Skip to content

chore: fix CI and address security alerts (quinn-proto, tokio)#121

Merged
raymondk merged 7 commits intomainfrom
lwshang/ci-refresh
Mar 14, 2026
Merged

chore: fix CI and address security alerts (quinn-proto, tokio)#121
raymondk merged 7 commits intomainfrom
lwshang/ci-refresh

Conversation

@lwshang
Copy link
Copy Markdown
Contributor

@lwshang lwshang commented Mar 13, 2026
edited
Loading

Summary

  • Update Rust toolchain to 1.85 and upgrade reqwest to 0.13
  • Update quinn-proto in Cargo.lock (security alert fix) by temporarily enabling reqwest/http3 feature
  • Run cargo update to pick up latest dependency versions (addresses tokio security alert)
  • Fix clippy warnings introduced by the toolchain/dependency updates
  • Update CI test runners and release workflow (dist 0.31.0)

Motivation

This PR resolves two Dependabot security alerts:

  • quinn-proto: updated via reqwest/http3 workaround in Cargo.lock
  • tokio: updated via cargo update

It also refreshes the CI configuration to use updated runners and the latest cargo-dist (0.31.0).

Test plan

  • CI passes on this branch
  • Security alerts for quinn-proto and tokio are resolved after merge

🤖 Generated with Claude Code

lwshang and others added 7 commits March 13, 2026 19:04
@lwshang
chore: dist init with 0.31.0
bf2215a
@lwshang
chore: update test.yml runners
8f8773a
@lwshang
chore: reqwest 0.13 and rust 1.85
783d914
@lwshang
chore: update quinn-proto in Cargo.lock by temporarily enable reqwest…
c9d973a 
…/http3
@lwshang
chore: clippy --fix
3276f30
@lwshang
chore: cargo update
578a65f
@lwshang @claude
chore: update cargo-deny config and action to v2
2236e1f 
Migrate deny.toml to the new cargo-deny format (removed deprecated
`default` and `deny` keys). Add OpenSSL and CDLA-Permissive-2.0 to the
allow list for aws-lc-sys and webpki-root-certs. Remove stale ring
exception and Unicode-DFS-2016. Upgrade CI action to v2.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@lwshang lwshang marked this pull request as ready for review March 13, 2026 23:31
@lwshang lwshang requested a review from a team as a code owner March 13, 2026 23:31
@raymondk raymondk merged commit 9e9fa8c into main Mar 14, 2026
21 checks passed
@raymondk raymondk deleted the lwshang/ci-refresh branch March 14, 2026 00:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raymondk raymondk raymondk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lwshang @raymondk