studio/marathon
2
0
Fork 0
Code Issues 121 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deps): update lru to 0.16.3 to address Dependabot alert #1

Browse Source 
Addresses CVE regarding IterMut violating Stacked Borrows in lru crate.

Changes:
- Update lru v0.16.2 -> v0.16.3 (patched version)
- Remove vulnerable lru v0.12.5 and v0.13.0
- Update ratatui v0.29 -> v0.30 in marathonctl
- Remove unnecessary ratatui/crossterm from app crate
- Update pkarr v5.0.0 -> v5.0.2
- Bump libmarathon v0.1.1 -> v0.1.2
- Bump marathonctl dependency on libmarathon to 0.1.2

All lru versions now use the patched 0.16.3 release.

Fixes: https://github.com/r3t-studios/marathon/security/dependabot/1

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Sienna Meridian Satterwhite
2026-02-07 13:15:22 +00:00
parent 841d758316
commit 7c64de9795
5 changed files with 1156 additions and 707 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/app/Cargo.toml
View File

@@ -38,8 +38,6 @@ futures-lite.workspace = true
bytes.workspace = true
crossbeam-channel.workspace = true
clap.workspace = true
ratatui = "0.29"
crossterm = "0.28"
[target.'cfg(target_os = "ios")'.dependencies]
objc = "0.2"