Skip to content

bump deps to address dependabot alerts#227

Merged
XuyangSong merged 1 commit into
mainfrom
xuyang/fix_dependabot_alerts
Jun 5, 2026
Merged

bump deps to address dependabot alerts#227
XuyangSong merged 1 commit into
mainfrom
xuyang/fix_dependabot_alerts

Conversation

@XuyangSong

Copy link
Copy Markdown
Collaborator

update across host and guest lockfiles:

  • quinn-proto 0.11.13 -> 0.11.14
  • rustls-webpki 0.103.7 -> 0.103.13
  • time 0.3.44 -> 0.3.47
  • bytes 1.10.1 -> 1.11.1

ruint 1.17.0 -> 1.18.0 is skipped because 1.18.0 requires rustc 1.90; the host toolchain pins 1.89 and the risc0 guest toolchain is 1.88, so the advisory cannot be addressed without bumping both.

update across host and guest lockfiles:
- quinn-proto 0.11.13 -> 0.11.14
- rustls-webpki 0.103.7 -> 0.103.13
- time 0.3.44 -> 0.3.47
- bytes 1.10.1 -> 1.11.1

ruint 1.17.0 -> 1.18.0 is skipped because 1.18.0 requires
rustc 1.90; the host toolchain pins 1.89 and the risc0 guest
toolchain is 1.88, so the advisory cannot be addressed
without bumping both.
@XuyangSong XuyangSong merged commit 7c15872 into main Jun 5, 2026
6 checks passed
@github-project-automation github-project-automation Bot moved this from Triage to Released in Anoma SDK - What's Cooking Jun 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Released

Development

Successfully merging this pull request may close these issues.

1 participant