Skip to content

Commit 55339e1

Browse files
avrabeclaude
andauthored
fix(deps): bump wasmtime 43 -> 44.0.3 for RUSTSEC-2026-0182 (#542)
The Security Audit gate went red repo-wide (main + every open PR): a new advisory, RUSTSEC-2026-0182, flags a WASIp1 `fd_renumber` resource leak in `wasmtime-wasi`, fixed in 44.0.3 / 45.0.2. rivet's only wasmtime consumer is rivet-core/src/wasm_runtime.rs (the compose-witness component runner), so the exposure is a trusted first-party component, but the clean fix is the bump. 44.0.3 is the smallest fixed range (one major bump). rivet-core compiles unchanged against the new API; `cargo audit` is clean afterward (no vulnerabilities; only the pre-existing allowed `instant` unmaintained warning via notify remains). Cranelift moves 0.130 -> 0.131 transitively. Confirmed with `cargo build -p rivet-core`, `cargo test -p rivet-core` green, and `cargo audit` reporting 0 vulnerabilities. Trace: skip Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
1 parent 8dae100 commit 55339e1

2 files changed

Lines changed: 105 additions & 145 deletions

File tree

0 commit comments

Comments
 (0)