chore(deps)(deps): bump rpassword from 7.4.0 to 7.5.0#2
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
d11a7e0 to
1fbd971
Compare
Security Scan - CodeSeverity: HIGH, CRITICAL No vulnerabilities found View scan results |
Bumps [rpassword](https://github.com/conradkleinespel/rpassword) from 7.4.0 to 7.5.0. - [Release notes](https://github.com/conradkleinespel/rpassword/releases) - [Commits](conradkleinespel/rpassword@v7.4.0...v7.5.0) --- updated-dependencies: - dependency-name: rpassword dependency-version: 7.5.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
1fbd971 to
5416d55
Compare
|
Claude finished @bdimitrov-netzine's task in 1m 9s —— View job PR Review: bump rpassword 7.4.0 → 7.5.0
SummaryThis is a security-critical dependency bump that resolves CVE-2025-64170 in rpassword, affecting all versions ≤ 7.4.0. The change is low-risk, fully backward compatible, and the CI security scan confirms 0 vulnerabilities post-upgrade. Recommend merging. FindingsVersion discrepancy (minor)The PR title says "bump to 7.5.0" but the actual resolved version in -version = "7.4.0"
+version = "7.5.4"Dependabot opened the PR for 7.5.0, and subsequent patch releases landed before merge. The lock file reflects the correct latest-stable version — this is fine but worth noting for the audit trail.
|
| Item | Status |
|---|---|
| CVE-2025-64170 fixed | ✅ Resolved by upgrading to ≥7.5.0 |
| Security scan (HIGH/CRITICAL) | ✅ 0 findings |
| windows-sys dependency | Updated 0.59.0 → 0.61.2 (no issues) |
| API backward compatibility | ✅ prompt_password() is stable |
| Breaking changes | None |
Bumps rpassword from 7.4.0 to 7.5.0.
Release notes
Sourced from rpassword's releases.
Commits
2d9873erelease v7.5.0e67e3b4removes commented out codefdde958remove .idea from .gitignored531c59allow reading from any Read and writing to any Write205dfb2differentiate Input and Output targets6aa333amake PasswordFeedback internal though ConfigBuilderaadeef2allow more flexible input/outputff7be55add support for Ctrl-Wc56fefaformat rust files with cargo fmtc6f4f19handle character encodings more reliably