Skip to content

Commit 744ce56

Browse files
akern40akern40
authored
Fixes dependabot alerts (#1512)
Specifically, deals with CVE-2025-4574, GHSA-4fcv-w3qc-ppgg, and GHSA-255r-3prx-mf99 by updating the lockfile and one set of dependencies for testing serialization.
1 parent d974f6c commit 744ce56

File tree

2 files changed

+21
-13
lines changed

2 files changed

+21
-13
lines changed

Cargo.lock

Lines changed: 17 additions & 10 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

crates/serialization-tests/Cargo.toml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,8 @@ ron = { version = "0.8.1" }
1818

1919
[dev-dependencies]
2020
serde_json = { version = "1.0.40" }
21+
# >=0.8.11 to avoid rmp-serde security vulnerability
22+
# <0.8.14 to allows MSRV 1.64.0
23+
rmp = { version = ">=0.8.11,<0.8.14" }
2124
# Old version to work with Rust 1.64+
22-
rmp = { version = "=0.8.10" }
23-
# Old version to work with Rust 1.64+
24-
rmp-serde = { version = "0.14" }
25+
rmp-serde = { version = ">=1.1.1" }

0 commit comments

Comments
 (0)