From: Vihiga Tyonum <withtvpeter@gmail.com>
Date: Sun, 8 Feb 2026 04:45:21 +0000 (+0100)
Subject: ci: Update audit workflow and `bytes` dependency
X-Git-Url: http://internal-gitweb-vhost/parse/%22https:/message/static/gitweb.js?a=commitdiff_plain;h=cc3c8a280cf9c38d2f0fafd1af916a650ca89cf6;p=bdk-cli

ci: Update audit workflow and `bytes` dependency

- Add `tool-version` parameter in audit workflow
that forces the `actions-rust-lang/audit` to
download and use a version that supports CVSS 4.0.
- update a transitive dependency `bytes` to v1.11.
1 that fixes `RUSTSEC-2026-0007` security
vulnerability

Fixes #239
---

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index 4faea52..93806d5 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -13,7 +13,8 @@ jobs:
   security_audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: actions-rust-lang/audit@v1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
+          tool-version: 0.22.1
diff --git a/Cargo.lock b/Cargo.lock
index 98036e6..562d768 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -569,9 +569,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
 name = "bytes"
-version = "1.11.0"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
 
 [[package]]
 name = "cc"