fix(deps): update astral-tokio-tar to v0.6.2 (RUSTSEC-2026-0145) (!1342) · Merge requests · GitLab.org / orbit / GitLab Knowledge Graph

What does this MR do and why?

cargo deny fails on main due to RUSTSEC-2026-0145 in astral-tokio-tar v0.6.1 — a PAX header desynchronization vulnerability that allows tar entry smuggling during extraction. Pulled in transitively by testcontainers.

Lockfile-only change: astral-tokio-tar 0.6.1 → 0.6.2
cargo deny check and cargo audit both pass after the update

Testing

cargo deny check passes.

Performance Analysis

This merge request does not introduce any performance regression. If a performance regression is expected, explain why.

fix(deps): update astral-tokio-tar to v0.6.2 (RUSTSEC-2026-0145)

What does this MR do and why?

Related Issues

Testing

Performance Analysis

Merge request reports