Skip to content

Commit

Permalink
chore: update tokio to 1.28 (#9023)
Browse files Browse the repository at this point in the history 
[Audits](https://github.com/near/near-sdk-rs/actions/runs/4690517670/jobs/8376852068?pr=1010) in `near-sdk` highlight a security vulnerability [RUSTSEC-2023-0001](https://rustsec.org/advisories/RUSTSEC-2023-0001) that affects the Windows platform.

As far as I could tell, we're not directly impacted by this, but the severity suggests we make an upstream dep update.

#8309 (comment) pinned `tokio` to `1.18` and suggested not updating the minor version unconsciously. Whereas #8472 required a bump to `1.19`, which has no versions that patch this vulnerability.

This PR seizes the opportunity to re-pin the minor version to the latest, after which subsequent updates can uphold the bump requirement outlined in #8309.
  • Loading branch information
@miraclx
miraclx committed May 8, 2023
1 parent 7419d65 commit 3a46933
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 14 deletions.
25 changes: 12 additions & 13 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,7 @@ testlib = { path = "test-utils/testlib" }
thiserror = "1.0.30"
tikv-jemallocator = "0.5.0"
time = "0.3.9"
tokio = { version = "~1.19", features = ["fs", "macros", "net", "rt-multi-thread", "sync", "time"] }
tokio = { version = "~1.28", features = ["fs", "macros", "net", "rt-multi-thread", "sync", "time"] }
tokio-stream = { version = "0.1.2", features = ["net"] }
tokio-util = { version = "0.7.1", features = ["codec", "io"] }
toml = "0.5.8"
Expand Down

0 comments on commit 3a46933

Please sign in to comment.