fix: upgrade dependencies to resolve cargo-audit security vulnerabilities by ruokun-niu · Pull Request #331 · drasi-project/drasi-core

ruokun-niu · 2026-03-11T21:04:00Z

Description

Upgrade dependencies to resolve cargo-audit security vulnerabilities.

Upgrade testcontainers 0.23 → 0.26 to eliminate tokio-tar 0.3.1 transitive dependency (RUSTSEC-2025-0111 / CVE-2025-62518, critical file smuggling vulnerability)
Upgrade testcontainers-modules 0.11 → 0.14
Upgrade mysql_async 0.34 → 0.36 in storedproc-mysql to mitigate lru unsoundness warning (RUSTSEC-2026-0002)

fixes: #281

This pull request fixes a bug in Drasi and has an approved issue (issue link required).
This pull request adds or changes features of Drasi and has an approved issue (issue link required).
This pull request is a minor refactor, code cleanup, test improvement, or other maintenance task and doesn't change the functionality of Drasi (issue link optional).

Fixes: #issue_number

Signed-off-by: ruokun-niu <ruokunniu@gmail.com>

vulnerability fix

dbae877

Signed-off-by: ruokun-niu <ruokunniu@gmail.com>

ruokun-niu requested a review from a team as a code owner March 11, 2026 21:04

ruokun-niu requested review from agentofreality, amansinghoriginal and danielgerlag March 11, 2026 21:04

danielgerlag approved these changes Mar 13, 2026

View reviewed changes

github-actions bot added the need-2nd-review Has one approval, needs a second review label Mar 13, 2026