Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto merge of #110008 - klensy:deps-up-apr-06, r=Mark-Simulacrum
bump few deps Update few deps to fix security vulns, future incompatibilities, duplicates. `jemalloc-sys` v0.5.0+5.3.0 -> v0.5.3+5.3.0-patched: fixes future-incompatibilities by dropping fs_extra (https://github.com/rust-lang-ci/rust/actions/runs/4626595610/jobs/8183514150#step:26:19499, https://github.com/tikv/jemallocator/blob/tikv-jemalloc-sys-0.5.3/CHANGELOG.md) `openssl-src` v111.22.0+1.1.1q -> v111.25.0+1.1.1t: fixes few vulns: https://www.openssl.org/news/vulnerabilities-1.1.1.html https://www.cve.org/CVERecord?id=CVE-2022-4304 https://www.cve.org/CVERecord?id=CVE-2022-4450 https://www.cve.org/CVERecord?id=CVE-2023-0215 https://www.cve.org/CVERecord?id=CVE-2023-0286 There exist newer openssl version 1.1.1u with low severity vulns, but no crate update yet `openssl` crate with deps 0.10.38 ->0.10.49 fixes vulns (https://github.com/sfackler/rust-openssl/blob/openssl-v0.10.49/openssl/CHANGELOG.md) https://rustsec.org/advisories/RUSTSEC-2023-0022 https://rustsec.org/advisories/RUSTSEC-2023-0023 https://rustsec.org/advisories/RUSTSEC-2023-0024 update `env_logger` for `rustbook` and `cargo_metadata` for `tidy` to newer versions (still used by `rustfmt`, `miri`)
- Loading branch information