Skip to content

fix: Resolve security vulnerabilities in tar and rustls-webpki#12418

Merged
anthonyshew merged 1 commit intomainfrom
shew/cargo-audit
Mar 23, 2026
Merged

fix: Resolve security vulnerabilities in tar and rustls-webpki#12418
anthonyshew merged 1 commit intomainfrom
shew/cargo-audit

Conversation

@anthonyshew
Copy link
Contributor

@anthonyshew anthonyshew commented Mar 23, 2026

Summary

  • Bumps tar from 0.4.38 to 0.4.45 to fix two medium-severity vulnerabilities (RUSTSEC-2026-0067, RUSTSEC-2026-0068)
  • Updates rustls-webpki from 0.103.9 to 0.103.10 to fix a CRL distribution point matching bug (RUSTSEC-2026-0049)

All three vulnerabilities were flagged by cargo audit. The proc-macro-error unmaintained warning (RUSTSEC-2024-0370) remains as it's an upstream biome dependency issue.

@anthonyshew anthonyshew requested a review from a team as a code owner March 23, 2026 12:09
@anthonyshew anthonyshew requested review from tknickman and removed request for a team March 23, 2026 12:09
@vercel
Copy link
Contributor

vercel bot commented Mar 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
examples-basic-web Ready Ready Preview, Comment, Open in v0 Mar 23, 2026 0:10am
examples-designsystem-docs Ready Ready Preview, Comment, Open in v0 Mar 23, 2026 0:10am
examples-gatsby-web Ready Ready Preview, Comment, Open in v0 Mar 23, 2026 0:10am
examples-kitchensink-blog Ready Ready Preview, Comment, Open in v0 Mar 23, 2026 0:10am
examples-nonmonorepo Ready Ready Preview, Comment, Open in v0 Mar 23, 2026 0:10am
examples-svelte-web Ready Ready Preview, Comment, Open in v0 Mar 23, 2026 0:10am
examples-tailwind-web Ready Ready Preview, Comment, Open in v0 Mar 23, 2026 0:10am
examples-vite-web Ready Ready Preview, Comment, Open in v0 Mar 23, 2026 0:10am
turbo-site Ready Ready Preview, Comment, Open in v0 Mar 23, 2026 0:10am
turborepo-agents Ready Ready Preview, Comment, Open in v0 Mar 23, 2026 0:10am

@anthonyshew anthonyshew changed the title fix: Resolve security vulnerabilities in tar and rustls-webpki fix: Resolve security vulnerabilities in tar and rustls-webpki Mar 23, 2026
@anthonyshew anthonyshew merged commit f09b138 into main Mar 23, 2026
59 checks passed
@anthonyshew anthonyshew deleted the shew/cargo-audit branch March 23, 2026 12:23
github-actions bot added a commit that referenced this pull request Mar 23, 2026
@github-actions @turbobot-temp
release(turborepo): 2.8.21-canary.5 (#12420)
8aca047 
## Release v2.8.21-canary.5

Versioned docs: https://v2-8-21-canary-5.turborepo.dev

### Changes

- fix: Add NixOS environment variables to default passthroughs (#12417)
(`4f12c69`)
- release(turborepo): 2.8.21-canary.4 (#12419) (`19cb539`)
- fix: Resolve security vulnerabilities in `tar` and `rustls-webpki`
(#12418) (`f09b138`)

Co-authored-by: Turbobot <[email protected]>
@github-actions github-actions bot mentioned this pull request Mar 23, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tknickman tknickman Awaiting requested review from tknickman tknickman is a code owner automatically assigned from vercel/turbo-oss

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@anthonyshew