From a0de695a37e2221c3fcbb867bfbf64d0329dfc28 Mon Sep 17 00:00:00 2001
From: Denis Cornehl <denis@cornehl.org>
Date: Thu, 19 Jun 2025 23:51:47 +0200
Subject: [PATCH 1/2]  move validate_manifest to after remove_override_files &
 tweak_toml

 to safeguard against potential future security issues
---
 src/prepare.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/prepare.rs b/src/prepare.rs
index 8239794..a0d4110 100644
--- a/src/prepare.rs
+++ b/src/prepare.rs
@@ -35,9 +35,9 @@ impl<'a> Prepare<'a> {
 
     pub(crate) fn prepare(&mut self) -> anyhow::Result<()> {
         self.krate.copy_source_to(self.workspace, self.source_dir)?;
-        self.validate_manifest()?;
         self.remove_override_files()?;
         self.tweak_toml()?;
+        self.validate_manifest()?;
         self.capture_lockfile()?;
         self.fetch_deps()?;
 

From adcaddfa8cec39578e2e757852c9deaa2621caec Mon Sep 17 00:00:00 2001
From: Denis Cornehl <denis@cornehl.org>
Date: Thu, 19 Jun 2025 23:54:10 +0200
Subject: [PATCH 2/2] tag 0.19.4 release

---
 CHANGELOG.md | 7 +++++++
 Cargo.toml   | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 77f35a0..668ff63 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+## [0.19.4] - 2025-06-17
+
+### Fixed
+  
+- "move manifest validation later in the preparation to harden against possible cargo changes
+
+
 ## [0.19.3] - 2025-06-17
 
 ### Added
diff --git a/Cargo.toml b/Cargo.toml
index 7edae10..d72cdc4 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rustwide"
-version = "0.19.3"
+version = "0.19.4"
 edition = "2018"
 build = "build.rs"