Skip to content

security(deps): lockfile bumps clearing open Cargo advisories (Track E)#115

Merged
hyperpolymath merged 1 commit into
mainfrom
security/cargo-cve-lockfile-bumps
Jun 17, 2026
Merged

security(deps): lockfile bumps clearing open Cargo advisories (Track E)#115
hyperpolymath merged 1 commit into
mainfrom
security/cargo-cve-lockfile-bumps

Conversation

@hyperpolymath

@hyperpolymath hyperpolymath commented Jun 17, 2026

Copy link
Copy Markdown
Owner

Lockfile-only security dependency fix (Track E, issue #69). Same recipe as 007 #44 / docmatrix #35.

Applied bumps

Package From To
rand 0.9.2 0.9.3

(Transitive: windows-sys v0.59.0 dropped as a normal lockfile consequence. The separate rand 0.8.6 tree is a different major and was left untouched.)

Scope notes

  • Cargo.lock only — Cargo.toml untouched, no version-constraint edits, no breaking/major bumps.
  • Residual RUSTSEC unmaintained-crate advisories are not vulnerabilities and are out of scope.
  • No deferred fixes for this run.

Signed (ssh, key kVP7Nb). Manual review, no auto-merge.

@hyperpolymath @claude
security(deps): lockfile bumps clearing open Cargo advisories (Track E)
6a74858 
rand 0.9.2 -> 0.9.3

Same recipe as 007 #44 / docmatrix #35. Lockfile-only; Cargo.toml untouched.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@hyperpolymath hyperpolymath mentioned this pull request Jun 17, 2026
Closed
@hyperpolymath hyperpolymath merged commit 4beaf54 into main Jun 17, 2026
16 of 17 checks passed
@hyperpolymath hyperpolymath deleted the security/cargo-cve-lockfile-bumps branch June 17, 2026 03:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath