Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix cargo audit issue on criterion #1923

Merged
merged 4 commits into from Nov 1, 2022
Merged

Fix cargo audit issue on criterion #1923

merged 4 commits into from Nov 1, 2022

Conversation

ysaito1001
Copy link
Contributor

@ysaito1001 ysaito1001 commented Oct 29, 2022
edited

Motivation and Context

Fixes #1044

Description

This PR updates criterion from 0.3.6 to 0.4.0 to address RUSTSEC-2021-0127 where criterion 0.3.6 depends upon an unmaintained crate serde_cbor.

Testing

Ran cargo audit in aws/sdk/integration-tests.

Before the fix:

$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 464 security advisories
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (265 crate dependencies)
Crate:     serde_cbor
Version:   0.11.2
Warning:   unmaintained
Title:     serde_cbor is unmaintained
Date:      2021-08-15
ID:        RUSTSEC-2021-0127
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0127
Dependency tree:
serde_cbor 0.11.2
└── criterion 0.3.6
    └── dynamo-tests 0.1.0

After the fix (no vulnerabilities reported):

$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 464 security advisories
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (265 crate dependencies)

Checklist

  • I have updated CHANGELOG.next.toml if I made changes to the smithy-rs codegen or runtime crates
  • I have updated CHANGELOG.next.toml if I made changes to the AWS SDK, generated SDK code, or SDK runtime crates

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Depend on criterion 0.4.0
3e56f00 
This updates criterion from 0.3.6 to 0.4.0 to avoid RUSTSEC-2021-0127
where criterion 0.3.6 depends upon an unmaintained crate `serde_cbor`.
@github-actions
Copy link

A new generated diff is ready to view.

A new doc preview is ready to view.

@ysaito1001 ysaito1001 marked this pull request as ready for review November 1, 2022 15:38
@ysaito1001 ysaito1001 requested review from a team as code owners November 1, 2022 15:38
@github-actions
Copy link

github-actions bot commented Nov 1, 2022

A new generated diff is ready to view.

A new doc preview is ready to view.

@ysaito1001 ysaito1001 mentioned this pull request Nov 1, 2022
Closed
@ysaito1001 ysaito1001 merged commit beb8a68 into main Nov 1, 2022
@ysaito1001 ysaito1001 deleted the ysaito/fix-cargo-audit-issue-on-criterion branch November 1, 2022 17:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdisanti jdisanti jdisanti approved these changes

@jjant jjant jjant approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Criterion depends on an unmaintained crate
3 participants
@ysaito1001 @jdisanti @jjant