Skip to content

Bump bytes to 1.11.1 to fix RUSTSEC-2026-0007#8743

Merged
michaelsproul merged 1 commit into
sigp:release-v8.1from
jimmygchen:fix-bytes-audit
Feb 4, 2026
Merged

Bump bytes to 1.11.1 to fix RUSTSEC-2026-0007#8743
michaelsproul merged 1 commit into
sigp:release-v8.1from
jimmygchen:fix-bytes-audit

Conversation

@jimmygchen

Copy link
Copy Markdown
Member

Description

Fixes integer overflow vulnerability in BytesMut::reserve (RUSTSEC-2026-0007) by bumping bytes from 1.11.0 to 1.11.1.

Additional Info

Advisory: GHSA-434x-w66g-qw3r

@jimmygchen jimmygchen added the ready-for-review The code is ready for review label Feb 4, 2026

@michaelsproul michaelsproul left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@michaelsproul michaelsproul added ready-for-merge This PR is ready to merge. and removed ready-for-review The code is ready for review labels Feb 4, 2026
@mergify mergify Bot added the queued label Feb 4, 2026
@mergify

mergify Bot commented Feb 4, 2026

Copy link
Copy Markdown

Merge Queue Status

🚫 The pull request has left the queue (rule: default) at 8e49cfe

This pull request spent 2 minutes 7 seconds in the queue, with no time running CI.
The checks were run on draft #8744.

Required conditions to merge
  • check-success=local-testnet-success
  • check-success=test-suite-success

Reason

Pull request #8743 has been merged manually at c25a975

Hint

You were too fast!

mergify Bot added a commit that referenced this pull request Feb 4, 2026
@michaelsproul michaelsproul merged commit c25a975 into sigp:release-v8.1 Feb 4, 2026
24 of 26 checks passed
@mergify mergify Bot added dequeued and removed queued labels Feb 4, 2026
@mergify

mergify Bot commented Mar 6, 2026

Copy link
Copy Markdown

Merge Queue Status

Rule: default


This pull request spent 2 minutes 7 seconds in the queue, with no time running CI.

Required conditions to merge
  • check-success=local-testnet-success
  • check-success=test-suite-success

Reason

Pull request #8743 has been merged manually at c25a975

Hint

You were too fast!

@jimmygchen jimmygchen deleted the fix-bytes-audit branch March 6, 2026 02:38
@mergify mergify Bot removed the dequeued label Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ready-for-merge This PR is ready to merge.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants