From 73e38700306d8c79c7fdc83138dcb09b27d8da6c Mon Sep 17 00:00:00 2001
From: jadamcrain <jadamcrain@gmail.com>
Date: Sat, 7 Feb 2026 08:45:20 -0800
Subject: [PATCH] update bytes to 1.11.1 and cargo-audit to 0.22.1

- bytes 1.10.1 -> 1.11.1 resolves CVE-2026-25541 (integer overflow in BytesMut::reserve)
- cargo-audit 0.22.0 -> 0.22.1 fixes CVSS v4.0 advisory parsing
---
 .github/workflows/security-audit.yml | 2 +-
 Cargo.lock                           | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
index 38103e15..b419d430 100644
--- a/.github/workflows/security-audit.yml
+++ b/.github/workflows/security-audit.yml
@@ -25,7 +25,7 @@ jobs:
         uses: cargo-bins/cargo-binstall@main
 
       - name: Install cargo-audit binary (fast)
-        run: cargo binstall cargo-audit@0.22.0 --no-confirm
+        run: cargo binstall cargo-audit@0.22.1 --no-confirm
 
       - name: Run security audit
         id: audit
diff --git a/Cargo.lock b/Cargo.lock
index fb1967bb..a0956430 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -232,9 +232,9 @@ checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43"
 
 [[package]]
 name = "bytes"
-version = "1.10.1"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
 
 [[package]]
 name = "cbc"