Security: update tracing-subscriber to ~0.3.20 (ANSI escape injection fix, GHSA-xwfj-jgwm-7wp5) (#1288)

* Security: pin tracing-subscriber to 0.3.20 (fix ANSI escape injection, GHSA-xwfj-jgwm-7wp5)\n\n- Ensure tracing-subscriber is 0.3.20\n- Document reason near tracing init\n- Windows: enable winapi features (consoleapi, wincon) to fix build\n- Verified build passes locally\n\nRefs:\n- GHSA-xwfj-jgwm-7wp5 * Update src/utils.rs Co-authored-by: Gideon <87426140+GideonBear@users.noreply.github.com> * Update Cargo.toml Co-authored-by: Gideon <87426140+GideonBear@users.noreply.github.com> --------- Co-authored-by: niStee <52573120+niStee@users.noreply.github.comclear> Co-authored-by: Gideon <87426140+GideonBear@users.noreply.github.com>
2025-08-31 20:51:08 +02:00
parent 7b3fec0349
commit 31d8e579c6
2 changed files with 23 additions and 45 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -45,7 +45,7 @@ semver = "~1.0"
 shell-words = "~1.1"
 color-eyre = "~0.6"
 tracing = { version = "~0.1", features = ["attributes", "log"] }
-tracing-subscriber = { version = "~0.3", features = ["env-filter", "time"] }
+tracing-subscriber = { version = "~0.3.20", features = ["env-filter", "time"] }
 merge = "~0.1"
 regex-split = "~0.1"
 notify-rust = "~4.11"
@@ -79,7 +79,7 @@ self_update_crate = { version = "~0.40", default-features = false, optional = tr

 [target.'cfg(windows)'.dependencies]
 self_update_crate = { version = "~0.40", default-features = false, optional = true, package = "self_update", features = ["archive-zip", "compression-zip-deflate", "rustls"] }
-winapi = "~0.3"
+winapi = { version = "~0.3", features = ["consoleapi", "wincon"] }
 parselnk = "~0.1"

 [profile.release]