[Security] Rust CVE for rustls-webpki & tar #1403
Description
Hello,
While running Trivy scan on my projects, I see the following issues being raised
GHSA-pwjx-qhcg-rvj4: rustls-webpki
CVE-2026-33055 & CVE-2026-33056: tar-rs
Both packages have version that fix these issues:
- rustls-webpki: 0.103.10 (Bump rustls-webpki from 0.103.4 to 0.103.10 in /temporalio/bridge #1384)
- tar-rs: 0.4.45 (Bump tar from 0.4.44 to 0.4.45 in /temporalio/bridge #1383)
These modifications have related PR created by dependabot. Can these PRs be processed by maintainers and included in a future release?
Thank you,
Regards,