Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): ensure persistent bump of openssl from 0.10.32 to 0.10.48 #2365

Closed
petermetz opened this issue Apr 4, 2023 · 3 comments
Closed

build(deps): ensure persistent bump of openssl from 0.10.32 to 0.10.48 #2365

petermetz opened this issue Apr 4, 2023 · 3 comments
Assignees
@petermetz @Poonam1607
Labels
dependencies Pull requests that update a dependency file good-first-issue Good for newcomers good-first-issue-300-advanced Keychain Tasks/bugs related to the Keychain plugin core interfaces or any of the implementations themselves. P3 Priority 3: Medium rust Pull requests that update Rust code Security Related to existing or potential security vulnerabilities

Comments

@petermetz
Copy link
Contributor

petermetz commented Apr 4, 2023
edited
Loading

Description

Upgrade dependencies in the Cargo.toml file not just the lock file as it was done by #2344 to remedy the same issue.

"ensure persistent" bump means that if the lockfile is deleted and regenerated the old openssl will be used once again without the necessary upgrades in the cargo.toml as well.

build(deps): bump openssl from 0.10.32 to 0.10.48 in ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/rust/gen #2344

The other PR opened by the robot which only uses the lock file to force the use of the newer versions: https://github.com/hyperledger/cacti/pull/2344/files

Acceptance Criteria

  1. ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/rust/gen/Cargo.toml is updated
  2. The same vulnerability does not resurface in the event of us having to delete the lock file and then re-generate it.
@petermetz petermetz added good-first-issue Good for newcomers dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities Keychain Tasks/bugs related to the Keychain plugin core interfaces or any of the implementations themselves. good-first-issue-300-advanced P3 Priority 3: Medium rust Pull requests that update Rust code labels Apr 4, 2023
@petermetz petermetz self-assigned this Apr 4, 2023
@Poonam1607
Copy link
Contributor

Hi @petermetz can I work on this issue?

@petermetz
Copy link
Contributor Author

@Poonam1607 Yes, thank you for the offer! Assigning now.

@Poonam1607
Copy link
Contributor

Thank you! I am on it.

This was referenced May 2, 2023
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petermetz petermetz

@Poonam1607 Poonam1607

Labels
dependencies Pull requests that update a dependency file good-first-issue Good for newcomers good-first-issue-300-advanced Keychain Tasks/bugs related to the Keychain plugin core interfaces or any of the implementations themselves. P3 Priority 3: Medium rust Pull requests that update Rust code Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@petermetz @jagpreetsinghsasan @Poonam1607