Merge pull request #4427 from eval-exec/exec/sqlx-use-native-tls

Fix RUSTSEC-2024-0336, let sqlx use `runtime-tokio-native-tls` instead of `runtime-tokio-rustls` to drop `rustls` dependency
nervosnetwork · Apr 22, 2024 · f5d5436 · f5d5436
2 parents 9944b22 + 6102250
commit f5d5436
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 90 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/deny.toml b/deny.toml
@@ -4,8 +4,6 @@ unmaintained = "warn"
 yanked = "deny"
 notice = "deny"
 ignore = [
-    # waiting https://github.com/bheisler/criterion.rs/pull/628 bump release
-    "RUSTSEC-2021-0145",
     # The CVE can be kept under control for its triggering.
     # See https://github.com/launchbadge/sqlx/pull/2455#issuecomment-1507657825 for more information.
     # Meanwhile, awaiting SQLx's new version (> 0.7.3) for full support of any DB driver.

diff --git a/util/rich-indexer/Cargo.toml b/util/rich-indexer/Cargo.toml
@@ -23,7 +23,7 @@ log = "0.4"
 num-bigint = "0.4"
 once_cell = "1.8.0"
 sql-builder = "3.1"
-sqlx = { version = "0.6", features = ["runtime-tokio-rustls", "any", "sqlite", "postgres"] }
+sqlx = { version = "0.6", features = ["runtime-tokio-native-tls", "any", "sqlite", "postgres"] }
 
 [dev-dependencies]
 hex = "0.4"