Skip to content

fix: update msgpack to version 0.9.11 #1188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ttypic merged 1 commit into from
Jan 28, 2026
Merged

fix: update msgpack to version 0.9.11 #1188

ttypic merged 1 commit into from
Jan 28, 2026
+1 −1

Conversation

@ttypic
Copy link
Contributor

@ttypic ttypic commented Jan 28, 2026
edited by coderabbitai bot
Loading

Resolves #1187

Summary by CodeRabbit

  • Chores
    • Updated msgpack dependency to version 0.9.11.

✏️ Tip: You can customize this high-level summary in your review settings.

@ttypic
fix: update msgpack to version 0.9.11
241a6a1 
see denial-of-service vulnerability CVE-2026-21452
@coderabbitai
Copy link

coderabbitai bot commented Jan 28, 2026
edited
Loading

Walkthrough

The msgpack dependency version is upgraded from 0.8.11 to 0.9.11 in the Gradle configuration file. This addresses a denial-of-service vulnerability (CVE-2026-21452) present in earlier versions of the msgpack library.

Changes

Cohort / File(s) Summary
Dependency Version Update
gradle/libs.versions.toml		 Updated msgpack from 0.8.11 to 0.9.11 to patch CVE-2026-21452

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~1 minute

Poem

🐰 A nibble, a bump, a version so new,
From 0.8 to 0.9, the bugs say "boo!"
CVE squashed with a hop and a bound,
Msgpack's all safer, no DOS around,
One line changed, vulnerability's gone! 🔒

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately and concisely summarizes the main change: updating msgpack from 0.8.11 to 0.9.11, which is exactly what the changeset does.
Linked Issues check ✅ Passed The PR successfully addresses all coding requirements from linked issues [#1187, ECO-5681]: msgpack dependency upgraded to 0.9.11, remedying the CVE-2026-21452 denial-of-service vulnerability.
Out of Scope Changes check ✅ Passed All changes are in-scope; only the msgpack version entry in gradle/libs.versions.toml was modified, directly addressing the linked issue requirements.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch ECO-5681/fix-msgpack-dependency

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ttypic ttypic requested a review from VeskeR January 28, 2026 15:05
VeskeR
VeskeR approved these changes Jan 28, 2026
View reviewed changes
Copy link
Contributor

@VeskeR VeskeR left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, will leave up to you to wait for green CI

@ttypic ttypic merged commit f868cbc into main Jan 28, 2026
13 of 14 checks passed
@ttypic ttypic deleted the ECO-5681/fix-msgpack-dependency branch January 28, 2026 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@VeskeR VeskeR VeskeR approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

High CVE-2026-21452 via msgpack dependency

3 participants

@ttypic @VeskeR