Dependabot has flagged the version of h2 in our Cargo.lock file. But this file is only used in CI; any downstream users (including Blackbird) would not use it. (Cargo doesn't even include it in the release and there is no way to use this file in a downstream application even if someone perversely wanted to.)
This kind of busywork is not a great use of my time, but I don't want alerts to pile up either.
Dependabot has flagged the version of
h2in our Cargo.lock file. But this file is only used in CI; any downstream users (including Blackbird) would not use it. (Cargo doesn't even include it in the release and there is no way to use this file in a downstream application even if someone perversely wanted to.)This kind of busywork is not a great use of my time, but I don't want alerts to pile up either.