Skip to content

v0.1.1 — security bugfix

Choose a tag to compare

View all tags
@jstockdi jstockdi released this 29 Apr 12:11
· 15 commits to main since this release
v0.1.1
This tag was signed with the committer’s verified signature.
jstockdi
SSH Key Fingerprint: W8MJ//YX11x2uSRI0/JrX4qgdHMqkLfocQvDvosyc3g
Verified
Learn about vigilant mode.
2dd34a4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

[0.1.1] — 2026-04-29

Security

  • Replace the unmaintained serde_yml crate (and its libyml dependency)
    with the community-maintained serde_yaml_ng
    fork. Closes two open Dependabot advisories: GHSA-gfxp-f68g-8x78
    (high — libyml::string::yaml_string_extend is unsound) and
    GHSA-hhw4-xg65-fp2x (medium — serde_yml crate is unmaintained).
    YAML parsing behavior is unchanged; this is a drop-in API swap.
Assets 12
Loading