Skip to content

deps: Patch Dependabot vulnerabilities#3

Merged
nuclearcat merged 1 commit into
mainfrom
agent/dependabot-security-updates
Jul 10, 2026
Merged

deps: Patch Dependabot vulnerabilities#3
nuclearcat merged 1 commit into
mainfrom
agent/dependabot-security-updates

Conversation

@nuclearcat

Copy link
Copy Markdown
Collaborator

Summary

Updates Cargo.lock to patched releases for all seven open Dependabot alerts:

  • rustls-webpki 0.103.9 to 0.103.13
  • rand 0.8.5 to 0.8.6
  • rand 0.9.2 to 0.9.3
  • rand 0.10.0 to 0.10.1

Why

The previous lockfile contains one high-, one moderate-, and five low-severity advisories. Four alerts affect rustls-webpki, including a malformed-CRL denial-of-service panic. Three alerts affect the rand versions used transitively by rumqttd, rotonda-store, and uuid.

All upgrades stay within their existing dependency version lines and require no source changes.

Validation

  • cargo check --locked
  • cargo test --locked: 145 passed, 29 ignored, 0 failed
  • git diff --check

@nuclearcat nuclearcat marked this pull request as ready for review July 10, 2026 02:18
@nuclearcat nuclearcat merged commit 6bc430f into main Jul 10, 2026
6 checks passed
nuclearcat added a commit that referenced this pull request Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant