chore: update aws-lc-sys to fix dependabot alerts#157
Merged
sachiniyer merged 2 commits intomainfrom Mar 7, 2026
Merged
Conversation
The CLI is no longer in alpha, so remove the warning banner. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update aws-lc-rs 1.15.4 -> 1.16.1 and aws-lc-sys 0.37.1 -> 0.38.0 to resolve 3 high-severity dependabot alerts (PKCS7_verify signature validation bypass, AES-CCM timing side-channel, PKCS7_verify chain validation bypass). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
sachiniyer
force-pushed
the
siyer/dependabot
branch
from
02f6b1a to
267b342
Compare
5 tasks
sachiniyer
added a commit
that referenced
this pull request
Mar 7, 2026
## Summary - **Major version bumps** (6 packages): - `progenitor` 0.12 → 0.13 - `toml` 0.9 → 1.0 - `dialoguer` 0.11 → 0.12 - `termimad` 0.30 → 0.34 - `rand` 0.9 → 0.10 (removed `small_rng` feature flag, now always included) - `axoupdater` 0.9 → 0.10 - **48 semver-compatible** patch/minor updates via `cargo update` - Added explicit tokio `signal` feature (previously transitively enabled by `reqwest` 0.12) - Includes the `aws-lc-sys` security fix from #157 ## Test plan - [x] `cargo check` passes - [x] `cargo test` — all 139 tests pass - [x] `cargo build --release` succeeds - [x] Manual CLI testing: `--version`, `--help`, `auth status`, `repos list`, `bugs list`, `version` - [x] No new clippy errors introduced 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- devin-review-badge-begin --> --- <a href="https://app.devin.ai/review/usedetail/cli/pull/158" target="_blank"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1"> <img src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1" alt="Open with Devin"> </picture> </a> <!-- devin-review-badge-end --> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
aws-lc-rs1.15.4 → 1.16.1 andaws-lc-sys0.37.1 → 0.38.0Test plan
cargo checkpasses🤖 Generated with Claude Code