Skip to content

Commit b3abc1a

Browse files
PaururoPaururo
committed
Fix security vulnerabilities
- lru 0.12.5 → 0.16.3 (fixes RUSTSEC IterMut Stacked Borrows) - flatted: npm audit fix (Prototype Pollution via parse()) - picomatch: npm audit fix (Method Injection in POSIX classes) - brace-expansion: npm audit fix (zero-step sequence DoS) Note: glib 0.18.5 (RUSTSEC-2024-0429, VariantStrIter unsoundness) is a transitive dependency of Tauri's GTK bindings pinned at 0.18.x. Fix requires glib ≥0.20.0 which needs a Tauri major version bump. Not exploitable in get_MNV (we don't use VariantStrIter).
1 parent 1a43836 commit b3abc1a

3 files changed

Lines changed: 23 additions & 20 deletions

File tree

Cargo.lock

Lines changed: 8 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ serde = { version = "1.0.218", features = ["derive"] }
2323
serde_json = "1.0.140"
2424
csv = "1.3.1"
2525
# protein-translate removed: replaced with inline codon table (C3)
26-
lru = "0.12"
26+
lru = "0.16"
2727
rayon = "1.8"
2828
# thiserror removed: AppError now implements std::error::Error manually with source chains
2929
sha2 = "0.10.8"

frontend/package-lock.json

Lines changed: 14 additions & 14 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)