`ark-relations`: Security RUSTSEC-2025-0055 on `tracing-subscriber@0.2.0`

We seen to be hitting [RUSTSEC-2025-0055](https://rustsec.org/advisories/RUSTSEC-2025-0055) on the latest tagged version (`0.5.1`) of `ark-relations` in crates.io.

```console
Crate:     tracing-subscriber
Version:   0.2.25
Title:     Logging user input may result in poisoning logs with ANSI escape sequences
Date:      2025-08-29
ID:        RUSTSEC-2025-0055
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0055
Solution:  Upgrade to >=0.3.20
Dependency tree:
tracing-subscriber 0.2.25
└── ark-relations 0.5.1
<REDACTED for brevity>
```

The [tagged `0.5.1` version in crates.io](https://crates.io/crates/ark-relations/0.5.1) has `tracing-subscriber` bounds to `^0.2`:

<img width="1604" height="1442" alt="Image" src="https://github.com/user-attachments/assets/14577963-ac64-4c43-b8ef-f875d20b6150" />

whereas the current `master` has a bound on `^0.3`: https://github.com/arkworks-rs/snark/blob/02fed634c5ccd4b03dde2b54bd440301360d8712/Cargo.toml#L23

Can you please tag a `0.5.2` version (or maybe `0.6.0`) in crates.io with the current `master`?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

`ark-relations`: Security RUSTSEC-2025-0055 on `tracing-subscriber@0.2.0` #413

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

ark-relations: Security RUSTSEC-2025-0055 on tracing-subscriber@0.2.0 #413

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

`ark-relations`: Security RUSTSEC-2025-0055 on `tracing-subscriber@0.2.0` #413