Skip to content

release: v0.8.3 — audit follow-up continuation#118

Merged
avrabe merged 1 commit into
mainfrom
release/v0.8.3
May 16, 2026
Merged

release: v0.8.3 — audit follow-up continuation#118
avrabe merged 1 commit into
mainfrom
release/v0.8.3

Conversation

@avrabe
Copy link
Copy Markdown
Contributor

@avrabe avrabe commented May 16, 2026

Patch release bundling four already-merged PRs.

Included PRs

PR Theme
#112 Kani matrix fix + per-job `tolerate_failure` pattern
#114 Cerisier formalization companion docs (mapping + scenarios)
#115 regorus 0.2.8 → 0.10, fully clears RUSTSEC-2026-0097
#116 Verus proof attempt for `theorem_pae_injective_on_types`

`#111` (criterion benches, implements #89) also landed this cycle.

Headline

`cargo audit` ignore-list is down to one entry (`rustls-pemfile`, unmaintained-upstream). No actively-fixable RUSTSEC advisories remain.

Surfaced this cycle (tracked separately)

Test plan

  • `cargo build --workspace --release` clean at 0.8.3
  • `cargo audit` returns 0 vulnerabilities + 1 ignored (rustls-pemfile)
  • Cargo.lock updated to 0.8.3 for wsc, wsc-attestation, wsc-cli
  • CI passes
  • After merge: tag `v0.8.3` triggers release.yml + publish-to-crates-io.yml

See CHANGELOG.md for per-finding notes.

@avrabe @claude
release: v0.8.3 — audit follow-up continuation
ef89c6c 
Patch release bundling four PRs:
  #112 — Kani matrix fix + per-job tolerate_failure pattern
  #114 — Cerisier formalization companion docs (mapping + scenarios)
  #115 — bump regorus 0.2.8 → 0.10, fully clears RUSTSEC-2026-0097
  #116 — second Verus admit attempt (theorem_pae_injective_on_types)

Notable: cargo audit ignore-list is down to one entry (rustls-pemfile,
unmaintained-upstream). No actively-fixable RUSTSEC advisories remain.

Audit-related fixes from this release are summarised in the
"Audit follow-ups" sections of the CHANGELOG. Issue #117 (Sigstore
Fulcio cert rotation invalidated our pinned fingerprints) was
surfaced during this cycle and is tracked separately — not blocking
because audit C-4 documents that pinning is currently warn-only.

Trace: skip

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@codecov
Copy link
Copy Markdown

codecov Bot commented May 16, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@avrabe avrabe merged commit fdd75ee into main May 16, 2026
18 of 21 checks passed
@avrabe avrabe deleted the release/v0.8.3 branch May 16, 2026 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avrabe