Skip to content

fix(deps): update bytes and time for security advisories#404

Merged
FabianLars-crabnebula merged 1 commit intomainfrom
fix/advisory-bytes-time
Feb 24, 2026
Merged

fix(deps): update bytes and time for security advisories#404
FabianLars-crabnebula merged 1 commit intomainfrom
fix/advisory-bytes-time

Conversation

@james-crabnebula
Copy link
Copy Markdown
Contributor

@james-crabnebula james-crabnebula commented Feb 24, 2026

Summary

  • Update bytes 1.11.0 → 1.11.1 (security advisory)
  • Update time 0.3.44 → 0.3.47 (CVE-2026-25727: stack exhaustion DoS via RFC 2822 parsing)
  • Cargo.lock only — no Cargo.toml changes needed

Verification

  • cargo test --workspace --all-targets — pass (macOS, Linux, Windows)
  • E2E updater test (build → package → sign → serve → update) — pass (macOS .app, Linux .AppImage, Windows .msi)
  • cargo audit — clean
  • cargo deny check — advisories ok, bans ok, licenses ok, sources ok

Supersedes #403

@james-crabnebula
fix(deps): update bytes and time for security advisories
3116f85 
- bytes 1.11.0 → 1.11.1
- time 0.3.44 → 0.3.47 (CVE-2026-25727: stack exhaustion in RFC 2822 parsing)

Supersedes #403
@FabianLars-crabnebula FabianLars-crabnebula merged commit 75aac18 into main Feb 24, 2026
8 checks passed
@FabianLars-crabnebula FabianLars-crabnebula deleted the fix/advisory-bytes-time branch February 24, 2026 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FabianLars-crabnebula FabianLars-crabnebula FabianLars-crabnebula approved these changes

@lucasfernog-crabnebula lucasfernog-crabnebula Awaiting requested review from lucasfernog-crabnebula

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@james-crabnebula @FabianLars-crabnebula