Update sqlx to 0.8.6 to fix security vulnerability · vitorpy.com/noreposts-atproto-feed@91d3ffa

Noreposts Feed

Update sqlx to 0.8.6 to fix security vulnerability

Fixes GHSA-xmrp-424f-vfpx (CVE for protocol-level SQL injection)

The vulnerability affects sqlx <= 0.8.0 where encoding values larger
than 4GiB can cause the length prefix in the protocol to overflow.

Updated from 0.7.4 to 0.8.6 which includes the fix.

Vitor Py Braga 5 months ago 91d3ffae c4a92736

+1 -1

1 changed file

expand all

Cargo.toml

+1 -1

Cargo.toml

··· 21 21 tower-http = { version = "0.5", features = ["cors", "trace"] } 22 22 23 23 # Database 24 - sqlx = { version = "0.7", features = ["runtime-tokio-rustls", "sqlite", "chrono", "uuid"] } 24 + sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "sqlite", "chrono", "uuid"] } 25 25 26 26 # Async runtime 27 27 tokio = { version = "1.0", features = ["full"] }