Skip to content

fix(security): bump crossbeam-epoch 0.9.18→0.9.20 (RUSTSEC-2026-0204)#670

Merged
avrabe merged 1 commit into
mainfrom
fix/crossbeam-epoch-rustsec-2026-0204
Jul 8, 2026
Merged

fix(security): bump crossbeam-epoch 0.9.18→0.9.20 (RUSTSEC-2026-0204)#670
avrabe merged 1 commit into
mainfrom
fix/crossbeam-epoch-rustsec-2026-0204

Conversation

@avrabe

@avrabe avrabe commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Transitive dependency. RUSTSEC-2026-0204 — invalid pointer dereference in the fmt::Pointer impl for Atomic/Shared when the underlying pointer is invalid; fixed in >=0.9.20. Was failing Security Audit (RustSec) on main and every open PR.

Lockfile-only bump (cargo update -p crossbeam-epoch --precise 0.9.20); not a direct dependency of any rivet crate, so no API impact.

Trace: skip — dependency security maintenance.

🤖 Generated with Claude Code

Transitive dependency; RUSTSEC-2026-0204 is an invalid pointer dereference
in the fmt::Pointer impl for Atomic/Shared when the underlying pointer is
invalid, fixed in >=0.9.20. Was failing Security Audit on main + every PR.
Lockfile-only bump; not a direct dependency of any rivet crate.

Trace: skip
@avrabe avrabe merged commit d6b6002 into main Jul 8, 2026
27 checks passed
@avrabe avrabe deleted the fix/crossbeam-epoch-rustsec-2026-0204 branch July 8, 2026 03:45
@codecov

codecov Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant