Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Cargo.lock and release new version? #2

Closed
erictapen opened this issue Oct 12, 2021 · 3 comments
Closed

Update Cargo.lock and release new version? #2

erictapen opened this issue Oct 12, 2021 · 3 comments

Comments

@erictapen
Copy link
Contributor

erictapen commented Oct 12, 2021
edited
Loading

At Nixpkgs we recently started scanning our packaged applications for vulnerabilities reported in the advisory-db. It also reported four vulnerable packages for sub-batch. Three of these are fixed by just updating the Cargo.lock file with cargo update, the last one image is buried pretty deeply in the dependency tree and most likely doesn't affect the security of sub-batch. The build seems to run fine for me but I didn't test it any further.

Could you maybe update the package and create a new release?
@erictapen erictapen mentioned this issue Oct 12, 2021
Merged
@kl
Copy link
Owner

kl commented Oct 30, 2021

Thanks for the heads up, I have released a new version with the latest dependencies!

@kl kl closed this as completed Oct 30, 2021
@erictapen
Copy link
Contributor Author

Thank you very much. Could you also add a git tag vor 0.4.1? We don't follow crate releases, but try to use git tags wherever possible.

@kl
Copy link
Owner

kl commented Oct 30, 2021

Ah, I forgot to push the tag :). Done now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kl @erictapen