Skip to content

fix(deps): update vulnerable Rust dependencies#139

Merged
chaliy merged 1 commit into
mainfrom
codex/update-pyo3-alerts
Jul 4, 2026
Merged

fix(deps): update vulnerable Rust dependencies#139
chaliy merged 1 commit into
mainfrom
codex/update-pyo3-alerts

Conversation

@chaliy

@chaliy chaliy commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

What

Update vulnerable Rust dependencies in the Python binding path.

Why

Dependabot reported open PyO3 advisories, and local audit also surfaced a vulnerable quinn-proto transitive dependency.

How

  • Bump fetchkit-python PyO3 dependencies from 0.28 to 0.29
  • Refresh Cargo.lock for the PyO3 family
  • Bump quinn-proto from 0.11.14 to 0.11.16

Risk

  • Low
  • Dependency-only update; Python binding API still compiles against PyO3 0.29

Checklist

  • Unit tests are passed
  • Smoke tests are passed
  • Documentation is updated or not needed
  • Specs are up to date and not in conflict
  • cargo audit checked

@chaliy chaliy merged commit 1c43b4e into main Jul 4, 2026
11 checks passed
@chaliy chaliy deleted the codex/update-pyo3-alerts branch July 4, 2026 21:30
@chaliy chaliy mentioned this pull request Jul 4, 2026
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant