Commit a6f9deb
chore(deps): bump vulnerable transitive deps
Update Cargo.lock to clear open Dependabot alerts on transitive crates:
- bytes 1.11.0 -> 1.11.1 (GHSA: BytesMut::reserve integer overflow)
- openssl 0.10.75 -> 0.10.80 / openssl-sys 0.9.111 -> 0.9.116
(covers OOB writes in cipher_update_inplace, AES key-wrap heap overflow,
X509Ref::ocsp_responders UB, AES key wrap bounds, PSK/cookie trampoline
leaks, MdCtxRef::digest_final write past buffer, PEM password callback
OOB read, Deriver::derive short buffer overflow)
- rand 0.9.2 -> 0.9.4 (custom logger unsoundness)
- rustls-webpki 0.103.8 -> 0.103.13 (DoS on malformed CRL BIT STRING,
URI/wildcard name constraint handling, CRL distribution point matching)
No source changes; Cargo.toml constraints already allow these versions.
Build and tests pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent ab4af88 commit a6f9deb
1 file changed
Lines changed: 10 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments