-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update rand dependency because of RUSTSEC-2021-0023 #396
base: v2.x.x-backports
Are you sure you want to change the base?
Update rand dependency because of RUSTSEC-2021-0023 #396
Conversation
CI failures are caused by clippy, at least one looks like an actual bug that was already fixed on the main branch |
I have a PR that fixes the lints which we can hopefully base this on top of: #399 |
Re-running CI now that #399 was merged |
Needs a rebase it seems |
@Fishrock123 I don't see a merge conflict on this branch. Seems like it can be merged? |
@Fishrock123 any chance this could be merged? |
13ab959
to
17af8fc
Compare
Rebased. There might be new clippy lints since the last update, let's see. |
@Fishrock123 How can we help get this merged and a new release? |
@nox it would help to open a PR fixing the broken clippies. They're not broken because of this PR, but they are blocking merge |
@jhorstmann I've made a PR fixing the clippy lints and it got merged. Care to rebase this PR on top of current master? Thanks. |
@nox did you mean cherry-pick instead? My idea here was to apply the change to the 2.x branch for a maintenance release. The master branch seems to have switched to a different crate for random numbers. Looking at the rustsec advisory again it also seems that An updated maintenance release would still be nice. |
Yeah sorry, I just meant to tell you about the lint fixes so we can get this merged and released as some 2.y.z version. |
I just realised that the lints were independently fixed, so it seems all we need is a rebase, @jhorstmann. |
Ah, different lints were fixed, never mind. |
There is an open rustsec issue (RUSTSEC-2021-0023) about a transitive dependency of http-types 2.12.0. On the main branch this seems to be fixed by migrating to
fastrand
but I think this might also warrant a maintenance release.