pezkuwichain/pezkuwi-sdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: fix wasmtime and tracing-subscriber vulnerabilities

Browse Source 
- wasmtime: 35.0.0 → 37.0.3 (fixes GHSA-hc7m-r6v8-hg9q)
- tracing-subscriber: 0.3.18 → 0.3.20 (fixes CVE-2025-58160)

Note: ring 0.16.20 vulnerability (CVE-2025-4432) remains due to
libp2p/zombienet-sdk dependency chain. Requires vendor update.
This commit is contained in:
Kurdistan Tech Ministry
2025-12-23 03:27:22 +03:00
parent 13c4749c4a
commit 53d5522bd5
2 changed files with 523 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Cargo.toml
+2 -2
View File
@@ -1558,7 +1558,7 @@ tracing = { version = "0.1.37", default-features = false }
tracing-core = { version = "0.1.32", default-features = false }
tracing-futures = { version = "0.2.4" }
tracing-log = { version = "0.2.0" }
tracing-subscriber = { version = "0.3.18" }
tracing-subscriber = { version = "0.3.20" }
tracking-allocator = { path = "pezkuwi/node/tracking-allocator", default-features = false, package = "pezstaging-tracking-allocator" }
trie-bench = { version = "=0.42.0" }
trie-db = { version = "0.30.0", default-features = false }
@@ -1584,7 +1584,7 @@ wasm-instrument = { version = "0.4", default-features = false }
wasm-opt = { version = "0.116" }
wasm-timer = { version = "0.2.5" }
wasmi = { version = "0.32.3", default-features = false }
wasmtime = { version = "35.0.0", default-features = false }
wasmtime = { version = "37.0.0", default-features = false }
wat = { version = "1.0.0" }
web-sys = { version = "0.3.70" }
web-time = { version = "1.1", default-features = false }