v0.4.2 - Dependency Maintenance & GitHub Cleanup
Patch release updating GitHub Actions artifact actions, resolving all open Dependabot PRs, security issues, and alerts. The repository now has zero open PRs, zero open issues, and zero open security alerts.
GitHub Actions Updates
| Action | Old | New | Files |
|---|---|---|---|
actions/upload-artifact |
v6 | v7 | ci.yml, master-pipeline.yml (x3), release.yml, security-audit.yml |
actions/download-artifact |
v7 | v8 | ci.yml, master-pipeline.yml, release.yml |
These updates align with GitHub's artifact action deprecation timeline and supersede Dependabot PRs #81 and #82.
Dependabot PR Cleanup (11 Closed)
All cargo dependency updates were already incorporated via the Cargo.lock refresh in v0.4.1. Each PR was closed with an explanatory comment:
| PR | Package | Requested | Actual in Cargo.lock |
|---|---|---|---|
| #79 | webpki-roots | 1.0.6 | 1.0.6 |
| #78 | anyhow | 1.0.101 | 1.0.102 |
| #75 | bytes | 1.11.1 | 1.11.1 |
| #73 | mlua | 0.11.6 | 0.11.6 |
| #72 | thiserror | 2.0.18 | 2.0.18 |
| #71 | rustls-pki-types | 1.14.0 | 1.14.0 |
| #70 | chrono | 0.4.43 | 0.4.44 |
| #69 | tokio-test | 0.4.5 | 0.4.5 |
| #68 | rustls | 0.23.36 | 0.23.37 |
Security Issues Resolved (3 Closed)
| Issue | Advisory | Resolution |
|---|---|---|
| #76 | RUSTSEC-2026-0007 (bytes integer overflow, CVE-2026-25541) | Fixed in v0.4.1 -- bytes updated to 1.11.1 |
| #77 | RUSTSEC-2026-0009 (time stack exhaustion, CVE-2026-25727) | Upstream-pinned at =0.3.45 by mac-notification-sys; added to audit ignore list. RustIRC does not parse user-provided RFC 2822 dates |
| #66 | RUSTSEC-2025-0141 (bincode unmaintained) | Informational advisory only. bincode 1.3.3 is a transitive dependency through iced_beacon -> iced_debug -> iced. The bincode team considers v1.3.3 a complete version |
Security Alert Dismissed (1)
| Alert | Package | Reason |
|---|---|---|
| #4 | time 0.3.45 |
Tolerable risk -- pinned by upstream mac-notification-sys via notify-rust 4.12.0. Cannot update until upstream removes exact version pin |
Verification
| Metric | Result |
|---|---|
| Tests | 266 passing (233 unit + 33 integration) |
| Clippy | Zero warnings (-D warnings) |
| Formatting | Clean (cargo fmt --check) |
| Build | All 6 workspace crates compile |
| Open PRs | 0 |
| Open Issues | 0 |
| Open Security Alerts | 0 |
| MSRV | 1.75.0 (unchanged) |
Full Changelog: v0.4.1...v0.4.2
Build Information:
- Pipeline Run: 208
- Commit: 70cbafd88a1b64c51b8a1ccc4d45cadbc55fe9a6
- Build Date: 2026-03-07 18:15:52 UTC