Security: Update vulnerable dependencies #64

New issue

Closed

opened 2026-04-26 16:46:20 +00:00 by icub3d · 0 comments

icub3d commented 2026-04-26 16:46:20 +00:00

Owner

Copy link

Migrated from GitHub issue icub3d/decentcom#90
Original Author: @icub3d
Original Date: 2026-04-18T18:23:22Z

---

Overview

Update Rust and Node.js dependencies that have known security vulnerabilities or are unmaintained.

Requirements

• Upgrade sqlx to 0.8.1+ to fix RUSTSEC-2024-0363.
• Update rand to address RUSTSEC-2026-0097.
• Update tauri-plugin-deep-link from yanked 2.4.8.
• Update unmaintained GTK3 bindings if possible, or acknowledge as future tech debt for Tauri v3.
• Run cargo audit and pnpm audit after updates to confirm no critical vulnerabilities remain.

Task List

• Update Cargo.toml workspace dependencies for sqlx and rand.
• Update client/src-tauri/Cargo.toml for tauri-plugin-deep-link.
• Run cargo update and pnpm update.
• Verify build and run existing tests.

**Migrated from GitHub issue icub3d/decentcom#90** **Original Author:** @icub3d **Original Date:** 2026-04-18T18:23:22Z --- ## Overview Update Rust and Node.js dependencies that have known security vulnerabilities or are unmaintained. ## Requirements - [x] Upgrade `sqlx` to 0.8.1+ to fix RUSTSEC-2024-0363. - [x] Update `rand` to address RUSTSEC-2026-0097. - [x] Update `tauri-plugin-deep-link` from yanked 2.4.8. - [ ] Update unmaintained GTK3 bindings if possible, or acknowledge as future tech debt for Tauri v3. - [x] Run `cargo audit` and `pnpm audit` after updates to confirm no critical vulnerabilities remain. ## Task List - [x] Update `Cargo.toml` workspace dependencies for `sqlx` and `rand`. - [x] Update `client/src-tauri/Cargo.toml` for `tauri-plugin-deep-link`. - [x] Run `cargo update` and `pnpm update`. - [x] Verify build and run existing tests.

icub3d 2026-04-26 16:46:20 +00:00

• closed this issue
• added the
  type:bug
  status:complete
  area:infra
  labels

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feature/115-chatbot-2

feature/16-dms

gh-pages

No results found.

Labels

Clear labels   

area:api

Backend endpoints, REST, DB, Gateway

  

area:core

Shared Rust logic, crypto, Tauri shell

  

area:docs

Documentation, OpenAPI specs, architecture

  

area:infra

Deployment, Docker, build tools

  

area:ux

Frontend UI, React components, Tailwind

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

rust

Pull requests that update rust code

  

status:complete

Feature fully implemented

  

status:partial

Partially implemented (server done, client pending)

  

status:planned

Not yet started

  

type:bug

Bug fixes

  

type:design

Architectural changes, major design decisions

  

type:feature

New features

  

type:infra

Infrastructure and CI/CD changes

  

type:refactor

Code improvements without behavioral changes

  

type:research

Spikes, investigating new tech

  

type:ux

User experience improvements

  

wontfix

This will not be worked on

No labels

area:api

area:core

area:docs

area:infra

area:ux

dependencies

documentation

duplicate

good first issue

help wanted

invalid

question

rust

status:complete

status:partial

status:planned

type:bug

type:design

type:feature

type:infra

type:refactor

type:research

type:ux

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

icub3d/decentcom#64

No description provided.