Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update zerocopy to fix vulnerability #3972

Merged
merged 1 commit into from
Dec 19, 2023
Merged

chore: update zerocopy to fix vulnerability #3972

merged 1 commit into from
Dec 19, 2023

Conversation

douglaz
Copy link
Contributor

@douglaz douglaz commented Dec 19, 2023 

fedimint-ci-audit> Crate:     zerocopy
fedimint-ci-audit> Version:   0.7.29
fedimint-ci-audit> Title:     Some Ref methods are unsound with some type parameters
fedimint-ci-audit> Date:      2023-12-14
fedimint-ci-audit> ID:        RUSTSEC-2023-0074
fedimint-ci-audit> URL:       https://rustsec.org/advisories/RUSTSEC-2023-0074
fedimint-ci-audit> Solution:  Upgrade to >=0.2.9, <0.3.0 OR >=0.3.2, <0.4.0 OR >=0.4.1, <0.5.0 OR >=0.5.2, <0.6.0 OR >=0.6.6, <0.7.0 OR >=0.7.31

@douglaz douglaz requested a review from a team as a code owner December 19, 2023 01:31
@codecov Codecov
Copy link

codecov bot commented Dec 19, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (341e97e) 56.94% compared to head (8bb0789) 57.04%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3972      +/-   ##
==========================================
+ Coverage   56.94%   57.04%   +0.09%     
==========================================
  Files         193      193              
  Lines       43144    43144              
==========================================
+ Hits        24569    24610      +41     
+ Misses      18575    18534      -41

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@douglaz douglaz added this pull request to the merge queue Dec 19, 2023
@justinmoon justinmoon mentioned this pull request Dec 19, 2023
Merged
Merged via the queue into fedimint:master with commit 434c33a Dec 19, 2023
20 checks passed
@douglaz douglaz deleted the fix_cargo_audit branch December 19, 2023 19:41
@fedimint-backports
Copy link

Backport failed for releases/v0.2, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin releases/v0.2
git worktree add -d .worktree/backport-3972-to-releases/v0.2 origin/releases/v0.2
cd .worktree/backport-3972-to-releases/v0.2
git switch --create backport-3972-to-releases/v0.2
git cherry-pick -x 8bb0789644df61f8332fec80741bab21eb975de1

@github-actions github-actions bot mentioned this pull request Dec 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dpc dpc dpc approved these changes

@justinmoon justinmoon justinmoon approved these changes

Assignees
No one assigned
Labels
backport releases/v0.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@douglaz @fedimint-backports @dpc @justinmoon @elsirion