From 94872cf364a9e011c9792689f9f6c4d414fc61f3 Mon Sep 17 00:00:00 2001 From: Vitalii Parfonov Date: Wed, 8 Apr 2026 17:00:09 +0300 Subject: [PATCH] fix(deps): update lz4_flex dependency to 0.11.6 to fix CVE-2026-32829 The impact is potential exposure of sensitive data and secrets through crafted or malformed LZ4 input. This issue has been fixed in versions 0.11.6. --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c56a6f081cac2..10e407a2bcefa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6503,9 +6503,9 @@ dependencies = [ [[package]] name = "lz4_flex" -version = "0.11.5" +version = "0.11.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08ab2867e3eeeca90e844d1940eab391c9dc5228783db2ed999acbc0a9ed375a" +checksum = "373f5eceeeab7925e0c1098212f2fbc4d416adec9d35051a6ab251e824c1854a" dependencies = [ "twox-hash", ]