Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade term 0.5 -> 0.6.1 #18

Merged
merged 1 commit into from
Aug 12, 2019
Merged

Upgrade term 0.5 -> 0.6.1 #18

merged 1 commit into from
Aug 12, 2019

Conversation

repi
Copy link
Contributor

@repi repi commented Aug 12, 2019
edited
Loading

Upgrade to latest term crate.

We ran into an issue where color-backtrace was brining in the older version of term that used dirs 1.0 instead of 2.0 which brought in redox_users which brought in an old version of crossbeam that uses the old memoffset 0.2.1 crate which has a security vulnerability reported in it:

ID:	 RUSTSEC-2019-0011
Crate:	 memoffset
Version: 0.2.1
Date:	 2019-07-16
URL:	 https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490
Title:	 Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code
Solution: upgrade to: >= 0.5.0

Update: Turns out the actual fix for the old memoffset crate and security vulnerability was sru-systems/rust-argon2#17 but this is still good to have so one uses the latest versions.

@repi repi mentioned this pull request Aug 12, 2019
Open
26 tasks
@athre0z athre0z merged commit efdb053 into athre0z:master Aug 12, 2019
@athre0z
Copy link
Owner

athre0z commented Aug 12, 2019

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@repi @athre0z