fix(deps): update rustls-webpki to 0.103.10 (medium GHSA-pwjx-qhcg-rvj4) by github-actions[bot] · Pull Request #223 · okx/xlayer-reth

github-actions · 2026-03-26T02:58:28Z

Description

Bumps rustls-webpki to resolve a medium severity vulnerability.

Type of Change

Bug fix (non-breaking change which fixes an issue)

Security Alert

Alert: https://github.com/okx/xlayer-reth/security/dependabot/19
CVE / ID: GHSA-pwjx-qhcg-rvj4
Severity: medium
Vulnerable range: >= 0.102.0-alpha.0, < 0.103.10
Fixed in: 0.103.10

Change

Updated rustls-webpki from 0.103.9 to 0.103.10 in Cargo.lock (transitive dependency). Only the version string and checksum were changed; dependency graph is unchanged.

Checklist

I have reviewed the relevant code guidelines in the docs/ folder
My code follows the coding standards of this project
I have performed a self-review of my own code

Bumps rustls-webpki from 0.103.9 to 0.103.10 to resolve a medium severity vulnerability (faulty CRL matching logic against distribution points). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Vui-Chee · 2026-04-04T07:57:00Z

@Robot review

XLayer-Bot · 2026-04-04T07:57:06Z

⏳ Robot is processing your request...

XLayer-Bot · 2026-04-04T07:58:46Z

Summary: Dependency-only patch that bumps rustls-webpki from 0.103.9 → 0.103.10 in Cargo.lock to resolve GHSA-pwjx-qhcg-rvj4 — a medium-severity vulnerability involving faulty CRL (Certificate Revocation List) distribution point matching logic. No source code changes, no Rust files modified.

Issues: None.

Positives:

Minimal, surgical change: only version string and checksum updated in Cargo.lock; dependency graph is identical.
Correct conventional commit message (fix(deps): ...) with CVE reference.
PR description is thorough — links the Dependabot alert, states severity, specifies the affected and fixed version ranges.
Transitive-only update means zero risk of API breakage.

Verdict: LGTM — safe to merge as-is.

Vui-Chee · 2026-04-05T03:18:25Z

@ci

XLayer-Bot · 2026-04-05T03:18:27Z

⏳ Robot is processing your request cc9fe31

XLayer-Bot · 2026-04-05T03:19:00Z

❌ XLayer Reth CI failed for commit cc9fe3129884e517a45e02ab1c19dc4bec277724

Step	Result
format-check	⏩ skipped
compile-check	⏩ skipped
clippy	⏩ skipped
tests	⏩ skipped

View run

Vui-Chee · 2026-04-05T03:27:37Z

@ci

XLayer-Bot · 2026-04-05T03:27:44Z

⏳ Robot is processing your request cc9fe31

XLayer-Bot · 2026-04-05T03:28:08Z

❌ XLayer Reth CI failed for commit cc9fe3129884e517a45e02ab1c19dc4bec277724

Step	Result
format-check	⏩ skipped
compile-check	⏩ skipped
clippy	⏩ skipped
tests	⏩ skipped

View run

Vui-Chee · 2026-04-05T03:58:46Z

@ci

Vui-Chee · 2026-04-05T04:03:09Z

@ci

XLayer-Bot · 2026-04-05T04:03:15Z

⏳ Robot is processing your request cc9fe31

XLayer-Bot · 2026-04-05T04:03:43Z

❌ XLayer Reth CI failed for commit cc9fe3129884e517a45e02ab1c19dc4bec277724

Step	Result
format-check	⏩ skipped
compile-check	⏩ skipped
clippy	⏩ skipped
tests	⏩ skipped

View run

Vui-Chee · 2026-04-05T04:09:48Z

@Agent-CI

XLayer-Bot · 2026-04-05T04:09:55Z

⏳ Robot is processing your request cc9fe31

Vui-Chee · 2026-04-05T05:54:32Z

@ci

XLayer-Bot · 2026-04-05T05:54:37Z

⏳ Robot is processing your request cc9fe31

XLayer-Bot · 2026-04-05T05:55:11Z

❌ XLayer Reth CI failed for commit cc9fe3129884e517a45e02ab1c19dc4bec277724

Step	Result
format-check	⏩ skipped
compile-check	⏩ skipped
clippy	⏩ skipped
tests	⏩ skipped

View run

Vui-Chee · 2026-04-05T06:56:04Z

@ci

XLayer-Bot · 2026-04-05T06:56:10Z

⏳ Robot is processing your request for cc9fe31
workflow_file = xlayer-reth-ci.yml, repo = xlayer-reth, issue = 223

XLayer-Bot · 2026-04-05T07:28:19Z

❌ XLayer Reth CI failed for commit cc9fe3129884e517a45e02ab1c19dc4bec277724

Step	Result
format-check	✅ success
compile-check	✅ success
clippy	✅ success
tests	⚠️ cancelled

View run

Vui-Chee · 2026-04-05T10:07:21Z

@ci

XLayer-Bot · 2026-04-05T10:07:28Z

⏳ Robot is processing your request for cc9fe31
workflow_file = xlayer-reth-ci.yml, repo = xlayer-reth, issue = 223

XLayer-Bot · 2026-04-05T10:39:00Z

❌ XLayer Reth CI failed for commit cc9fe3129884e517a45e02ab1c19dc4bec277724

Step	Result
format-check	✅ success
compile-check	✅ success
clippy	✅ success
tests	⚠️ cancelled

View run

fix(deps): update rustls-webpki to 0.103.10 (GHSA-pwjx-qhcg-rvj4)

cc9fe31

Bumps rustls-webpki from 0.103.9 to 0.103.10 to resolve a medium severity vulnerability (faulty CRL matching logic against distribution points). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Vui-Chee self-requested a review March 26, 2026 03:05

Vui-Chee approved these changes Mar 26, 2026

View reviewed changes

louisliu2048 merged commit 6f61586 into main Mar 26, 2026

Vui-Chee deleted the fix/security-rustls-webpki-19 branch March 26, 2026 03:07

Conversation

github-actions bot commented Mar 26, 2026

Description

Type of Change

Security Alert

Change

Checklist

Uh oh!

Vui-Chee commented Apr 4, 2026

Uh oh!

XLayer-Bot commented Apr 4, 2026

Uh oh!

XLayer-Bot commented Apr 4, 2026

Uh oh!

Vui-Chee commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

Vui-Chee commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

Vui-Chee commented Apr 5, 2026

Uh oh!

Vui-Chee commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

Vui-Chee commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

Vui-Chee commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

Vui-Chee commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

Vui-Chee commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

XLayer-Bot commented Apr 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants