Skip to content

chore(deps): bump webpki-roots from 0.26.11 to 1.0.7#543

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/webpki-roots-1.0.7
Open

chore(deps): bump webpki-roots from 0.26.11 to 1.0.7#543
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/webpki-roots-1.0.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps webpki-roots from 0.26.11 to 1.0.7.

Release notes

Sourced from webpki-roots's releases.

1.0.7

For their April 2026 root store changes, Mozilla has made more changes than usual:

These changes are part of Mozilla’s ongoing root store maintenance under the Mozilla Root Store Policy (MRSP), including §7.4 (Root CA Lifecycles) and §7.5.3 (Transition Plans). They reflect a combination of lifecycle-based transitions, CA operator requests, and alignment with intended certificate usage, including retiring older or less suitable root certificates, enforcing clear separation of trust purposes (e.g., TLS vs. S/MIME), and reducing unnecessary trust surface in the Web PKI ecosystem. Collectively, these actions help to ensure that root certificates are relied upon only for their intended and actively maintained use cases, or are retired in accordance with established distrust timelines.

This removes:

  • CN=Certigna O=Dhimyotis
  • CN=COMODO Certification Authority O=COMODO CA Limited
  • CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com
  • CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com
  • CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com
  • CN=FIRMAPROFESIONAL CA ROOT-A WEB O=Firmaprofesional SA
  • CN=GTS Root R2 O=Google Trust Services LLC
  • CN=QuoVadis Root CA 2 O=QuoVadis Limited
  • CN=QuoVadis Root CA 3 O=QuoVadis Limited
  • CN=Secure Global CA O=SecureTrust Corporation
  • CN=SecureTrust CA O=SecureTrust Corporation
  • CN=SwissSign Gold CA - G2 O=SwissSign AG
  • CN=TeliaSonera Root CA v1 O=TeliaSonera
  • CN=Trustwave Global Certification Authority O=Trustwave Holdings, Inc.
  • CN=Trustwave Global ECC P256 Certification Authority O=Trustwave Holdings, Inc.
  • CN=Trustwave Global ECC P384 Certification Authority O=Trustwave Holdings, Inc.
  • O=certSIGN OU=certSIGN ROOT CA

See their announcement for more details.

What's Changed

Full Changelog: rustls/webpki-roots@v/1.0.6...v/1.0.7

1.0.6

"e-Szigno TLS Root CA 2023" added, see https://bugzilla.mozilla.org/show_bug.cgi?id=1873057

What's Changed

Full Changelog: rustls/webpki-roots@v/1.0.5...v/1.0.6

1.0.5

Removes the following trust anchors which have passed their distrust-after-last-issuance dates:

... (truncated)

Commits

@dependabot
chore(deps): bump webpki-roots from 0.26.11 to 1.0.7
a3c9ff0 
Bumps [webpki-roots](https://github.com/rustls/webpki-roots) from 0.26.11 to 1.0.7.
- [Release notes](https://github.com/rustls/webpki-roots/releases)
- [Commits](rustls/webpki-roots@v/0.26.11...v/1.0.7)

---
updated-dependencies:
- dependency-name: webpki-roots
  dependency-version: 1.0.7
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/webpki-roots-1.0.7 branch from 7b5457b to a3c9ff0 Compare June 22, 2026 15:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Cmochance Cmochance

Labels

Improvement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Cmochance