From 1634db667755c3207b68b48ec69b2b3bb1c870d5 Mon Sep 17 00:00:00 2001 From: Michael Bolin Date: Tue, 3 Feb 2026 09:08:04 -0800 Subject: [PATCH] chore: update bytes crate in response to security advisory (#10525) While here, remove one advisory from `deny.toml` that has been addressed (it was showing up as a warning). --- codex-rs/Cargo.lock | 4 ++-- codex-rs/deny.toml | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/codex-rs/Cargo.lock b/codex-rs/Cargo.lock index 5fc804f2f..259636152 100644 --- a/codex-rs/Cargo.lock +++ b/codex-rs/Cargo.lock @@ -911,9 +911,9 @@ checksum = "8f1fe948ff07f4bd06c30984e69f5b4899c516a3ef74f34df92a2df2ab535495" [[package]] name = "bytes" -version = "1.11.0" +version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" [[package]] name = "bytestring" diff --git a/codex-rs/deny.toml b/codex-rs/deny.toml index 3e260ac24..0a4a08bd8 100644 --- a/codex-rs/deny.toml +++ b/codex-rs/deny.toml @@ -73,7 +73,6 @@ ignore = [ { id = "RUSTSEC-2024-0388", reason = "derivative is unmaintained; pulled in via starlark v0.13.0 used by execpolicy/cli/core; no fixed release yet" }, { id = "RUSTSEC-2025-0057", reason = "fxhash is unmaintained; pulled in via starlark_map/starlark v0.13.0 used by execpolicy/cli/core; no fixed release yet" }, { id = "RUSTSEC-2024-0436", reason = "paste is unmaintained; pulled in via ratatui/rmcp/starlark used by tui/execpolicy; no fixed release yet" }, - { id = "RUSTSEC-2025-0134", reason = "rustls-pemfile is unmaintained; pulled in via rama-tls-rustls used by codex-network-proxy; no safe upgrade until rama removes the dependency" }, # TODO(joshka, nornagon): remove this exception when once we update the ratatui fork to a version that uses lru 0.13+. { id = "RUSTSEC-2026-0002", reason = "lru 0.12.5 is pulled in via ratatui fork; cannot upgrade until the fork is updated" }, ]