Skip to content

Bump base64-ng from 1.0.5 to 1.3.5#13

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/base64-ng-1.3.5
Closed

Bump base64-ng from 1.0.5 to 1.3.5#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/base64-ng-1.3.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown

Bumps base64-ng from 1.0.5 to 1.3.5.

Release notes

Sourced from base64-ng's releases.

base64-ng 1.3.5

1.3.5 is a RISC-V evidence and release-governance patch for the base64-ng crate family.

Highlights

  • Added required riscv64gc-unknown-linux-gnu QEMU user-mode evidence for functional correctness and scalar/fallback runtime behavior.
  • Added release-gated RISC-V posture checks documenting that stable Rust does not currently expose an admitted RVV backend for base64-ng.
  • Documented that RISC-V acceleration is deliberately not admitted in this release. QEMU evidence is correctness/fallback evidence only, not hardware performance, timing, side-channel, register-retention, or production-CPU equivalence evidence.
  • Added RISC-V release evidence into the stable release gate alongside the existing x86, AArch64, wasm, and big-endian evidence paths.
  • Synchronized all workspace crate package versions to 1.3.5.

Notes

The admitted SIMD acceleration scope is unchanged from 1.3.4. RISC-V targets remain scalar/fallback-only until stable Rust exposes reviewed RVV intrinsic paths and the project receives real hardware evidence from capable RVV systems.

base64-ng 1.3.4

1.3.4 is a big-endian evidence and release-governance patch for the base64-ng crate family.

Highlights

  • Added required s390x-unknown-linux-gnu QEMU user-mode evidence for big-endian functional correctness and scalar/fallback runtime behavior.
  • Added release-gated checks proving stable Rust still gates s390x and PowerPC64 vector intrinsics behind unstable stdarch_* features on the active release toolchain.
  • Documented that big-endian acceleration is deliberately not admitted in this release. QEMU evidence is correctness/fallback evidence only, not hardware performance, timing, side-channel, register-retention, or production-CPU equivalence evidence.
  • Improved the optional PowerPC64 QEMU path with an early glibc sysroot preflight, so maintainers get a clear missing-sysroot error when only the cross compiler is installed.
  • Synchronized all workspace crate package versions to 1.3.4.

Notes

The admitted SIMD acceleration scope is unchanged from 1.3.3. Big-endian targets remain scalar/fallback-only until stable Rust exposes reviewed

... (truncated)

Changelog

Sourced from base64-ng's changelog.

1.3.5 - 2026-07-04

  • Added required riscv64gc-unknown-linux-gnu QEMU user-mode evidence for RISC-V functional correctness, scalar/fallback runtime reporting, malformed-input behavior, clear-tail behavior, in-place behavior, wrapped/legacy compatibility, strict SIMD decode dispatch surface fallback, and stream behavior.
  • Added stable Rust blocker checks proving core::arch::riscv64 remains behind the unstable riscv_ext_intrinsics feature gate on the active release toolchain.
  • Documented that RISC-V RVV acceleration is deliberately not admitted in this release; QEMU evidence is fallback/correctness evidence only, not hardware performance, timing, side-channel, or register-retention evidence.
  • Added RISC-V release-gate posture validation and package-included review documentation requesting community evidence from real RVV 1.0 systems.
  • Synchronized all workspace crate package versions to 1.3.5.

1.3.4 - 2026-07-03

  • Added required s390x-unknown-linux-gnu QEMU user-mode evidence for big-endian functional correctness, scalar/fallback runtime reporting, malformed-input behavior, clear-tail behavior, in-place behavior, wrapped/legacy compatibility, and stream behavior.
  • Added stable Rust blocker checks proving core::arch::s390x and core::arch::powerpc64 remain behind unstable stdarch_* feature gates on the active release toolchain.
  • Documented that big-endian acceleration is deliberately not admitted in this release; QEMU evidence is fallback/correctness evidence only, not hardware performance, timing, side-channel, or register-retention evidence.
  • Improved the optional PowerPC64 QEMU path with an early glibc sysroot preflight so maintainers get a clear missing-sysroot error instead of a linker dump.
  • Synchronized all workspace crate package versions to 1.3.4.

1.3.3 - 2026-07-03

  • Admitted narrow wasm simd128 runtime dispatch for Standard and URL-safe public encode plus normal strict decode when wasm32 binaries are compiled with target-feature=+simd128, simd, and the explicit allow-wasm32-best-effort-wipe feature.
  • Added Node/V8 and Wasmtime runtime smoke evidence requiring wasm-simd128 candidate, active encode, and active decode backend reporting plus Standard and URL-safe deterministic length sweeps, independent scalar reference encode checks, malformed-input rejection, and public API round trips.
  • Added Chromium-family browser runtime smoke evidence for the same admitted wasm simd128 profile.
  • Added Firefox/SpiderMonkey WebDriver runtime smoke evidence through geckodriver and Safari/WebKit WebDriver runtime smoke evidence through safaridriver.

... (truncated)

Commits
  • 5174a9b Refresh 1.3.5 pentest report
  • 4e14850 Add 1.3.5 release notes
  • c33dab4 Record 1.3.5 pentest pass
  • 501f46f Add RISC-V QEMU evidence gate
  • 5d6d797 Refresh 1.3.4 pentest report
  • 4d2358f Bound Miri release gate coverage
  • 2efe0bb Refresh 1.3.4 pentest report
  • cafa62e Bootstrap big-endian intrinsic check targets
  • d7a96f2 Record 1.3.4 pentest pass
  • 6dfd316 Prepare 1.3.4 release metadata
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [base64-ng](https://github.com/valkyoth/base64-ng) from 1.0.5 to 1.3.5.
- [Release notes](https://github.com/valkyoth/base64-ng/releases)
- [Changelog](https://github.com/valkyoth/base64-ng/blob/main/CHANGELOG.md)
- [Commits](valkyoth/base64-ng@v1.0.5...v1.3.5)

---
updated-dependencies:
- dependency-name: base64-ng
  dependency-version: 1.3.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 5, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Author

Superseded by #14.

@dependabot dependabot Bot closed this Jul 12, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/base64-ng-1.3.5 branch July 12, 2026 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants