Patch actix-http security advisory#28

Merged

tripledoublev merged 1 commit into

mainfrom

security/actix-http-3.12.1

May 31, 2026

Contributor

tripledoublev commented May 31, 2026

Summary

update Cargo.lock to use actix-http 3.12.1, addressing GHSA-xhj4-vrgc-hr34
leave the Veilid/Iroh-transitive advisories unchanged because their patched versions are blocked by current upstream semver constraints

Verification

cargo check --all-targets --all-features
cargo fmt --check
cargo clippy --all-targets --all-features -- -D warnings
SAVE_VEILID_LOCAL_TEST_MODE=1 cargo nextest run --profile ci-virtual --no-fail-fast -E 'test(basic_test) | test(test_health_endpoint) | test(test_upload_list_delete)'


          Patch actix-http security advisory

d0a6690

tripledoublev merged commit eddc281 into main

1 check passed

tripledoublev deleted the security/actix-http-3.12.1 branch

May 31, 2026 22:02

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet