Skip to content

chore(security): bump rustls-webpki to 0.103.13#187

Open
Cedric / ViaDézo1er (viadezo1er) wants to merge 1 commit into
mainfrom
cedric/improve-crate-security-monitoring
Open

chore(security): bump rustls-webpki to 0.103.13#187
Cedric / ViaDézo1er (viadezo1er) wants to merge 1 commit into
mainfrom
cedric/improve-crate-security-monitoring

Conversation

@viadezo1er
Copy link
Copy Markdown
Contributor

@viadezo1er Cedric / ViaDézo1er (viadezo1er) commented May 14, 2026
edited
Loading

Resolves 4 RustSec advisories on rustls-webpki 0.103.9 surfaced by cargo audit:

  • RUSTSEC-2026-0049 (CRLs not authoritative by Distribution Point)
  • RUSTSEC-2026-0098 (URI name constraints incorrectly accepted)
  • RUSTSEC-2026-0099 (wildcard name constraints incorrectly accepted)
  • RUSTSEC-2026-0104 (reachable panic in CRL parsing)

Lockfile-only change.

Haven't checked if we are vulnerable or not but there's nothing to lose by doing this.

@viadezo1er @claude
chore: bump rustls-webpki to 0.103.13
22d72d8 
Resolves 4 RustSec advisories on rustls-webpki 0.103.9 surfaced by
`cargo audit`:

- RUSTSEC-2026-0049 (CRLs not authoritative by Distribution Point)
- RUSTSEC-2026-0098 (URI name constraints incorrectly accepted)
- RUSTSEC-2026-0099 (wildcard name constraints incorrectly accepted)
- RUSTSEC-2026-0104 (reachable panic in CRL parsing)

Lockfile-only change; verified with `cargo check`.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@viadezo1er Cedric / ViaDézo1er (viadezo1er) marked this pull request as ready for review May 14, 2026 22:34
@viadezo1er Cedric / ViaDézo1er (viadezo1er) changed the title chore: bump rustls-webpki to 0.103.13 chore(security): bump rustls-webpki to 0.103.13 May 14, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026

Latest downloadable build artifacts for this PR commit 22d72d8df81d:

Available artifact names
  • ``artifacts-build-global
  • ``artifacts-build-local-x86_64-apple-darwin
  • ``artifacts-build-local-aarch64-pc-windows-msvc
  • ``artifacts-build-local-x86_64-pc-windows-msvc
  • ``artifacts-build-local-x86_64-unknown-linux-musl
  • ``artifacts-build-local-x86_64-unknown-linux-gnu
  • ``artifacts-build-local-aarch64-apple-darwin
  • ``artifacts-build-local-aarch64-unknown-linux-gnu
  • ``artifacts-plan-dist-manifest
  • ``cargo-dist-cache

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lforst Luca Forstner (lforst) lforst approved these changes

@parkerhendo Parker Henderson (parkerhendo) Awaiting requested review from parkerhendo

@AbhiPrasad Abhijeet Prasad (AbhiPrasad) Awaiting requested review from AbhiPrasad

Assignees

@viadezo1er Cedric / ViaDézo1er (viadezo1er)

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@viadezo1er @lforst