Skip to content

chore(deps): re-bump crossbeam-epoch 0.9.18 → 0.9.20 (RUSTSEC-2026-0204)#154

Merged
Nic-dorman merged 1 commit into
mainfrom
chore/sec-audit-crossbeam-0.9.20
Jul 17, 2026
Merged

chore(deps): re-bump crossbeam-epoch 0.9.18 → 0.9.20 (RUSTSEC-2026-0204)#154
Nic-dorman merged 1 commit into
mainfrom
chore/sec-audit-crossbeam-0.9.20

Conversation

@Nic-dorman

Copy link
Copy Markdown
Contributor

What

Lockfile-only re-application of #148: cargo update -p crossbeam-epoch --precise 0.9.20. 2 lines.

Why

The ADR-0004 crate cutover (059cc0a, merged in the #126/#149 wave) re-resolved Cargo.lock and pulled the RUSTSEC-2026-0204-vulnerable crossbeam-epoch 0.9.18 back in — clobbering #148's fix from earlier the same day. Main's Security Audit job has been red on every run since (#126 and #149 both merged with failing CI), and every PR branched from current main inherits the failure — e.g. #153 is 11/12 green with only this audit red.

Verification

  • cargo audit with the workflow's exact ignore list: exit 0 (6 allowed warnings only)
  • cargo check -p ant-core: clean — semver-compatible, no resolution changes beyond the one crate

After this merges, #153 (and any other open PR) goes fully green on rebase/re-run.

🤖 Generated with Claude Code

…204)

Same fix as #148: the ADR-0004 crate cutover (059cc0a) re-resolved
Cargo.lock and pulled the vulnerable 0.9.18 back in, so main's Security
Audit job has been red since #126/#149 merged. Lockfile-only,
semver-compatible; cargo audit now exits 0 with the CI ignore list.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@Nic-dorman
Nic-dorman merged commit 629b87f into main Jul 17, 2026
12 checks passed
@Nic-dorman
Nic-dorman deleted the chore/sec-audit-crossbeam-0.9.20 branch July 17, 2026 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant