ci: Update audit workflow and `bytes` dependency

- Add `tool-version` parameter in audit workflow
that forces the `actions-rust-lang/audit` to
download and use a version that supports CVSS 4.0.
- update a transitive dependency `bytes` to v1.11.
1 that fixes `RUSTSEC-2026-0007` security
vulnerability

Fixes #239

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index 4faea52cb43483e3f5d296ae396c2d39f8056147..93806d533f8b09f03866c95979cd6fbb389276f1 100644 (file)
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -13,7 +13,8 @@ jobs:
   security_audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: actions-rust-lang/audit@v1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
+          tool-version: 0.22.1

diff --git a/Cargo.lock b/Cargo.lock
index 98036e68639b61c8ff72edd6859dbbef6b0f3208..562d7683c8ae7c31b71f454628567dd68d619628 100644 (file)
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -569,9 +569,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
 name = "bytes"
-version = "1.11.0"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
 
 [[package]]
 name = "cc"