Skip to content

fix(wasm-utxo): pin crossbeam-epoch to >=0.9.20 (RUSTSEC-2026-0204)#313

Merged
Ranjna-G merged 1 commit into
masterfrom
fix/wasm-utxo-crossbeam-epoch-vuln
Jul 7, 2026
Merged

fix(wasm-utxo): pin crossbeam-epoch to >=0.9.20 (RUSTSEC-2026-0204)#313
Ranjna-G merged 1 commit into
masterfrom
fix/wasm-utxo-crossbeam-epoch-vuln

Conversation

@Ranjna-G

@Ranjna-G Ranjna-G commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Summary

Pins crossbeam-epoch to >=0.9.20 to fix a security advisory that is currently failing cargo deny check in CI.

Changes

  • Added crossbeam-epoch = ">=0.9.20" as a direct dependency in wasm-utxo/Cargo.toml to force the resolver to a safe version
  • Updated Cargo.lock to reflect the resolved version (0.9.18 → 0.9.20)

Advisory

RUSTSEC-2026-0204: Invalid pointer dereference in fmt::Pointer impl for Atomic and Shared when the underlying pointer is invalid (e.g. created with Atomic::null or Shared::null).

Test Plan

  • cargo deny check should pass in CI

Fixes RUSTSEC-2026-0204 — invalid pointer dereference in fmt::Pointer
impl for Atomic and Shared when the underlying pointer is invalid.
@Ranjna-G Ranjna-G marked this pull request as ready for review July 7, 2026 08:09
@Ranjna-G Ranjna-G requested a review from a team as a code owner July 7, 2026 08:09
@Ranjna-G Ranjna-G enabled auto-merge July 7, 2026 08:09
@Ranjna-G Ranjna-G merged commit a18232e into master Jul 7, 2026
13 checks passed
@Ranjna-G Ranjna-G deleted the fix/wasm-utxo-crossbeam-epoch-vuln branch July 7, 2026 08:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants