Skip to content

Fix vulnerable crossbeam dependency, audit strategy#73

Merged
EnriqueL8 merged 4 commits into
mainfrom
sg/patch-crossbeam
Jul 8, 2026
Merged

Fix vulnerable crossbeam dependency, audit strategy#73
EnriqueL8 merged 4 commits into
mainfrom
sg/patch-crossbeam

Conversation

@SupernaviX

Copy link
Copy Markdown
Contributor

Context

After merging a "speed up the build" PR, the main branch's "test" job was failing. Cargo audit was flagging a new vuln reported yesterday.

Important Changes Introduced

First of all, update dependencies past the vulnerability. (Not sure why Dependabot didn't do this, maybe because it was a transitive version bump).

Secondly, invoke cargo audit on a cronjob (daily at midnight UTC) instead of on changes. It will open an issue reporting any vulnerabilities, and will not block builds. This means that vulnerabilities reported outside of active development windows will be caught and addressed quickly.

Signed-off-by: Simon Gellis <simongellis@gmail.com>
Signed-off-by: Simon Gellis <simongellis@gmail.com>
@SupernaviX SupernaviX requested a review from a team as a code owner July 7, 2026 13:58
Signed-off-by: Simon Gellis <simongellis@gmail.com>
Signed-off-by: Simon Gellis <simongellis@gmail.com>

@EnriqueL8 EnriqueL8 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @SupernaviX , agree on the cron job cadence!

@EnriqueL8 EnriqueL8 merged commit 76f87ba into main Jul 8, 2026
5 checks passed
@EnriqueL8 EnriqueL8 deleted the sg/patch-crossbeam branch July 8, 2026 13:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants