Skip to content

deps: update salvo to 0.89.2 and zip to 7.2.0#643

Merged
AlexMikhalev merged 2 commits intomainfrom
test-major-updates
Mar 7, 2026
Merged

deps: update salvo to 0.89.2 and zip to 7.2.0#643
AlexMikhalev merged 2 commits intomainfrom
test-major-updates

Conversation

@AlexMikhalev
Copy link
Contributor

@AlexMikhalev AlexMikhalev commented Mar 7, 2026

This PR updates major dependencies:

Changes

  • salvo: 0.74.3 → 0.89.2 (includes security fixes)
  • zip: 2.4.2 → 7.2.0

Security Fixes in salvo 0.89.2

  • CSRF timing attack prevention (constant-time comparison)
  • Session secret key validation (64 bytes minimum)
  • Path traversal protection in serve-static
  • Upload ID validation in TUS

Breaking Change Fixed

  • TcpListener::new() now requires 'static address parameter
  • Fixed in: crates/terraphim_github_runner_server/src/main.rs:426
  • Changed from TcpListener::new(&addr) to TcpListener::new(addr)

Testing

  • cargo check --workspace passes
  • cargo test --workspace --lib passes (108 tests)

Related PRs

Closes: #618 (salvo update)
Closes: #614 (zip update)

dependabot bot and others added 2 commits March 6, 2026 15:03
@dependabot
chore(deps)(deps): bump salvo from 0.74.3 to 0.89.2
a53475f 
Bumps [salvo](https://github.com/salvo-rs/salvo) from 0.74.3 to 0.89.2.
- [Release notes](https://github.com/salvo-rs/salvo/releases)
- [Commits](salvo-rs/salvo@v0.74.3...v0.89.2)

---
updated-dependencies:
- dependency-name: salvo
  dependency-version: 0.89.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
merge salvo and zip updates with fixes
79dfbab
@AlexMikhalev AlexMikhalev merged commit 50cdabe into main Mar 7, 2026
11 of 13 checks passed
@AlexMikhalev AlexMikhalev deleted the test-major-updates branch March 7, 2026 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AlexMikhalev