Skip to content

chore(deps): update vuln deps and ignore those with pending upsteam fixes#488

Merged
storopoli merged 1 commit into
mainfrom
fix/handle-supply-chain-vulns
Apr 15, 2026
Merged

chore(deps): update vuln deps and ignore those with pending upsteam fixes#488
storopoli merged 1 commit into
mainfrom
fix/handle-supply-chain-vulns

Conversation

@Rajil1213
Copy link
Copy Markdown
Collaborator

@Rajil1213 Rajil1213 commented Apr 15, 2026
edited
Loading

Description

This PR updates some of the new external deps vulnerabilities flagged by cargo-audit. The rustls vulnerability has been whitelisted as the upstream fix is pending.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature/Enhancement (non-breaking change which adds functionality or enhances an existing one)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactor
  • New or updated tests
  • Dependency Update

Notes to Reviewers

This blocks the rest of the PRs since the supply-chain CI is failing.

Checklist

  • I have performed a self-review of my code.
  • I have commented my code where necessary.
  • I have updated the documentation if needed.
  • My changes do not introduce new warnings.
  • I have added (where necessary) tests that prove my changes are effective or that my feature works.
  • New and existing tests pass with my changes.
  • I have disclosed my use of AI in the body of this PR.

Related Issues

@Rajil1213 Rajil1213 requested a review from Zk2u as a code owner April 15, 2026 14:29
@Rajil1213 Rajil1213 self-assigned this Apr 15, 2026
storopoli
storopoli reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@storopoli storopoli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK db336ff

Note that once rust-bitcoin/corepc#536 is merged we can bump bitreq in bitcoind-async-clien

@storopoli storopoli enabled auto-merge April 15, 2026 14:41
@storopoli
Copy link
Copy Markdown
Member

storopoli commented Apr 15, 2026

Oh crap you've already tagged the bitreq upstream fix @Rajil1213 my bad.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 15, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.07%. Comparing base (469e0f6) to head (db336ff).
⚠️ Report is 1 commits behind head on main.

@@            Coverage Diff             @@
##             main     #488      +/-   ##
==========================================
- Coverage   84.10%   84.07%   -0.04%     
==========================================
  Files         209      209              
  Lines       21846    21846              
==========================================
- Hits        18373    18366       -7     
- Misses       3473     3480       +7

see 4 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@storopoli storopoli added this pull request to the merge queue Apr 15, 2026
@storopoli storopoli mentioned this pull request Apr 15, 2026
Merged
14 tasks
Merged via the queue into main with commit 31d51f6 Apr 15, 2026
29 of 31 checks passed
@storopoli storopoli deleted the fix/handle-supply-chain-vulns branch April 15, 2026 15:42
@uncomputable uncomputable mentioned this pull request Apr 15, 2026
Merged
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MdTeach MdTeach MdTeach approved these changes

@storopoli storopoli storopoli approved these changes

@Zk2u Zk2u Awaiting requested review from Zk2u Zk2u is a code owner

@uncomputable uncomputable Awaiting requested review from uncomputable

Assignees

@Rajil1213 Rajil1213

Labels

P0 - Blocks Development

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Rajil1213 @storopoli @MdTeach