fix(security): resolve remaining dependabot alerts

2026-05-06 20:02:49 +08:00 · 2026-04-25 11:29:12 +08:00
parent a3a1c4db82
commit 561b6efc42
3 changed files with 9 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@
 - **Web/桌面下载行为分流** — `hermes_logs_download` 根据运行时区分桌面真实落盘与 Web Blob 下载，避免 Web 模式误保存到服务端目录
 - **普通记忆文件下载提示** — Blob 下载提示改为说明浏览器默认下载目录，减少“下载没落点”的误解
 - **Dependabot #11** — 升级 `rustls-webpki` 至 `0.103.13`，修复畸形 CRL BIT STRING 触发 panic 的拒绝服务风险
+- **Dependabot #10 / #12** — 升级 `rand` 至 `0.8.6`、`postcss` 至 `8.5.10`，清理默认分支剩余安全告警

 ## [0.13.4] - 2026-04-20

--- a/package-lock.json
+++ b/package-lock.json
@@ -1177,9 +1177,9 @@
      }
    },
    "node_modules/postcss": {
-      "version": "8.5.6",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
-      "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==",
+      "version": "8.5.10",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.10.tgz",
+      "integrity": "sha512-pMMHxBOZKFU6HgAZ4eyGnwXF/EvPGGqUr0MnZ5+99485wwW41kW91A4LOGxSHhgugZmSChL5AlElNdwlNgcnLQ==",
      "dev": true,
      "funding": [
        {
--- a/src-tauri/Cargo.lock
+++ b/src-tauri/Cargo.lock
@@ -374,7 +374,7 @@ dependencies = [
 "ed25519-dalek",
 "flate2",
 "futures-util",
- "rand 0.8.5",
+ "rand 0.8.6",
 "regex",
 "reqwest 0.12.28",
 "serde",
@@ -2552,7 +2552,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5d5285893bb5eb82e6aaf5d59ee909a06a16737a8970984dd7746ba9283498d6"
 dependencies = [
 "phf_shared 0.10.0",
- "rand 0.8.5",
+ "rand 0.8.6",
 ]

 [[package]]
@@ -2562,7 +2562,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3c80231409c20246a13fddb31776fb942c38553c51e871f8cbd687a4cfb5843d"
 dependencies = [
 "phf_shared 0.11.3",
- "rand 0.8.5",
+ "rand 0.8.6",
 ]

 [[package]]
@@ -2933,9 +2933,9 @@ dependencies = [

 [[package]]
 name = "rand"
-version = "0.8.5"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a"
 dependencies = [
 "libc",
 "rand_chacha 0.3.1",