Skip to content

chore(deps): bump lru to 0.16.3 #24463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thomasqueirozb merged 3 commits into from
Jan 8, 2026
Merged

chore(deps): bump lru to 0.16.3 #24463

thomasqueirozb merged 3 commits into from
Jan 8, 2026
+143 −89

Conversation

@thomasqueirozb
Copy link
Contributor

@thomasqueirozb thomasqueirozb commented Jan 8, 2026
edited
Loading

Summary

This bumps lru to 0.16.3 to mitigate RUSTSEC-2026-0002 wherever possible.

Latest aws-sdk-s3 (v1.119.0) is still using lru v0.12.5 so I ignored the error for now

Bumped ratatui to 0.30.0.

Also bumped the time dependency using cargo update -p time due to ratatui/ratatui#2339

Vector configuration

NA

How did you test this PR?

Verified that top is still working.

Change Type

  • Bug fix
  • New feature
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the no-changelog label to this PR.

References

Notes

  • Please read our Vector contributor resources.
  • Do not hesitate to use @vectordotdev/vector to reach out to us regarding this PR.
  • Some CI checks run only after we manually approve them.
    • We recommend adding a pre-push hook, please see this template.
    • Alternatively, we recommend running the following locally before pushing to the remote branch:
      • make fmt
      • make check-clippy (if there are failures it's possible some of them can be fixed with make clippy-fix)
      • make test
  • After a review is requested, please avoid force pushes to help us review incrementally.
    • Feel free to push as many commits as you want. They will be squashed into one before merging.
    • For example, you can run git merge origin master and git push.
  • If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
    run make build-licenses to regenerate the license inventory and commit the changes (if any). More details here.

@thomasqueirozb thomasqueirozb requested a review from a team as a code owner January 8, 2026 17:39
@thomasqueirozb thomasqueirozb added the no-changelog Changes in this PR do not need user-facing explanations in the release changelog label Jan 8, 2026
@thomasqueirozb thomasqueirozb added this pull request to the merge queue Jan 8, 2026
Merged via the queue into master with commit a5a6b5e Jan 8, 2026
74 checks passed
@thomasqueirozb thomasqueirozb deleted the lru-rustsec-2026-0002 branch January 8, 2026 20:43
@github-actions github-actions bot locked and limited conversation to collaborators Jan 8, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@bfung bfung bfung approved these changes

Assignees

No one assigned

Labels

no-changelog Changes in this PR do not need user-facing explanations in the release changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thomasqueirozb @bfung