ci: remove obsolete advisory and update bytes to 1.11.1#5882
Merged
Conversation
Co-authored-by: wjones127 <5488879+wjones127@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Investigate and resolve cargo deny check failure
Remove obsolete RUSTSEC-2026-0002 advisory from deny.toml
Feb 3, 2026
Contributor
|
ACTION NEEDED The PR title and description are used as the merge commit message. Please update your PR title and description to match the specification. For details on the error please inspect the "PR Title Check" action. |
wjones127
changed the title
Co-authored-by: wjones127 <5488879+wjones127@users.noreply.github.com>
Copilot
AI
changed the title
ci: remove obsolete RUSTSEC-2026-0002 advisory from deny.toml
Fix cargo deny failures: remove obsolete advisory and update bytes to 1.11.1
Feb 3, 2026
wjones127
changed the title
wjones127
approved these changes
Feb 3, 2026
Co-authored-by: wjones127 <5488879+wjones127@users.noreply.github.com>
Copilot
AI
changed the title
ci: remove obsolete advisory and update bytes to 1.11.1
Fix cargo deny: remove obsolete advisory and update bytes to 1.11.1
Feb 3, 2026
wjones127
changed the title
wjones127
approved these changes
Feb 3, 2026
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
westonpace
approved these changes
Feb 3, 2026
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cargo deny was failing due to an obsolete advisory ignore entry and a newly published security vulnerability in the
bytescrate.Changes
lru) - advisory no longer matches any crates in treebytesworkspace dependency1.4→1.11.1Context
RUSTSEC-2026-0007 published 2026-02-03 affects bytes 1.11.0, which was in use. Integer overflow in
BytesMut::reserveallowsnew_cap + offsetto wrap, bypassing capacity checks and creating out-of-bounds slices viaspare_capacity_mut(). Patched in 1.11.1.💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.