Skip to content

release: fix rustls-webpki audit blocker#81

Merged
EffortlessSteven merged 1 commit into
mainfrom
release/audit-rustls-webpki
Apr 15, 2026
Merged

release: fix rustls-webpki audit blocker#81
EffortlessSteven merged 1 commit into
mainfrom
release/audit-rustls-webpki

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Member

Summary

  • Bump rustls-webpki from 0.103.11 to 0.103.12 via cargo update -p rustls-webpki.
  • Resolves RUSTSEC-2026-0098 and RUSTSEC-2026-0099 flagged through the reqwest / rustls-platform-verifier / rustls chain.
  • Lockfile-only change; no manifest edits required (the advisories had a patched floor already reachable through the existing dependency constraints).

Verification

  • cargo tree -i rustls-webpki — confirmed single path through rustls v0.23.38.
  • cargo audit — exit 0 (previously red on the two advisories above).
  • cargo check --workspace — clean, 12 crates compiled.

Test plan

  • Security audit CI lane green
  • cargo check --workspace green in CI
  • No downstream breakage in nextest / fuzz lanes attributable to this bump

This is PR 1 in the release-hardening sprint (audit → nextest → fuzz → package-truth → rehearsal → publish).

Resolves RUSTSEC-2026-0098 and RUSTSEC-2026-0099 flagged against the
reqwest / rustls-platform-verifier / rustls chain. Lockfile-only change;
cargo audit now exits clean.
@coderabbitai

coderabbitai Bot commented Apr 15, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1f387391-257f-440e-b863-25e89f898422

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch release/audit-rustls-webpki

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the rustls-webpki dependency in Cargo.lock from version 0.103.11 to 0.103.12. There are no review comments to address, and I have no further feedback to provide.

@EffortlessSteven EffortlessSteven merged commit b90cd65 into main Apr 15, 2026
11 of 17 checks passed
@EffortlessSteven EffortlessSteven deleted the release/audit-rustls-webpki branch April 15, 2026 21:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant