Update Rust crate openssl to v0.10.70 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
openssl	dependencies	patch	0.10.30 → 0.10.70

GitHub Vulnerability Alerts

GHSA-6hcf-g6gr-hhcr

These functions would crash when the context argument was None with certain extension types.

Thanks to David Benjamin (Google) for reporting this issue.

GHSA-3gxf-9r58-2ghg

OpenSSL has a modified bit that it can set on on X509_NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value.

Thanks to David Benjamin (Google) for reporting this issue.

GHSA-9qwg-crg9-m2vc

SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3_EXT_nconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads.

Thanks to David Benjamin (Google) for reporting this issue.

CVE-2023-53159

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

GHSA-xphf-cx8h-7q9g

This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind one's back.

Use of this function should be replaced with X509StoreRef::all_certificates.

GHSA-q445-7m23-qrmw

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.

CVE-2025-24898

Impact

ssl::select_next_proto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the server buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client.

Patches

openssl 0.10.70 fixes the signature of ssl::select_next_proto to properly constrain the output buffer's lifetime to that of both input buffers.

Workarounds

In standard usage of ssl::select_next_proto in the callback passed to SslContextBuilder::set_alpn_select_callback, code is only affected if the server buffer is constructed within the callback. For example:

Not vulnerable - the server buffer has a 'static lifetime:

builder.set_alpn_select_callback(|_, client_protos| {
    ssl::select_next_proto(b"\x02h2", client_protos).ok_or_else(AlpnError::NOACK)
});

Not vulnerable - the server buffer outlives the handshake:

let server_protos = b"\x02h2".to_vec();
builder.set_alpn_select_callback(|_, client_protos| {
    ssl::select_next_proto(&server_protos, client_protos).ok_or_else(AlpnError::NOACK)
});

Vulnerable - the server buffer is freed when the callback returns:

builder.set_alpn_select_callback(|_, client_protos| {
    let server_protos = b"\x02h2".to_vec();
    ssl::select_next_proto(&server_protos, client_protos).ok_or_else(AlpnError::NOACK)
});

References

https://github.com/sfackler/rust-openssl/pull/2360

---

Release Notes

rust-openssl/rust-openssl (openssl)

v0.10.70: openssl v0.10.70

Compare Source

What's Changed

• Attempt to fix CI by pinning to the Ubuntu 22.04 image by @​alex in sfackler#2357
• Remove EC_METHOD and EC_GROUP_new for LibreSSL 4.1 by @​botovq in sfackler#2356
• Test against 3.4.0 final release by @​alex in sfackler#2359
• Expose SslMethod::{dtls_client,dtls_server} by @​alex in sfackler#2358
• Fix lifetimes in ssl::select_next_proto by @​sfackler in sfackler#2360

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.69...openssl-v0.10.70

v0.10.69: openssl v0.10.69

Compare Source

What's Changed

• build(deps): Update openssl-macro to version 0.1.1 by @​caspermeijn in sfackler#2324
• Enable set_alpn_select_callback for BoringSSL by @​ViktoriiaKovalova in sfackler#2327
• Switch the test to use prime256v1 based key by @​dcermak in sfackler#2330
• Expose EVP_DigestSqueeze from Hasher by @​initsecret in sfackler#2275
• Expose SSL_CTX_load_verify_locations by @​sfackler in sfackler#2353

New Contributors

• @​caspermeijn made their first contribution in sfackler#2324
• @​ViktoriiaKovalova made their first contribution in sfackler#2327

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.68...openssl-v0.10.69

v0.10.68

Compare Source

What's Changed

• fixes #​2317 -- restore compatibility with our MSRV and release openssl 0.9.68 by @​alex in sfackler#2318

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.67...openssl-v0.10.68

v0.10.67

Compare Source

What's Changed

• Added a utility function to ensure we never have an issue with 0-length slices from pointers again by @​alex in sfackler#2268
• Fix CI for the latest rustc by @​alex in sfackler#2271
• Add binding for EVP_DigestSqueeze by @​initsecret in sfackler#2270
• libressl 4.0: const correctness for X509_LOOKUP_METHOD by @​botovq in sfackler#2276
• Bump hex dev-dependency version by @​alex in sfackler#2277
• Raise bindgen version by @​alex in sfackler#2278
• Ensure Rsa::check_key doesn't leave errors on the stack by @​alex in sfackler#2279
• Update some docs to use the corresponds macro by @​rushilmehra in sfackler#2282
• Don't leave errors on the stack in MdCtxRef::digest_verify_final by @​alex in sfackler#2283
• Adjustments for LibreSSL 4 by @​botovq in sfackler#2287
• Explicit rustfmt config by @​kornelski in sfackler#2285
• add basic EVP_KDF bindings by @​reaperhulk in sfackler#2289
• add ossl3 thread pool bindings by @​reaperhulk in sfackler#2293
• add argon2id support for ossl 3.2+ by @​reaperhulk in sfackler#2290
• fix 3.2.0 thread support and simplify by @​reaperhulk in sfackler#2294
• add libctx arg to argon2id by @​reaperhulk in sfackler#2295
• support using threads in argon2id by @​reaperhulk in sfackler#2296
• Ensure beginning and end of the error output is readable by @​kornelski in sfackler#2284
• Test against 3.4.0-alpha1 by @​sfackler in sfackler#2302
• Resolve clippy warnings from nightly by @​alex in sfackler#2310
• fixes #​2311 -- silencer resolver warnings by @​alex in sfackler#2312
• Bump to 3.4.0-beta1 by @​sfackler in sfackler#2313
• LibreSSL 4.0.0 by @​botovq in sfackler#2315
• Release openssl v0.10.67 and openssl-sys v0.9.104 by @​alex in sfackler#2316

New Contributors

• @​initsecret made their first contribution in sfackler#2270
• @​rushilmehra made their first contribution in sfackler#2282
• @​kornelski made their first contribution in sfackler#2285

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.66...openssl-v0.10.67

v0.10.66

Compare Source

What's Changed

• Fixed invariant violation in MemBio::get_buf with empty results by @​alex in sfackler#2266
• Release openssl v0.10.66 by @​alex in sfackler#2267

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.65...openssl-v0.10.66

v0.10.65

Compare Source

What's Changed

• don't emit rerun-if-changed when vendoring by @​reaperhulk in sfackler#2177
• Prepare for openssl-sys 0.9.101 release by @​alex in sfackler#2182
• don't emit rerun-if-changed unless the path exists and is readable by @​reaperhulk in sfackler#2187
• Added support for LibreSSL 3.9.0 by @​alex in sfackler#2202
• Support stable LibreSSL 3.9.x by @​alex in sfackler#2209
• openssl-sys 0.9.102 release by @​alex in sfackler#2210
• Add repository field to openssl-macros crate by @​paolobarbolini in sfackler#2211
• Add missing openssl-sys dependency by @​pieterdd in sfackler#2212
• Test OpenSSL 3.3.0-beta1 by @​sfackler in sfackler#2216
• test against 3.3.0 final by @​alex in sfackler#2218
• fix min-versions in CI by @​alex in sfackler#2228
• Make X509_VAL opaque for LibreSSL 4.0.0 by @​botovq in sfackler#2227
• Use the newer names for STACK_OF(T) functions with BoringSSL by @​davidben in sfackler#2231
• Only declare OpensslCallbacks in bindgen builds by @​alex in sfackler#2234
• Fix building with latest BoringSSL by @​davidben in sfackler#2230
• Emit rustc-check-cfg for nightly by @​alex in sfackler#2235
• Configure OpenSSL data dir on vendored builds. by @​DanielSidhion in sfackler#2122
• Add boringssl keylog callback support by @​mspublic in sfackler#2237
• Correct the name of the pkgconf package on some distros by @​JonathanBrouwer in sfackler#2253
• Add some OpenSSL 3 QUIC raw bindings by @​bdbai in sfackler#2257
• Initialize OpenSSL in MD constructors by @​sfackler in sfackler#2258
• Switch Pkey::from_ to use set1 functions by @​alex in sfackler#2262
• Release openssl v0.10.65 and openssl-sys v0.9.103 by @​alex in sfackler#2265

New Contributors

• @​paolobarbolini made their first contribution in sfackler#2211
• @​pieterdd made their first contribution in sfackler#2212
• @​DanielSidhion made their first contribution in sfackler#2122
• @​mspublic made their first contribution in sfackler#2237
• @​JonathanBrouwer made their first contribution in sfackler#2253
• @​bdbai made their first contribution in sfackler#2257

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.64...openssl-v0.10.65

v0.10.64

Compare Source

What's Changed

• Make _STACK opaque for LibreSSL >= 3.9.0 by @​botovq in sfackler#2153
• enable x509 verify and groups list for boringssl by @​zh-jq in sfackler#2155
• Cleanup some not-required Path::new invocations by @​alex in sfackler#2158
• fixed a clippy (nightly) warning by @​alex in sfackler#2161
• Bump actions versions by @​alex in sfackler#2162
• Add support for setting the nonce type and digest on a PKEY_CTX by @​facutuesca in sfackler#2144
• rebuild openssl-sys if the underlying openssl has changed by @​reaperhulk in sfackler#2157
• Added binding for EVP_default_properties_enable_fips by @​alex in sfackler#2168
• LibreSSL 3.9: fix CRYPTO_malloc/free signatures by @​botovq in sfackler#2170
• Expose alias on X509 structs by @​alex in sfackler#2167
• bump openssl and openssl-sys + changelogs by @​reaperhulk in sfackler#2175

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.63...openssl-v0.10.64

v0.10.63

Compare Source

What's Changed

• Allow passing a passphrase callback when loading a public key by @​alex in sfackler#2135
• Expose several additional ciphers for symmetry with symm by @​alex in sfackler#2140
• brew: add openssl@​3.0 (for 3.0.x LTS releases) by @​chenrui333 in sfackler#2141
• Add PKey::from_dhx by @​alex in sfackler#2142
• Make X509_PURPOSE opaque for LibreSSL >= 3.9.0 by @​botovq in sfackler#2145
• PEM parsing: check last error instead of first by @​botovq in sfackler#2148
• Expose brainpool NIDs on libressl by @​alex in sfackler#2150
• Add two methods to the PKCS7 API by @​facutuesca in sfackler#2111
• add more boringssl methods by @​zh-jq in sfackler#2138
• Release openssl v0.10.63 and openssl-sys v0.9.99 by @​alex in sfackler#2152

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.62...openssl-v0.10.63

v0.10.62

Compare Source

What's Changed

• fixes #​2119 -- use ErrorStack abstraction in X.509 error handling by @​alex in sfackler#2120
• Fix building with latest BoringSSL by @​alex in sfackler#2121
• Fix tests on macOS by @​alex in sfackler#2123
• Upcoming API changes in LibreSSL 3.9 by @​botovq in sfackler#2124
• Add rand_priv_bytes by @​overvenus in sfackler#2126
• Add nid constant for curve brainpoolP320r1 by @​nicklaswj in sfackler#2129
• Release openssl v0.10.62 and openssl-sys v0.9.98 by @​alex in sfackler#2133

New Contributors

• @​overvenus made their first contribution in sfackler#2126
• @​nicklaswj made their first contribution in sfackler#2129

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.61...openssl-v0.10.62

v0.10.61: openssl v0.10.61

Compare Source

v0.10.60

Compare Source

What's Changed

• Correct off-by-one in minimum output buffer size computation by @​alex in sfackler#2088
• Expose a few more (bad) ciphers in cipher::Cipher by @​alex in sfackler#2084
• add temp key bindings by @​jmayclin in sfackler#2076
• Expose ChaCha20 on LibreSSL by @​alex in sfackler#2093
• Revert "Correct off-by-one in minimum output buffer size computation" by @​alex in sfackler#2090
• Added update_unchecked to symm::Crypter by @​alex in sfackler#2100
• fixes #​2096 -- deprecate X509StoreRef::objects, it is unsound by @​alex in sfackler#2099
• Don't leak when overwriting ex data by @​sfackler in sfackler#2102
• Release openssl v0.10.60 and openssl-sys v0.9.96 by @​alex in sfackler#2104

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.59...openssl-v0.10.60

v0.10.59

Compare Source

What's Changed

• Add binding to NID of Chacha20-Poly1305 cipher by @​Arnavion in sfackler#2081
• Fixed cfg for RSA_PSS by @​alex in sfackler#2079
• fixes #​2050 -- build and test on libressl 3.8.2 by @​alex in sfackler#2082
• Release openssl v0.10.59 and openssl-sys v0.9.95 by @​alex in sfackler#2083

New Contributors

• @​Arnavion made their first contribution in sfackler#2081

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.58...openssl-v0.10.59

v0.10.58

Compare Source

What's Changed

• LibreSSL 3.8.1 support by @​alex in sfackler#2035
• Update vendored version to openssl 3 by @​amousset in sfackler#1925
• Test against 3.2.0-alpha1 by @​sfackler in sfackler#2037
• Removed reference to non-existent method by @​alex in sfackler#2039
• Bump CI to 1.1.1w by @​sfackler in sfackler#2040
• [openssl-sys] Add X509_check_{host,email,ip,ip_asc} fns by @​jgallagher in sfackler#2042
• Expose CBC mode for several more (bad) ciphers by @​alex in sfackler#2045
• Expose two additional Pkey IDs by @​alex in sfackler#2046
• Add support for CRL extensions and the Authority Information Access e… by @​AdmiralGT in sfackler#2003
• Fix clippy warnings produced by newer Rust by @​wiktor-k in sfackler#2052
• Use osslconf on BoringSSL by @​alex in sfackler#2056
• Make X509_ALGOR opaque for LibreSSL by @​botovq in sfackler#2060
• Don't ignore ECDSA tests without GF2m support by @​botovq in sfackler#2061
• Clarify 'possible LibreSSL bug' by @​botovq in sfackler#2062
• Enable BN_mod_sqrt() for upcoming LibreSSL 3.8.2 by @​botovq in sfackler#2063
• Enable SHA-3 for LibreSSL 3.8.0 by @​botovq in sfackler#2064
• Remove DH_generate_parameters for LibreSSL 3.8.2 by @​botovq in sfackler#2065
• Use EVP_MD_CTX_{new,free}() in LibreSSL 3.8.2 by @​botovq in sfackler#2067
• Enable HKDF support for LibreSSL >= 3.6.0 by @​botovq in sfackler#2066
• Two build script fixes for LibreSSL by @​botovq in sfackler#2068
• Respect OPENSSL_NO_OCB on AES functions by @​GuyLewin in sfackler#2070
• Support OPENSSL_NO_SCRYPT by @​GuyLewin in sfackler#2071
• Bump 3.2.0 beta by @​sfackler in sfackler#2073
• add security level bindings by @​jmayclin in sfackler#2074
• Release openssl v0.10.58 and openssl-sys v0.9.94 by @​alex in sfackler#2078

New Contributors

• @​amousset made their first contribution in sfackler#1925
• @​jgallagher made their first contribution in sfackler#2042
• @​AdmiralGT made their first contribution in sfackler#2003
• @​botovq made their first contribution in sfackler#2060
• @​GuyLewin made their first contribution in sfackler#2070
• @​jmayclin made their first contribution in sfackler#2074

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.57...openssl-v0.10.58

v0.10.57

Compare Source

What's Changed

• Expose chacha20_poly1305 on LibreSSL by @​alex in sfackler#2011
• Add openssl::cipher_ctx::CipherCtx::clone by @​johntyner in sfackler#2017
• Add X509VerifyParam::set_email by @​dhouck in sfackler#2018
• Add perl-FindBin dep for fedora by @​JadedBlueEyes in sfackler#2023
• Update to bitflags 2.2.1. by @​qwandor in sfackler#1906
• Release openssl v0.10.57 and openssl-sys v0.9.92 by @​alex in sfackler#2025

New Contributors

• @​johntyner made their first contribution in sfackler#2017
• @​dhouck made their first contribution in sfackler#2018
• @​JadedBlueEyes made their first contribution in sfackler#2023
• @​qwandor made their first contribution in sfackler#1906

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.56...openssl-v0.10.57

v0.10.56: openssl v0.10.56

Compare Source

v0.10.55

Compare Source

What's Changed

• Fix warnings from BoringSSL on Rust 1.70 by @​alex in sfackler#1948
• Honor OPENSSL_NO_OCB if OpenSSL was built this way by @​davidben in sfackler#1952
• Fix some deprecated patterns when using BoringSSL by @​davidben in sfackler#1945
• add get_asn1_flag to EcGroupRef by @​reaperhulk in sfackler#1947
• Fixed type mutability on asn1_flag by @​alex in sfackler#1954
• allow affine_coordinates on boring and libre by @​reaperhulk in sfackler#1955
• add support for EVP_PKEY_derive_set_peer_ex in OpenSSL 3 by @​reaperhulk in sfackler#1956
• Use type-safe wrappers instead of EVP_PKEY_assign by @​davidben in sfackler#1959
• add Nid::SM2 and pkey Id::SM2 by @​zh-jq in sfackler#1962
• Fix handling of empty host strings by @​sfackler in sfackler#1968
• Remove old codes that belows supported Rust version. by @​tesuji in sfackler#1966
• Release openssl v0.10.55 and openssl-sys v0.9.89 by @​alex in sfackler#1970

New Contributors

• @​davidben made their first contribution in sfackler#1952
• @​tesuji made their first contribution in sfackler#1966

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.54...openssl-v0.10.55

v0.10.54

Compare Source

What's Changed

• Remove converting PKCS#8 passphrase to CString by @​alex in sfackler#1941
• Version bump for openssl v0.10.54 release by @​alex in sfackler#1942

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.53...openssl-v0.10.54

v0.10.53

Compare Source

What's Changed

• Check for OPENSSL_NO_RC4 when using EVP_rc4 by @​oskirby in sfackler#1910
• Fix link errors for X509_get0_authority_xxx methods on Ubuntu/bionic by @​oskirby in sfackler#1909
• add X509::pathlen by @​zh-jq-b in sfackler#1916
• Add bindings to SSL_bytes_to_cipher_list by @​RoastVeg in sfackler#1921
• Add boringssl hkdf derivation by @​AndrewScull in sfackler#1926
• add other name support by @​huettner94 in sfackler#1915
• LibreSSL 3.8.0 by @​vishwin in sfackler#1935
• add Dsa with some helper functions by @​reaperhulk in sfackler#1937
• reimplement Dsa::generate in terms of generate_params/generate_key by @​reaperhulk in sfackler#1938
• Added DER serialization for DSAPrivateKey by @​alex in sfackler#1939
• version bump 0.9.88 and 0.10.53 by @​reaperhulk in sfackler#1940

New Contributors

• @​oskirby made their first contribution in sfackler#1910
• @​zh-jq-b made their first contribution in sfackler#1916
• @​RoastVeg made their first contribution in sfackler#1921
• @​huettner94 made their first contribution in sfackler#1915

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.52...openssl-v0.10.53

v0.10.52

Compare Source

What's Changed

• Expose BigNum::to_vec_padded on libressl and boringssl by @​alex in sfackler#1895
• add support for DH check key by @​reaperhulk in sfackler#1896
• add poly1305 EVP_PKEY type by @​reaperhulk in sfackler#1897
• Don't restrict the Signer lifetime by @​alex in sfackler#1898
• add low level cmac bindings by @​reaperhulk in sfackler#1899
• Expose pbkdf2_hmac and scrypt on BoringSSL by @​alex in sfackler#1900
• binding to get fips status for ossl300 by @​reaperhulk in sfackler#1901
• add more x509 extension helper functions by @​zh-jq in sfackler#1887
• changelog and version bumps for openssl and openssl-sys by @​reaperhulk in sfackler#1905

New Contributors

• @​zh-jq made their first contribution in sfackler#1887

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.51...openssl-v0.10.52

v0.10.51

Compare Source

What's Changed

• update documentation to reflect libressl support by @​reaperhulk in sfackler#1876
• Add issuer_name and reason_code to X509RevokedRef by @​Skepfyr in sfackler#1847
• Preparing openssl-sys for PKCS7 and X509 extensions by @​bkstein in sfackler#1789
• Fixes #​1884 -- don't leave an error on the stack in public_eq by @​alex in sfackler#1885
• Fixes #​1882 -- added APIs for setting public keys on Dh by @​alex in sfackler#1883
• DTLS1 and DTLS1_2 SslVersion for set_min_proto_version() by @​algesten in sfackler#1886
• Remove size_t-is-usize argument to bindgen by @​alex in sfackler#1888
• Documentation typo for X509Crl by @​remigranotier in sfackler#1891
• [Documentation] fixed X509Crl and X509Revoked description in doc by @​remigranotier in sfackler#1892
• add asn1octetstring creation support by @​reaperhulk in sfackler#1893
• Introduce X509Extension::new_from_der and deprecate the bad APIs by @​alex in sfackler#1880
• Release openssl v0.10.51 and openssl-sys v0.9.86 by @​alex in sfackler#1894

New Contributors

• @​algesten made their first contribution in sfackler#1886
• @​remigranotier made their first contribution in sfackler#1891

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.50...openssl-v0.10.51

v0.10.50: openssl v0.10.50

Compare Source

v0.10.49: openssl v0.10.49

Compare Source

v0.10.48: openssl v0.10.48

Compare Source

What's Changed

• Fix LibreSSL version checking in openssl/ by @​alex in sfackler#1851
• Skip a test that hangs on OpenSSL 3.1.0 by @​alex in sfackler#1850
• Improve reliability of some tests by @​smoelius in sfackler#1852
• Fix a series of security issues by @​alex in sfackler#1854
• Release openssl v0.10.48 and openssl-sys v0.9.83 by @​alex in sfackler#1855

New Contributors

• @​smoelius made their first contribution in sfackler#1852

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.47...openssl-v0.10.48

v0.10.47: openssl v0.10.47

Compare Source

v0.10.46: openssl v0.10.46

Compare Source

v0.10.45: openssl v0.10.45

Compare Source

v0.10.44: openssl v0.10.44

Compare Source

v0.10.43: openssl v0.10.43

Compare Source

v0.10.42: openssl v0.10.42

Compare Source

v0.10.41: openssl v0.10.41

Compare Source

v0.10.40: openssl v0.10.40

Compare Source

v0.10.39: openssl v0.10.39

Compare Source

v0.10.38: openssl v0.10.38

Compare Source

v0.10.37: openssl v0.10.37

Compare Source

v0.10.36: openssl v0.10.36

Compare Source

v0.10.35: openssl v0.10.35

Compare Source

v0.10.34: openssl v0.10.34

Compare Source

v0.10.33: openssl v0.10.33

Compare Source

v0.10.32: openssl v0.10.32

Compare Source

v0.10.31: openssl v0.10.31

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.