fix(security): upgrade bytes crate to fix RUSTSEC-2026-0007

[echobt]

Summary

This PR fixes the security vulnerability RUSTSEC-2026-0007 (integer overflow in BytesMut::reserve) by upgrading the bytes crate from version 1.11.0 to 1.11.1.

Changes

• Updated workspace dependency in Cargo.toml: bytes = "1.10" → bytes = "1.11.1"
• Regenerated Cargo.lock with bytes 1.11.1

Security Advisory

• ID: RUSTSEC-2026-0007
• Severity: Critical
• Issue: Integer overflow vulnerability in BytesMut::reserve
• Fix: Upgrade to bytes >= 1.11.1

Verification

• cargo audit passes with 0 vulnerabilities
• Dependency resolves correctly

CI Impact

This should fix the failing actions-rust-lang/audit@v1 step in CI.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR addresses the critical security vulnerability RUSTSEC-2026-0007 by upgrading the bytes crate from version 1.11.0 to 1.11.1.

Key changes:

• Updated workspace dependency specification in Cargo.toml from bytes = "1.10" to bytes = "1.11.1" for explicit version pinning
• Regenerated Cargo.lock to reflect the upgrade from 1.11.0 to 1.11.1
• Fixes integer overflow vulnerability in BytesMut::reserve method

Impact:

• This is a patch-level semver-compatible upgrade with no breaking changes
• Resolves the failing actions-rust-lang/audit@v1 CI check
• All workspace members using the bytes crate will automatically use the fixed version

Confidence Score: 5/5

• This PR is safe to merge - it's a straightforward security patch with no breaking changes
• The change is a minimal, focused security fix that upgrades a single dependency by one patch version (1.11.0 → 1.11.1). The upgrade is semver-compatible, addresses a critical vulnerability, and only touches dependency files with no code changes required.
• No files require special attention

Important Files Changed

Filename	Overview
Cargo.toml	Updated workspace bytes dependency from "1.10" to "1.11.1" to fix RUSTSEC-2026-0007
Cargo.lock	Lockfile regenerated with bytes crate upgraded from 1.11.0 to 1.11.1

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant CI as CI Pipeline
    participant Audit as cargo audit
    participant Registry as crates.io
    participant Workspace as Cargo Workspace

    Dev->>Workspace: Update bytes = "1.11.1" in Cargo.toml
    Dev->>Workspace: Run cargo update
    Workspace->>Registry: Resolve bytes dependency
    Registry-->>Workspace: Return bytes 1.11.1
    Workspace->>Workspace: Update Cargo.lock
    Dev->>CI: Push commit
    CI->>Audit: Run actions-rust-lang/audit@v1
    Audit->>Workspace: Check Cargo.lock for vulnerabilities
    Audit-->>CI: ✓ No vulnerabilities (RUSTSEC-2026-0007 fixed)
    CI-->>Dev: Build passes

Loading

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}