fix(homecore-recorder/sec): bump sqlx 0.7.4 → 0.8.1+ (RUSTSEC, audit HC-medium)

Per iter-10 security audit (docs/security/HOMECORE-security-audit-iter10.md): sqlx 0.7.4 ships an advisory for binary protocol misinterpretation. Bump to 0.8.1+ — cargo resolved to 0.8.6. Feature set unchanged (default-features = false + runtime-tokio-native-tls, sqlite, chrono, uuid). Tests still pass: cargo test -p homecore-recorder --features ruvector → 20 passed; 0 failed No code changes required. The 0.7 → 0.8 API surface we touch in `db.rs` is stable across the bump. Deferred to a later iter: - shlex 0.1.1 → ≥1.3.0 (transitive via wasm3-sys, only on --features wasm3 which is default-off; will be addressed when the wasm3 path is removed per ADR-128 Q2 Wasmtime resolution) - wasmtime 25 → 36+/42+ (HC-03/04 CVSS 9.0 sandbox-escape) — being handled by a background coder agent this iter, separate commit. Refs: docs/security/HOMECORE-security-audit-iter10.md (HC-09 sqlx) Refs: #798 Co-Authored-By: claude-flow <ruv@ruv.net>
2026-05-25 19:36:30 -04:00 · 2026-05-25 19:36:30 -04:00 · 855bb66060
parent 99f1271577
commit 855bb66060
2 changed files with 425 additions and 438 deletions
--- a/v2/Cargo.lock
+++ b/v2/Cargo.lock
--- a/v2/crates/homecore-recorder/Cargo.toml
+++ b/v2/crates/homecore-recorder/Cargo.toml
@ -32,7 +32,7 @@ homecore = { path = "../homecore", version = "0.1.0-alpha.0" }
 tokio = { version = "1", features = ["sync", "rt", "rt-multi-thread", "time", "macros"] }

 # SQLite via sqlx — only the lite feature set; no postgres, no tls
-sqlx = { version = "0.7", default-features = false, features = [
+sqlx = { version = "0.8.1", default-features = false, features = [
    "runtime-tokio-native-tls",
    "sqlite",
    "chrono",