deps: bump anyhow 1.0.102 → 1.0.103

Fixes RUSTSEC-2026-0190 — unsoundness in anyhow::Error::downcast_mut()
in versions < 1.0.103.

We do not call anyhow::Error::downcast_mut() anywhere in the codebase,
so we are not directly exploiting the unsound path, but the bump is
applied to eliminate the advisory from cargo-audit output.

Ref: https://osv.dev/RUSTSEC-2026-0190

Generated-by: IBM Bob
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
2026-07-10 09:51:37 -07:00
parent 7598cc0b00
commit 168c4a3b6f
2 changed files with 3 additions and 3 deletions

4
Cargo.lock generated
View File

@@ -155,9 +155,9 @@ dependencies = [
[[package]]
name = "anyhow"
version = "1.0.102"
version = "1.0.103"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
checksum = "2a4385e2e34eb35d6b3efe798b9eb88096925d87726c0798709bf56d9ed84af3"
[[package]]
name = "api_client"

View File

@@ -149,7 +149,7 @@ vsock-exporter = { path = "src/agent/vsock-exporter" }
# Outside dependencies
actix-rt = "2.7.0"
anyhow = "1.0"
anyhow = "1.0.103"
awaitgroup = "0.7.0"
base64 = "0.22"
async-recursion = "0.3.2"