The Rust ecosystem is seeing a wave of updates focused on hardening foundational tools. A significant release from cargo-lock, version 11.0.0, overhauls git dependency handling to bolster supply chain security.

This focus on correctness and reliability extends to other key libraries for URI parsing and Markdown compliance. These are the kinds of behind-the-scenes improvements that signal a maturing, production-ready ecosystem.

In this weeks’s Rust Crates recap:

> cargo-lock v11 supply chain security enhancements

> fluent-uri v0.4.0 enhanced URI parsing

> pulldown-cmark-to-cmark Markdown spec compliance

> convert_case v0.9.0 string conversion utility

Cargo-Lock Hardens with v11

The Recap: The cargo-lock crate, a key part of the RustSec ecosystem, just dropped version 11.0.0. This major update overhauls git dependency handling to deliver more robust supply chain security analysis for the entire Rust ecosystem.

Unpacked: This release introduces several key improvements that enhance how security tools parse your dependencies:

  • Git dependency handling is now more precise. The update normalized git dependencies to resolve ambiguities and removed the hardcoded "master" branch, reflecting modern repository standards.

  • It features significant dependency upgrades, including an update to the project's TOML library to v0.9 and petgraph to v0.8. These changes keep the crate modern and aligned with the ecosystem.

  • Your Cargo.lock file gets cleaner and more consistent. The new version now removes unambiguous source specifications, reducing noise and improving the clarity of your dependency tree.

Bottom line: These enhancements in cargo-lock directly bolster the reliability of tools like cargo-audit. Updating ensures your projects benefit from more accurate security vulnerability scanning.

fluent-uri v0.4.0 Delivers Smarter URI Parsing

The Recap: The fast and safe URI parsing library fluent-uri has been updated to v0.4.0, introducing automatic default port normalization and more granular controls for developers. This release enhances correctness and flexibility for any networking application you build. You can find the latest documentation on docs.rs.

Unpacked: Here’s a look at what this update means for your projects:

  • The library now normalizes default ports for schemes like http and https, automatically resolving them to 80 and 443 respectively. This improves URI handling correctness out-of-the-box.

  • You get more power with advanced configuration options using the new resolve::Resolver and normalize::Normalizer. These tools provide fine-grained control over path resolution and normalization logic.

  • A new alloc feature gives you better control over memory usage, making the crate even more suitable for no_std environments and other memory-constrained applications.

  • The Minimum Supported Rust Version (MSRV) has been updated to 1.68, so make sure your toolchain is up to date when you upgrade.

Bottom line: This release makes fluent-uri a more robust and predictable tool for handling URIs in your Rust applications. The new controls for normalization and memory management expand its utility for a wider range of complex use cases.

pulldown-cmark-to-cmark Reinforces Markdown Correctness

The Recap: A key utility in the pulldown-cmark ecosystem, pulldown-cmark-to-cmark, has released v21.1.0. This update doubles down on correctness by overhauling its testing framework to ensure strict compliance with the CommonMark specification. You can follow the project's progress on its GitHub repository.

Unpacked: While there are no public API changes, this release delivers significant improvements to the development and testing process:

  • CommonMark conformance testing output is now rendered in a more readable format. This makes it much easier for contributors to spot, diagnose, and fix any deviations from the official specification.

  • You can now get explicit failure reports by setting the FULL_CMARK_RESULTS environment variable to true when running tests, giving you a complete picture of conformance issues.

  • The main test suite now hard-codes the expected number of passing tests, creating a strong safeguard against regressions. This ensures that future changes won't accidentally break spec compliance.

Bottom line: These internal enhancements signal a deep commitment to making this crate a highly reliable, spec-compliant tool for Markdown processing. This gives you greater confidence that your Markdown-to-text conversions will work correctly and predictably.

convert_case Simplifies String Conversions

The Recap: The versatile convert_case utility has released v0.9.0, moving the popular string manipulation library closer to a stable 1.0 release. It offers a simple and powerful way to handle case conversions both in your code and on the command line. You can check out the project on its official GitHub repo.

Unpacked: Here’s why it’s such a handy tool to have in your toolbox:

  • It supports a wide range of cases right out of the box, including Snake, Camel, Title, Kebab, and many more, covering nearly every common scenario.

  • The convenient ccase! macro allows you to perform inline case conversions directly in your Rust code, making your logic clean and readable.

  • It’s no_std compatible, so you can use it anywhere, including in embedded systems, WASM, and other resource-constrained environments.

  • It also ships with a ccase command-line utility, letting you quickly convert strings directly from your terminal or in shell scripts.

Bottom line: convert_case is a perfect example of a crate that solves a common problem with a simple, robust, and flexible API. As it marches toward 1.0, it continues to be a go-to solution for everyday string manipulation tasks.

The Shortlist

Num-bigint-dig updated to version 0.8.5, providing the latest improvements for its BigInt and BigUint types used in cryptographic and other high-precision applications.

Reply

or to participate

Keep Reading

© 2025 Roman Gushel.

Privacy policy

Terms of use

Powered by beehiiv