Update advisory-db

[dpc]

With:

nix flake lock --update-input advisory-db

[codecov-commenter]

Codecov Report

Base: 65.42% // Head: 65.55% // Increases project coverage by +0.12% 🎉

Coverage data is based on head (9a89776) compared to base (53e274f).
Patch has no changes to coverable lines.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #890      +/-   ##
==========================================
+ Coverage   65.42%   65.55%   +0.12%     
==========================================
  Files         129      129              
  Lines       23429    23426       -3     
==========================================
+ Hits        15328    15356      +28     
+ Misses       8101     8070      -31     

Impacted Files	Coverage Δ
fedimint-dbtool/src/main.rs	1.38% <0.00%> (-0.02%)	⬇️
fedimintd/src/bin/distributedgen.rs	0.95% <0.00%> (-0.01%)	⬇️
fedimintd/src/ui.rs	0.00% <0.00%> (ø)
fedimint-dbtool/src/dump.rs	0.00% <0.00%> (ø)
fedimint-server/src/config/io.rs	0.00% <0.00%> (ø)
fedimintd/src/bin/main.rs	0.80% <0.00%> (+0.02%)	⬆️
modules/fedimint-ln/src/lib.rs	73.62% <0.00%> (+0.13%)	⬆️
fedimint-server/src/consensus/mod.rs	83.63% <0.00%> (+0.16%)	⬆️
crypto/tbs/src/poly.rs	24.43% <0.00%> (+0.20%)	⬆️
modules/fedimint-wallet/src/lib.rs	77.64% <0.00%> (+0.23%)	⬆️
... and 6 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[dpc]

       last 10 log lines:
       > Version:       0.1.2
       > Title:         No default limit put on request bodies
       > Date:          2022-08-31
       > ID:            RUSTSEC-2022-0055
       > URL:           https://rustsec.org/advisories/RUSTSEC-2022-0055
       > Solution:      Upgrade to >=0.2.8, <0.3.0-rc.1 OR >=0.3.0-rc.2
       > Dependency tree:
       > axum-core 0.1.2
       >
       > error: 1 vulnerability found!

[elsirion]

Shouldn't we update this input automatically in CI to see new advisories when they come out?

[NicolaLS]

Shouldn't we update this input automatically in CI to see new advisories when they come out?

Maybe we should do it like #887 ? If we update the advisory db, ci will hold back dev. we cant just let it fail until this landed..

[elsirion]

Yeah, that might even be easier. We can also use a free GH runner for this I assume since we don't need to compile much?

[elsirion]

Blocked on a fix for askama imo.

[dpc]

askama_axum got a new version release, but hitting djc/askama#757 now.

[justinmoon]

askama_axum got a new version release, but hitting djc/askama#757 now.

Looks like that has been merged & released

[justinmoon]

Rebased and it seems to work. Ran the update command and now it warns that json is unmaintained (#1415), but no errors.