-certs]: 1.0.4 -> 1.0.5
• 1daa071 ccadb: bump version to 0.2.0
• 194014d ccadb: add CertificateMetadata::test_website_revoked field
• 3807af8 ccadb: make CertificateMetadata non-exhaustive
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: rust. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[nitecon]

Eventic automated review — pull_request.labeled

This PR upgrades webpki-roots from 0.26.11 → 1.0.6. Because 0.x → 1.x is a breaking bump in Cargo semver, Eventic's auto-merge policy classifies this as major and defers to human review rather than merging automatically.

Compatibility assessment (automated):

• Single workspace call site: lnc-network/src/tls.rs:293 — webpki_roots::TLS_SERVER_ROOTS.iter().cloned(). This idiom is source-compatible with 1.0.x (TLS_SERVER_ROOTS: &[TrustAnchor<'static>], TrustAnchor: Clone).
• CI runs with --all-features, so the tls feature gating webpki-roots is exercised by: Clippy, Clippy Strict, Test (ubuntu-latest), Test (macos-latest), Build Release (ubuntu-latest/macos-latest), Documentation, Security Audit, Dependency Audit, Build and Test.
• All 18 checks SUCCESS; CodeQL NEUTRAL (typical). PR state CLEAN, MERGEABLE.

Upstream notes (1.0.x line):

• 1.0 line removes expired/distrusted-after roots over releases (Entrust roots in 1.0.5, CommScope in 1.0.4).
• 1.0.6 adds e-Szigno TLS Root CA 2023.

Verdict: Automated signal is green. Holding per policy on major bumps — please approve/merge manually, or reply with an explicit auto-merge approval to unblock similar 0.x → 1.x bumps in the future.