Multiple vulnerabilities with the current version of `tokio-tungstenite`

According to `cargo deny`, the current 0.21.0 version of `tokio-tungstenite` has multiple vulnerabilities due to its transient dependency on `rustls-webpki v0.102.8`:

- [RUSTSEC-2026-0049](https://rustsec.org/advisories/RUSTSEC-2026-0049)
- [RUSTSEC-2026-0098](https://rustsec.org/advisories/RUSTSEC-2026-0098)
- [RUSTSEC-2026-0099](https://rustsec.org/advisories/RUSTSEC-2026-0099)
- [RUSTSEC-2026-0104](https://rustsec.org/advisories/RUSTSEC-2026-0104)

It looks like upgrading `tokio-tungstenite` to at least v0.22.0 should allow `rustls-webpki v0.103.13` to be used, which resolves all of those advisories.

Relevant cargo deny output (with personal information redacted):
[cargo-deny-output-serenity.txt](https://github.com/user-attachments/files/27995654/cargo-deny-output-serenity.txt)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Multiple vulnerabilities with the current version of `tokio-tungstenite` #3557

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Multiple vulnerabilities with the current version of tokio-tungstenite #3557

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions

Multiple vulnerabilities with the current version of `tokio-tungstenite` #3557