Pull in fix for unsafe-libyaml security advisory

2023-12-26 14:02:43 -08:00 · 2023-12-26 14:02:43 -08:00 · 0acb979e9e
parent b89dc15be1
commit 0acb979e9e
3 changed files with 6 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -16,6 +16,7 @@
 - Update Arch Linux package URL in README files #2779 (@brunobell)
 - Update and improve `zsh` completion, see #2772 (@okapia)
 - Use proper Architecture for Debian packages built for musl, see #2811 (@Enselic)
+- Pull in fix for unsafe-libyaml security advisory, see #2812 (@dtolnay)

 ## Syntaxes

--- a/Cargo.lock
+++ b/Cargo.lock
@ -1111,9 +1111,9 @@ dependencies = [

 [[package]]
 name = "serde_yaml"
-version = "0.9.25"
+version = "0.9.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a49e178e4452f45cb61d0cd8cebc1b0fafd3e41929e996cef79aa3aca91f574"
+checksum = "a15e0ef66bf939a7c890a0bf6d5a733c70202225f9888a89ed5c62298b019129"
 dependencies = [
 "indexmap 2.0.2",
 "itoa",
@ -1342,9 +1342,9 @@ checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85"

 [[package]]
 name = "unsafe-libyaml"
-version = "0.2.9"
+version = "0.2.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f28467d3e1d3c6586d8f25fa243f544f5800fec42d97032474e17222c2b75cfa"
+checksum = "ab4c90930b95a82d00dc9e9ac071b4991924390d46cbd0dfe566148667605e4b"

 [[package]]
 name = "url"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -54,7 +54,7 @@ shell-words = { version = "1.1.0", optional = true }
 unicode-width = "0.1.11"
 globset = "0.4"
 serde = { version = "1.0", features = ["derive"] }
-serde_yaml = "0.9"
+serde_yaml = "0.9.28"
 semver = "1.0"
 path_abs = { version = "0.5", default-features = false }
 clircle = "0.4"