chore(deps): bump webpki-roots from 1.0.4 to 1.0.5

[dependabot]

Bumps webpki-roots from 1.0.4 to 1.0.5.

Release notes

Sourced from webpki-roots's releases.

1.0.5

Removes the following trust anchors which have passed their distrust-after-last-issuance dates:

• Entrust Root Certification Authority - EC1
• Entrust Root Certification Authority - G2
• Entrust Root Certification Authority
• AffirmTrust Commercial
• AffirmTrust Networking
• AffirmTrust Premium
• AffirmTrust Premium ECC

What's Changed

• ccadb: add CertificateMetadata::test_website_revoked field by @​djc in rustls/webpki-roots#110
• webpki-root[s|-certs]: 1.0.4 -> 1.0.5 by @​cpu in rustls/webpki-roots#112

Full Changelog: rustls/webpki-roots@v/1.0.4...v/1.0.5

Commits

• a1f3433 webpki-root[s|-certs]: 1.0.4 -> 1.0.5
• 1daa071 ccadb: bump version to 0.2.0
• 194014d ccadb: add CertificateMetadata::test_website_revoked field
• 3807af8 ccadb: make CertificateMetadata non-exhaustive
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

License Issues

Cargo.lock

Package	Version	License	Issue Type
webpki-roots	1.0.5	CDLA-Permissive-2.0	Incompatible License

Allowed Licenses:

MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, CC0-1.0, Unlicense, 0BSD, Unicode-DFS-2016, Unicode-3.0, Zlib, MPL-2.0, BSL-1.0, Apache-2.0 WITH LLVM-exception, OpenSSL, BlueOak-1.0.0, CC-BY-3.0, CC-BY-4.0, WTFPL, MIT-0, NCSA

Excluded from license check:

pkg:cargo/serde, pkg:cargo/serde_json, pkg:cargo/tokio, pkg:cargo/clap, pkg:cargo/unicode-ident, pkg:cargo/unicode-normalization, pkg:cargo/unicode-bidi, pkg:cargo/unicode-width, pkg:cargo/unicode-segmentation, pkg:cargo/unicode-properties, pkg:cargo/ring, pkg:cargo/webpki, pkg:cargo/rustls-webpki, pkg:cargo/aws-lc-rs, pkg:cargo/aws-lc-sys, pkg:cargo/untrusted, pkg:cargo/openssl, pkg:cargo/openssl-sys, pkg:cargo/lab, pkg:cargo/iced, pkg:cargo/iced_core, pkg:cargo/iced_widget, pkg:cargo/iced_runtime

OpenSSF Scorecard

Package	Version	Score	Details
cargo/webpki-roots	1.0.5	Unknown	Unknown

Scanned Files

• Cargo.lock