From 60471d6dfa5be59e4f8a8ee4e46eee208588f85d Mon Sep 17 00:00:00 2001 From: kingchenc Date: Wed, 8 Jul 2026 17:48:23 +0200 Subject: [PATCH] fix(deps): bump crossbeam-epoch to 0.9.20 (RUSTSEC-2026-0204) RustSec published RUSTSEC-2026-0204: an invalid pointer dereference in the fmt::Pointer impl for crossbeam-epoch's Atomic and Shared when the underlying pointer is invalid. It reaches us transitively via crossbeam-deque. The fix is a lock-only patch bump to the already-compatible 0.9.20 (no Cargo.toml or code change). cargo-deny's advisories check now passes. --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 28c9e7f4..044b51ba 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -277,9 +277,9 @@ dependencies = [ [[package]] name = "crossbeam-epoch" -version = "0.9.18" +version = "0.9.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +checksum = "2d6914041f254d6e9176c01941b21115dcfb7089e55135a35411081bd106ef3f" dependencies = [ "crossbeam-utils", ]