Fix RUSTSEC-2025-0024 - 2025-04-08: crossbeam-channel: double free on Drop Package: crossbeam-channel 0.5.14

Summary:
VULNERABILITY RUSTSEC-2025-0024 - 2025-04-08: crossbeam-channel: double free on Drop
Package: crossbeam-channel 0.5.14

The internal `Channel` type's `Drop` method has a race
which could, in some circumstances, lead to a double-free.
This could result in memory corruption.

Quoting from the
[upstream description in merge request \#1187](crossbeam-rs/crossbeam#1187 (comment)):

> The problem lies in the fact that `dicard_all_messages` contained two paths that could lead to `head.block` being read but only one of them would swap the value. This meant that `dicard_all_messages` could end up observing a non-null block pointer (and therefore attempting to free it) without setting `head.block` to null. This would then lead to `Channel::drop` making a second attempt at dropping the same pointer.

The bug was introduced while fixing a memory leak, in
upstream [MR \#1084](crossbeam-rs/crossbeam#1084),
first published in 0.5.12.

The fix is in
upstream [MR \#1187](crossbeam-rs/crossbeam#1187)
and has been published in 0.5.15

Reviewed By: dtolnay

Differential Revision: D72915462

fbshipit-source-id: c53113f91eedf478646588a84d0fa3aa85a6d2a0

Author: Carlos Fernandez

pyrefly/Cargo.toml

@@ -62,7 +62,7 @@ tracing-subscriber = { version = "0.3.18", features = ["chrono", "env-filter", "
 vec1 = { version = "1", features = ["serde"] }
 
 [dev-dependencies]
-crossbeam-channel = "0.5.0"
+crossbeam-channel = "0.5.15"
 pretty_assertions = { version = "1.2", features = ["alloc"], default-features = false }
 tempfile = "3.15"