From 88bf4bb3d41a02ff7c54c0015efbc898648d1300 Mon Sep 17 00:00:00 2001
From: David Blodgett <dblodgett@usgs.gov>
Date: Sat, 25 Apr 2026 19:02:46 -0500
Subject: [PATCH] bump rustls-webpki 0.103.12 -> 0.103.13 in Cargo.lock

Patches GHSA-82j2-j2ch-gfr8 (CVSS 7.5): panic on malformed CRL
BIT STRING. pizzarr does not enable RevocationOptions, so not
exploitable here, but clears the Dependabot alert.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/rust/Cargo.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock
index ebc7055..a9454d8 100644
--- a/src/rust/Cargo.lock
+++ b/src/rust/Cargo.lock
@@ -1950,9 +1950,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.12"
+version = "0.103.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06"
+checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
 dependencies = [
  "ring",
  "rustls-pki-types",