From 681201ff45eee4a40776a38dabc888a303cdcde9 Mon Sep 17 00:00:00 2001
From: Sharang Parnerkar <parnerkarsharang@gmail.com>
Date: Tue, 17 Mar 2026 21:21:05 +0100
Subject: [PATCH] =?UTF-8?q?fix:=20update=20lz4=5Fflex=200.11.5=20=E2=86=92?=
 =?UTF-8?q?=200.11.6=20(RUSTSEC-2026-0041)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes high-severity advisory: decompressing invalid data can leak
uninitialized memory. Transitive dep via tantivy → compliance-graph.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 Cargo.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index bc57a8a..3fbe410 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3245,9 +3245,9 @@ checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154"
 
 [[package]]
 name = "lz4_flex"
-version = "0.11.5"
+version = "0.11.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08ab2867e3eeeca90e844d1940eab391c9dc5228783db2ed999acbc0a9ed375a"
+checksum = "373f5eceeeab7925e0c1098212f2fbc4d416adec9d35051a6ab251e824c1854a"
 
 [[package]]
 name = "lzma-rs"