Skip to content

Comments

chore: update alloy-dyn-abi to address CVE-2025-62370#691

Merged
mergify[bot] merged 2 commits intosigp:release-v1.0.0from
dknopik:fix-alloy-vuln
Oct 15, 2025
Merged

chore: update alloy-dyn-abi to address CVE-2025-62370#691
mergify[bot] merged 2 commits intosigp:release-v1.0.0from
dknopik:fix-alloy-vuln

Conversation

@dknopik
Copy link
Member

@dknopik dknopik commented Oct 15, 2025

Issue Addressed

CI is failing due to GHSA-pgp9-98jm-wwq2

Proposed Changes

cargo update alloy-dyn-abi, then undo some downgraded package dependencies due to a cargo issue where unrelated downgrades are performed on selective updates (see second commit).

@dknopik dknopik added ready-for-review This PR is ready to be reviewed chore v1.0.0 First Mainnet-release labels Oct 15, 2025
@diegomrsantos
Copy link
Member

Any idea about the reason for the downgrades?

@dknopik
Copy link
Member Author

dknopik commented Oct 15, 2025

I assume a bug in cargo.

@diegomrsantos
Copy link
Member

Maybe rust-lang/cargo#14115 ?

@diegomrsantos
Copy link
Member

Can we also get it merged into unstable?

@dknopik dknopik added ready-for-merge and removed ready-for-review This PR is ready to be reviewed labels Oct 15, 2025
@mergify mergify bot merged commit 021943e into sigp:release-v1.0.0 Oct 15, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants