studio/marathon
2
0
Fork 0
Code Issues 121 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deps): update lru to 0.16.3 to address Dependabot alert #1

Browse Source 
Addresses CVE regarding IterMut violating Stacked Borrows in lru crate.

Changes:
- Update lru v0.16.2 -> v0.16.3 (patched version)
- Remove vulnerable lru v0.12.5 and v0.13.0
- Update ratatui v0.29 -> v0.30 in marathonctl
- Remove unnecessary ratatui/crossterm from app crate
- Update pkarr v5.0.0 -> v5.0.2
- Bump libmarathon v0.1.1 -> v0.1.2
- Bump marathonctl dependency on libmarathon to 0.1.2

All lru versions now use the patched 0.16.3 release.

Fixes: https://github.com/r3t-studios/marathon/security/dependabot/1

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Sienna Meridian Satterwhite
2026-02-07 13:15:22 +00:00
parent 841d758316
commit 7c64de9795
5 changed files with 1156 additions and 707 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/macros/Cargo.toml
View File

@@ -1,6 +1,6 @@
[package]
name = "libmarathon-macros"
version = "0.1.1"
version = "0.1.2"
edition.workspace = true
description = "Procedural macros for the Marathon game engine"
license = "MIT"