Skip to content

security(deps): clear cargo-audit vuln + 2 unmaintained-crate warnings#31

Merged
hyperpolymath merged 2 commits intomainfrom
claude/extract-typed-wasm-crate-TPDM9
Apr 22, 2026
Merged

security(deps): clear cargo-audit vuln + 2 unmaintained-crate warnings#31
hyperpolymath merged 2 commits intomainfrom
claude/extract-typed-wasm-crate-TPDM9

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented Apr 22, 2026

Resolves:

  • RUSTSEC-2026-0104 (reachable panic in rustls-webpki CRL parsing) via cargo update -p rustls-webpki --precise 0.103.13
  • RUSTSEC-2025-0119 (number_prefix unmaintained) by bumping indicatif 0.17 → 0.18 — 0.18 replaces number_prefix with unit-prefix internally; only ProgressBar / ProgressStyle are used (main.rs:823-832), stable API
  • RUSTSEC-2021-0127 (serde_cbor unmaintained) by replacing with ciborium 0.2 in the verisim-gated proof_encoding module; 14/14 proof_encoding tests pass under --features verisim

Remaining: RUSTSEC-2025-0134 (rustls-pemfile via tonic 0.12) — deferred; tonic 0.13 is a breaking-API bump and warrants its own branch.

Verified: cargo check --lib, cargo check --bin echidna, cargo check --features verisim --lib all clean; cargo audit drops from 1 error + 3 warnings to 0 errors + 1 warning.

@claude
security(deps): clear cargo-audit vuln + 2 unmaintained-crate warnings
7c894dd 
Resolves:
- RUSTSEC-2026-0104 (reachable panic in rustls-webpki CRL parsing)
  via cargo update -p rustls-webpki --precise 0.103.13
- RUSTSEC-2025-0119 (number_prefix unmaintained) by bumping indicatif
  0.17 → 0.18 — 0.18 replaces number_prefix with unit-prefix internally;
  only ProgressBar / ProgressStyle are used (main.rs:823-832), stable API
- RUSTSEC-2021-0127 (serde_cbor unmaintained) by replacing with ciborium
  0.2 in the verisim-gated proof_encoding module; 14/14 proof_encoding
  tests pass under --features verisim

Remaining: RUSTSEC-2025-0134 (rustls-pemfile via tonic 0.12) — deferred;
tonic 0.13 is a breaking-API bump and warrants its own branch.

Verified: cargo check --lib, cargo check --bin echidna, cargo check
--features verisim --lib all clean; cargo audit drops from 1 error +
3 warnings to 0 errors + 1 warning.
@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented Apr 22, 2026

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

@hyperpolymath hyperpolymath merged commit 667110f into main Apr 22, 2026
24 of 40 checks passed
@hyperpolymath hyperpolymath deleted the claude/extract-typed-wasm-crate-TPDM9 branch April 22, 2026 11:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hyperpolymath @claude