Update Rust crate anyhow to v1.0.103 [SECURITY] #7
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/crate-anyhow-vulnerability"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
1.0.102→1.0.103Unsoundness in
Error::downcast_mut()RUSTSEC-2026-0190
More information
Details
Affected versions of this crate violate borrow rules, resulting in undefined behavior, when the user adds context to an error via
Error::contextand then later callsError::downcast_muton the returnedError.The flaw was corrected in commit
6e8c000by revising how the mutable reference is constructed, avoiding inclusion of a shared reference in the resulting borrow chain.Example
Miri output
Severity
Unknown
References
This data is provided by OSV and the Rust Advisory Database (CC0 1.0).
Configuration
📅 Schedule: (in timezone UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.
View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Forgejo.Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.