From 658af4a9d9b8ffacced6775f26e92d900c368380 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 May 2026 06:20:59 +0000
Subject: [PATCH] deps(v4)(deps): bump oci-spec from 0.9.0 to 0.10.0 in /v4

Bumps [oci-spec](https://github.com/youki-dev/oci-spec-rs) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/youki-dev/oci-spec-rs/releases)
- [Changelog](https://github.com/youki-dev/oci-spec-rs/blob/main/release.md)
- [Commits](https://github.com/youki-dev/oci-spec-rs/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: oci-spec
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 v4/Cargo.lock | 19 ++++++++++++++++++-
 v4/Cargo.toml |  2 +-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/v4/Cargo.lock b/v4/Cargo.lock
index b57dca5e..33c2541a 100644
--- a/v4/Cargo.lock
+++ b/v4/Cargo.lock
@@ -2516,6 +2516,23 @@ dependencies = [
  "thiserror 2.0.18",
 ]
 
+[[package]]
+name = "oci-spec"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3df6f876ad774d6a676f7e968f5c3edacc32f90e65fe680a8b686235396556fb"
+dependencies = [
+ "const_format",
+ "derive_builder",
+ "getset",
+ "regex",
+ "serde",
+ "serde_json",
+ "strum",
+ "strum_macros",
+ "thiserror 2.0.18",
+]
+
 [[package]]
 name = "oid-registry"
 version = "0.8.1"
@@ -4118,7 +4135,7 @@ dependencies = [
  "git2",
  "hex",
  "oci-client 0.17.0",
- "oci-spec 0.9.0",
+ "oci-spec 0.10.0",
  "p256",
  "pkcs8 0.11.0",
  "rand_core 0.6.4",
diff --git a/v4/Cargo.toml b/v4/Cargo.toml
index df7ee2af..b5dd6b8d 100644
--- a/v4/Cargo.toml
+++ b/v4/Cargo.toml
@@ -46,7 +46,7 @@ oci-client = { version = "0.17", default-features = false, features = ["rustls-t
 # OCI image-layout v1.1 spec types — used by `LocalOciSource` to read/walk
 # on-disk layouts (DDD-08, ADR-028 — Phase 2). Pure-data structs, no I/O.
 # Apache-2.0 licensed.
-oci-spec = "0.9"
+oci-spec = "0.10"
 # cosign / sigstore verification (ADR-014). Trust-key loading lands in Wave 3A.1;
 # signature-manifest verification lands in Wave 3A.2. We intentionally keep the
 # feature surface small to minimise compile time.