← All releases

v0.12.1

fixsecurity

Maintenance release: dependency updates, a transitive security patch, and CI fixes. No behavior changes.

Maintenance and Security

A small maintenance release. There are no user-facing behavior changes — sites build and deploy exactly as before.

Security

  • Updated the transitive rand dependency to 0.9.3, resolving GHSA-cq8v-f236-94qc (a low-severity soundness advisory in rand).

Dependencies

  • Bumped rustls-webpki and the rest of the Rust dependency group to their latest patch releases.
  • Refreshed pinned GitHub Actions to current versions.

Internals

  • Fixed two clippy::unnecessary_sort_by lints in the build pipeline (sort_bysort_by_key). Sort order is unchanged.
  • Updated deny.toml to acknowledge RUSTSEC-2026-0105 (core2 is unmaintained and pulled in transitively by the rav1e AVIF encoder, with no safe upgrade available), and bumped cargo-deny-action so the supply-chain audit job runs cleanly again.