Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Use patched protobuf with RUSTSEC-2019-0003 fix. #7770
A crates index patch was needed here to ensure both our crates and
Eric-Arellano left a comment
I think we can kill this
While the TODO says to wait until the official patch is landed, with us now using Pants' version of protobuf I think we can clean that part up now. The only remaining cleanup once the patch lands would be to update
referenced this pull request
May 20, 2019
Nope. There is no remedy recognized by the database. We'd need to clone the database, edit RUSTSEC-2019-0003 and cron refreshes of the db.
Edit: They just committed remedies: https://github.com/RustSec/advisory-db/commits/master/crates/protobuf/RUSTSEC-2019-0003.toml however we'll need to upgrade through several minor versions to get there. I've filed #7771 to track that yak. I need to be moving on at the moment to other work.