Skip to content

Bump the vulnerable dependencies #1985

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 27, 2020
Merged

Bump the vulnerable dependencies #1985

merged 1 commit into from
Aug 27, 2020

Conversation

majecty
Copy link
Contributor

@majecty majecty commented Aug 26, 2020
edited
Loading

All bump up includes minor updates. I checked this using cargo-audit.

Updated dependencies:

  • http 0.1.17 -> 0.1.21
  • hyper 0.12.19 -> 0.12.35
  • smallvec 0.6.4 -> 0.6.13
  • libflate 0.1.23 -> 0.1.27
  • spin 0.5.0 -> 0.5.2
  • yaml-rust: This commit updates clap instead. clap 2.33 does not
    affected by the problem.

Links about the security advisories

@majecty majecty requested a review from sgkim126 August 26, 2020 05:28
@majecty
Bump the vulnerable dependencies
55a7d8c 
All bump up includes minor updates.

Updated dependencies:

* http 0.1.17 -> 0.1.21
* hyper 0.12.19 -> 0.12.35
* smallvec 0.6.4 -> 0.6.13
* libflate 0.1.23 -> 0.1.27
* spin 0.5.0 -> 0.5.2
* yaml-rust: This commit updates clap instead. clap 2.33 does not
affected by the problem.

* https://rustsec.org/advisories/RUSTSEC-2019-0034
* https://rustsec.org/advisories/RUSTSEC-2019-0033
* https://rustsec.org/advisories/RUSTSEC-2020-0008
* https://rustsec.org/advisories/RUSTSEC-2019-0010
* https://rustsec.org/advisories/RUSTSEC-2019-0012
* https://rustsec.org/advisories/RUSTSEC-2019-0013
* https://rustsec.org/advisories/RUSTSEC-2018-0006
@majecty majecty mentioned this pull request Aug 26, 2020
Merged
@sgkim126 sgkim126 merged commit ce53f3c into CodeChain-io:rc-2.2.x Aug 27, 2020
@majecty majecty deleted the f/dependency branch August 27, 2020 06:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgkim126 sgkim126 sgkim126 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@majecty @sgkim126