Skip to content

chore(deps): bump lz4_flex from 0.11.5 to 0.11.6#7

Merged
anidotnet merged 1 commit into
mainfrom
dependabot/cargo/lz4_flex-0.11.6
Jun 5, 2026
Merged

chore(deps): bump lz4_flex from 0.11.5 to 0.11.6#7
anidotnet merged 1 commit into
mainfrom
dependabot/cargo/lz4_flex-0.11.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps lz4_flex from 0.11.5 to 0.11.6.

Changelog

Sourced from lz4_flex's changelog.

0.11.6 (2026-03-14)

Security Fix

Invalid match offsets (offset == 0) during decompression were not properly
handled, which could lead to invalid memory reads on untrusted input.
Users on 0.11.x should upgrade to 0.11.6.
Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Mar 16, 2026
@anidotnet

anidotnet commented May 31, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot
chore(deps): bump lz4_flex from 0.11.5 to 0.11.6
ead5a5e 
Bumps [lz4_flex](https://github.com/pseitz/lz4_flex) from 0.11.5 to 0.11.6.
- [Release notes](https://github.com/pseitz/lz4_flex/releases)
- [Changelog](https://github.com/PSeitz/lz4_flex/blob/main/CHANGELOG.md)
- [Commits](PSeitz/lz4_flex@0.11.5...0.11.6)

---
updated-dependencies:
- dependency-name: lz4_flex
  dependency-version: 0.11.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/lz4_flex-0.11.6 branch from 77f949c to ead5a5e Compare May 31, 2026 19:26
@anidotnet anidotnet merged commit 8c3017c into main Jun 5, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/cargo/lz4_flex-0.11.6 branch June 5, 2026 21:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@anidotnet