Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: bump tempfile version to 3.4.0 to fix some security vulnerabilities #1123

Merged
merged 1 commit into from
Mar 1, 2023
Merged

deps: bump tempfile version to 3.4.0 to fix some security vulnerabilities #1123

merged 1 commit into from
Mar 1, 2023

Conversation

adamqqqplay
Copy link
Member

Update tempfile related crates to fix GHSA-mc8h-8q98-g5hr

Signed-off-by: Qinqi Qu quqinqi@linux.alibaba.com

@adamqqqplay
deps: bump tempfile version to 3.4.0
766dbd4 
Update tempfile related crates to fix GHSA-mc8h-8q98-g5hr

Signed-off-by: Qinqi Qu <quqinqi@linux.alibaba.com>
@adamqqqplay adamqqqplay requested a review from imeoer March 1, 2023 08:10
@adamqqqplay adamqqqplay requested a review from a team as a code owner March 1, 2023 08:11
@adamqqqplay adamqqqplay requested review from liubin and liubogithub and removed request for a team March 1, 2023 08:11
@anolis-bot
Copy link
Collaborator

@adamqqqplay , a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/53692

@adamqqqplay adamqqqplay changed the title deps: bump tempfile version to 3.4.0 deps: bump tempfile version to 3.4.0 to fix some security vulnerabilities Mar 1, 2023
@jiangliu
Copy link
Collaborator

jiangliu commented Mar 1, 2023

Let's delay this PR to v2.3? We should do an upgrade for all dependencies.

@adamqqqplay
Copy link
Member Author

Let's delay this PR to v2.3? We should do an upgrade for all dependencies.

OK, the impact of this issue is temporarily small.

@anolis-bot
Copy link
Collaborator

@adamqqqplay , the title has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/53697

@anolis-bot
Copy link
Collaborator

@adamqqqplay , The CI test is completed, please check result:

Test CaseTest Result
build rust golang image✅ SUCCESS
compile nydusd✅ SUCCESS
compile ctr remote✅ SUCCESS
compile nydus snapshotter✅ SUCCESS
run container with rafs✅ SUCCESS
run container with zran✅ SUCCESS
run container with rafs and compile linux✅ SUCCESS

Congratulations, your test job passed!

@anolis-bot
Copy link
Collaborator

@adamqqqplay , The CI test is completed, please check result:

Test CaseTest Result
build rust golang image✅ SUCCESS
compile nydusd✅ SUCCESS
compile ctr remote✅ SUCCESS
compile nydus snapshotter✅ SUCCESS
run container with rafs✅ SUCCESS
run container with zran✅ SUCCESS
run container with rafs and compile linux✅ SUCCESS

Congratulations, your test job passed!

@jiangliu jiangliu merged commit 1a1f1ca into dragonflyoss:master Mar 1, 2023
@adamqqqplay adamqqqplay mentioned this pull request Mar 23, 2023
Merged
@adamqqqplay adamqqqplay deleted the update-tempfile branch March 23, 2023 02:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jiangliu jiangliu jiangliu approved these changes

@imeoer imeoer Awaiting requested review from imeoer

@liubin liubin Awaiting requested review from liubin liubin is a code owner automatically assigned from dragonflyoss/nydus-reviewers

@liubogithub liubogithub Awaiting requested review from liubogithub liubogithub is a code owner automatically assigned from dragonflyoss/nydus-reviewers

Assignees
No one assigned
Labels
anolis_test_pass
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@adamqqqplay @anolis-bot @jiangliu