Skip to content

fix(security): update fuzz cmov lockfile#2143

Merged
chaliy merged 1 commit into
mainfrom
codex/fix-cmov-fuzz-lock
Jul 5, 2026
Merged

fix(security): update fuzz cmov lockfile#2143
chaliy merged 1 commit into
mainfrom
codex/fix-cmov-fuzz-lock

Conversation

@chaliy

@chaliy chaliy commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

What

Updates the fuzz Cargo.lock so the fuzz dependency graph resolves cmov 0.5.4, the patched release for GHSA-3rjw-m598-pq24 / CVE-2026-50185.

Why

Dependabot alert 75 reports cmov < 0.5.4 in crates/bashkit/fuzz/Cargo.lock.

How

Regenerated the fuzz lockfile for the targeted dependency update and kept Cargo path-package metadata current.

Risk

Low. Lockfile-only update for the fuzz workspace.

Security

Addresses the reported vulnerable cmov version in the fuzz lockfile. No runtime code changed.

Verification

  • cargo tree -i cmov --manifest-path crates/bashkit/fuzz/Cargo.toml --locked
  • cargo check --manifest-path crates/bashkit/fuzz/Cargo.toml --locked
  • just test
  • just pre-pr

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
bashkit a021b13 Commit Preview URL

Branch Preview URL
Jul 05 2026, 06:57 PM

@chaliy chaliy merged commit 2ac839b into main Jul 5, 2026
26 checks passed
@chaliy chaliy deleted the codex/fix-cmov-fuzz-lock branch July 5, 2026 19:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant