Skip to content
This repository has been archived by the owner on Aug 3, 2023. It is now read-only.

Get the audit CI job passing #2151

Merged
merged 3 commits into from
Dec 13, 2021
Merged

Get the audit CI job passing #2151

merged 3 commits into from
Dec 13, 2021

Conversation

jyn514
Copy link
Contributor

@jyn514 jyn514 commented Dec 7, 2021

Note that I didn't say "fix the vulnerabilities" - this just ignores the chrono and time vulnerabilities because they're both very hard to fix and not very common in practice.

This uncovered a tokio vulnerability, which I've fixed by upgrading tokio.

cc #2117

This fixes the following `cargo audit` warning:

```
Crate:         tokio
Version:       1.13.0
Title:         Data race when sending and receiving after closing a `oneshot` channel
Date:          2021-11-16
ID:            RUSTSEC-2021-0124
URL:           https://rustsec.org/advisories/RUSTSEC-2021-0124
Solution:      Upgrade to >=1.8.4, <1.9.0 OR >=1.13.1
```

Versions changed:

```
Updating tokio v1.13.0 -> v1.14.0
Updating tokio-macros v1.5.1 -> v1.6.0
```
@jyn514 jyn514 requested a review from a team as a code owner December 7, 2021 20:54
These can't be fixed for now, and are causing us to miss more important audit vulnerabilities.
@threepointone threepointone merged commit f41ec5e into master Dec 13, 2021
@delete-merged-branch delete-merged-branch bot deleted the jnelson/audit branch December 13, 2021 09:19
@threepointone threepointone mentioned this pull request Dec 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants