jonhoo
commented
1 year ago Thanks for the heads up! It shouldn't be necessary to update Cargo.toml, since for binary consumers the latest version (or what's in Cargo.lock) will be used, and for library consumers they should be permitted to control the version they consume through their Cargo.toml/Cargo.lock. I'll push a commit + release that just cargo update -p ahash for binary consumers :+1:
The currently-used version of ahash, 0.8.3 was yanked due to this vulnerability: tkaitchuck/aHash#163
This PR bumps it to 0.8.6, the latest version.