fix: Update Rust crypto dependencies for security vulnerabilities (#82)

GordonBeeming · claude · gitbutler-client · web-flow · commit 4a7957adb563 · 2026-03-24T05:16:33.000+10:00
* fix: Update Rust crypto dependencies to address security vulnerabilities Upgrade aws-lc-sys 0.34.0 -> 0.39.0 (via aws-lc-rs 1.15.1 -> 1.16.2) and rustls-webpki 0.103.8 -> 0.103.10 to fix 6 security advisories: - GHSA-vw5v-4f2q-w9xf: PKCS7_verify certificate chain validation bypass - GHSA-65p9-r9h6-22vj: Timing side-channel in AES-CCM tag verification - GHSA-hfpc-8r3f-gw53: PKCS7_verify signature validation bypass - GHSA-394x-vwmw-crm3: X.509 name constraints bypass via wildcard/unicode CN - GHSA-9f94-5g5w-gf6r: CRL distribution point scope check logic error - GHSA-pwjx-qhcg-rvj4: CRLs not considered authoritative by distribution point Bump version to 2026.03.24. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: GitButler <gitbutler@gitbutler.com> * fix: Update copilot-instructions.md versioning docs Remove hardcoded "Current version" line that gets stale. Update Directory.Build.props description to reflect it reads from VERSION file. Add reference to scripts/bump-version.sh and VERSION file in checklist. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: GitButler <gitbutler@gitbutler.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: GitButler <gitbutler@gitbutler.com>
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -79,8 +79,6 @@ grep "BuildDate = " app/Infrastructure/BuildInfo.cs
 - Ensure both scripts are kept in sync regarding functionality and version numbers.
 - Both scripts MUST have identical version numbers at all times.
 
-**Current version**: 2026.03.22
-
 ## Technology Stack
 
 - **CLI Binary**: .NET 10 Native AOT (self-contained, cross-platform)
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2026.03.22
+2026.03.24
diff --git a/app/Infrastructure/BuildInfo.cs b/app/Infrastructure/BuildInfo.cs
@@ -10,5 +10,5 @@ public static class BuildInfo
   /// The build date in yyyy.MM.dd or yyyy.MM.dd.N format.
   /// This is replaced during build via MSBuild property.
   /// </summary>
-  public const string BuildDate = "2026.03.22";
+  public const string BuildDate = "2026.03.24";
 }
diff --git a/copilot_here.ps1 b/copilot_here.ps1
@@ -1,5 +1,5 @@
 # copilot_here PowerShell functions
-# Version: 2026.03.22
+# Version: 2026.03.24
 # Repository: https://github.com/GordonBeeming/copilot_here
 
 # Set console output encoding to UTF-8 for Unicode character support
@@ -23,7 +23,7 @@ $script:DefaultCopilotHereBin = Join-Path $script:DefaultCopilotHereBinDir $scri
 
 $script:CopilotHereBin = if ($env:COPILOT_HERE_BIN) { $env:COPILOT_HERE_BIN } else { $script:DefaultCopilotHereBin }
 $script:CopilotHereReleaseUrl = "https://github.com/GordonBeeming/copilot_here/releases/download/cli-latest"
-$script:CopilotHereVersion = "2026.03.22"
+$script:CopilotHereVersion = "2026.03.24"
 
 # Debug logging function
 function Write-CopilotDebug {
diff --git a/copilot_here.sh b/copilot_here.sh
@@ -1,11 +1,11 @@
 # copilot_here shell functions
-# Version: 2026.03.22
+# Version: 2026.03.24
 # Repository: https://github.com/GordonBeeming/copilot_here
 
 # Configuration
 COPILOT_HERE_BIN="${COPILOT_HERE_BIN:-$HOME/.local/bin/copilot_here}"
 COPILOT_HERE_RELEASE_URL="https://github.com/GordonBeeming/copilot_here/releases/download/cli-latest"
-COPILOT_HERE_VERSION="2026.03.22"
+COPILOT_HERE_VERSION="2026.03.24"
 
 # Ensure user bin directory is on PATH (required for the native binary + shell integration checks)
 if [ -d "$HOME/.local/bin" ]; then
diff --git a/packaging/winget/GordonBeeming.CopilotHere.installer.yaml b/packaging/winget/GordonBeeming.CopilotHere.installer.yaml
@@ -1,5 +1,5 @@
 PackageIdentifier: GordonBeeming.CopilotHere
-PackageVersion: 2026.03.22
+PackageVersion: 2026.03.24
 Installers:
   - Architecture: x64
     InstallerType: zip
diff --git a/packaging/winget/GordonBeeming.CopilotHere.locale.en-US.yaml b/packaging/winget/GordonBeeming.CopilotHere.locale.en-US.yaml
@@ -1,5 +1,5 @@
 PackageIdentifier: GordonBeeming.CopilotHere
-PackageVersion: 2026.03.22
+PackageVersion: 2026.03.24
 PackageLocale: en-US
 Publisher: Gordon Beeming
 PackageName: copilot_here
diff --git a/packaging/winget/GordonBeeming.CopilotHere.yaml b/packaging/winget/GordonBeeming.CopilotHere.yaml
@@ -1,5 +1,5 @@
 PackageIdentifier: GordonBeeming.CopilotHere
-PackageVersion: 2026.03.22
+PackageVersion: 2026.03.24
 DefaultLocale: en-US
 ManifestType: version
 ManifestVersion: 1.6.0
diff --git a/proxy/Cargo.lock b/proxy/Cargo.lock

Original file line number	Diff line number	Diff line change
`@@ -10,5 +10,5 @@ public static class BuildInfo`
`10`	`10`	`/// The build date in yyyy.MM.dd or yyyy.MM.dd.N format.`
`11`	`11`	`/// This is replaced during build via MSBuild property.`
`12`	`12`	`/// </summary>`
`13`		`- public const string BuildDate = "2026.03.22";`
	`13`	`+ public const string BuildDate = "2026.03.24";`
`14`	`14`	`}`