hubcio opened a new pull request, #3016: URL: https://github.com/apache/iggy/pull/3016
Dependabot flagged 16 vulnerabilities across Rust and npm lockfiles. 15 are resolved here; 1 (astral-tokio-tar, LOW) awaits an upstream testcontainers release. Rust (4 alerts): core/bench/dashboard/server had a stale Cargo.lock from before it joined the workspace. The root lockfile already had patched versions - the stale file was just confusing Dependabot. Deleted it. npm (11 alerts across web/, foreign/node/, examples/node/): transitive deps devalue, flatted, effect, and minimatch were pinned below patched versions. Added overrides to force minimum safe versions and regenerated lockfiles. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
