Skip to content

fix: update Cargo.lock to resolve cargo-deny advisories#357

Merged
streamer45 merged 1 commit into
mainfrom
devin/1776858309-fix-cargo-deny-advisories
Apr 22, 2026
Merged

fix: update Cargo.lock to resolve cargo-deny advisories#357
streamer45 merged 1 commit into
mainfrom
devin/1776858309-fix-cargo-deny-advisories

Conversation

@staging-devin-ai-integration
Copy link
Copy Markdown
Contributor

@staging-devin-ai-integration staging-devin-ai-integration Bot commented Apr 22, 2026
edited
Loading

Summary

Updates transitive dependencies in Cargo.lock to fix cargo deny check advisories failures in CI (e.g. this run):

  • rustls-webpki 0.103.120.103.13 — fixes RUSTSEC-2026-0104 (reachable panic in CRL parsing)
  • gimli 0.33.10.33.0 — replaces yanked version
  • bitstream-io 4.9.04.10.0 — removes dependency on yanked core2 0.4.0

No source code changes; only Cargo.lock is updated.

Review & Testing Checklist for Human

  • Verify cargo deny check advisories passes in CI
  • Confirm no unexpected dependency version changes beyond the three listed above

Notes

This is a lockfile-only update with no functional code changes. The vulnerability (RUSTSEC-2026-0104) affects rustls-webpki CRL parsing — applications not using CRLs are unaffected, but updating resolves the advisory and unblocks CI.

Link to Devin session: https://staging.itsdev.in/sessions/1b2775010a604bcdacd9ed6155732692
Requested by: @streamer45

Open in Devin Review (Staging)

@streamkit-devin @streamer45
fix: update Cargo.lock to resolve cargo-deny advisories
701e60b 
- Update rustls-webpki 0.103.12 -> 0.103.13 (RUSTSEC-2026-0104 vulnerability fix)
- Downgrade gimli 0.33.1 -> 0.33.0 (yanked crate)
- Update bitstream-io 4.9.0 -> 4.10.0 (removes yanked core2 0.4.0 dep)

Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
staging-devin-ai-integration[bot]
staging-devin-ai-integration Bot commented Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@staging-devin-ai-integration staging-devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

Open in Devin Review (Staging)
Debug

Playground

@streamer45 streamer45 enabled auto-merge (squash) April 22, 2026 12:00
@streamer45 streamer45 merged commit e0885c1 into main Apr 22, 2026
17 checks passed
@streamer45 streamer45 deleted the devin/1776858309-fix-cargo-deny-advisories branch April 22, 2026 12:22
@staging-devin-ai-integration
Copy link
Copy Markdown
Contributor Author

staging-devin-ai-integration Bot commented Apr 22, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@streamer45 streamer45 Awaiting requested review from streamer45

Assignees

@streamer45 streamer45

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@streamer45 @streamkit-devin