Skip to content

chore: ignore RUSTSEC-2026-0037 and upgrade/consolidate dependencies#419

Merged
lwshang merged 8 commits intomainfrom
lwshang/upgrade-deps
Mar 10, 2026
Merged

chore: ignore RUSTSEC-2026-0037 and upgrade/consolidate dependencies#419
lwshang merged 8 commits intomainfrom
lwshang/upgrade-deps

Conversation

@lwshang
Copy link
Contributor

@lwshang lwshang commented Mar 10, 2026
edited
Loading

Summary

  • Centralize all dependency versions in the workspace `Cargo.toml`
  • Resolve compilation errors from the rand 0.9 → 0.10 upgrade
  • Ignore RUSTSEC-2026-0037 (quinn-proto DoS) — only reachable via reqwest's http3 feature, which is not enabled in this project
  • Add CI job to check TOML formatting using taplo
  • Reformat all TOML files with taplo default settings

lwshang and others added 8 commits March 10, 2026 15:08
@lwshang @claude
fix: resolve compilation errors from rand 0.9 -> 0.10 upgrade
a474b06 
In rand 0.10, `RngCore` was removed from the root and `fill_bytes` moved
to the `Rng` trait, while `random_range` moved to the `RngExt` trait.
Revert sec1 to 0.7.3 since 0.8.0 requires der 0.8 which is incompatible
with the current pkcs8 0.10 / elliptic-curve 0.13 generation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@lwshang @claude
refactor: centralize all dependency versions in workspace Cargo.toml
503c91f 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@lwshang @claude
chore: inline reqwest/schemars workspace deps and upgrade nix to 0.31.2
2ef2b6e 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@lwshang @claude
chore: add taplo.toml for consistent TOML formatting
6e46b90 
Configures taplo to keep arrays and inline tables on single lines.
The VSCode "Even Better TOML" extension will automatically use this config.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@lwshang @claude
chore: ignore RUSTSEC-2026-0037 (quinn-proto DoS)
689b095 
The quinn-proto vulnerability is only reachable via reqwest's `http3`
feature, which is not enabled in this project.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@lwshang @claude
ci: add TOML formatting check using taplo
eb086b8 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@lwshang @claude
ci: fix taplo download URL and gunzip flags
4b46a24 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@lwshang @claude
chore: remove taplo.toml and reformat TOML files with default settings
da981c8 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@lwshang lwshang changed the title chore: upgrade dependencies and centralize versions chore: ignore RUSTSEC-2026-0037 and upgrade/consolidate dependencies Mar 10, 2026
@lwshang lwshang marked this pull request as ready for review March 10, 2026 19:52
@lwshang lwshang requested a review from a team as a code owner March 10, 2026 19:52
@lwshang lwshang mentioned this pull request Mar 10, 2026
Merged
@lwshang lwshang merged commit b70c2db into main Mar 10, 2026
90 checks passed
@lwshang lwshang deleted the lwshang/upgrade-deps branch March 10, 2026 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adamspofford-dfinity adamspofford-dfinity adamspofford-dfinity approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lwshang @adamspofford-dfinity