Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update tiny_http and drop cargo audit CI for now #576

Merged
merged 2 commits into from
Oct 19, 2021
Merged

Update tiny_http and drop cargo audit CI for now #576

merged 2 commits into from
Oct 19, 2021

Conversation

romanz
Copy link
Owner

@romanz romanz commented Oct 19, 2021
edited
Loading

Following #575.

@Kixunil
Copy link
Contributor

Kixunil commented Oct 19, 2021

Looks like you forgot to commit Cargo.lock

@romanz
Copy link
Owner Author

romanz commented Oct 19, 2021

It still doesn't work, since latest tiny-http doesn't pass cargo audio 😞

$ git lg -1
* 9a2566c Richard Bradfield:  (HEAD -> master, tag: 0.9.0, origin/master, origin/HEAD) Prepare for 0.9.0 release (5 days ago)

$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 370 security advisories (from /home/roman/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (34 crate dependencies)
Crate:         chrono
Version:       0.4.19
Title:         Potential segfault in `localtime_r` invocations
Date:          2020-11-10
ID:            RUSTSEC-2020-0159
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0159
Solution:      No safe upgrade is available!
Dependency tree: 
chrono 0.4.19
└── tiny_http 0.9.0

error: 1 vulnerability found!

@romanz
Drop cargo audit action for now
bdbe3a9 
Not sure if it's possible to ignore `RUSTSEC-2020-0159` on GitHub CI.
@romanz romanz changed the title Update tiny_http Update tiny_http & and drop cargo audit CI for now Oct 19, 2021
@romanz romanz merged commit fbb8d7b into master Oct 19, 2021
@romanz romanz deleted the update-deps branch October 19, 2021 18:32
@romanz romanz changed the title Update tiny_http & and drop cargo audit CI for now Update tiny_http and drop cargo audit CI for now Oct 20, 2021
@Kixunil
Copy link
Contributor

Kixunil commented Oct 20, 2021

Maybe instead of dropping cargo audit we could --ignore RUSTSEC-2020-0159?

@romanz
Copy link
Owner Author

romanz commented Oct 20, 2021
edited
Loading

Not sure how to do that with https://github.com/actions-rs/audit-check :(
I tried adding args, but it didn't recognize them: https://github.com/romanz/electrs/runs/3942930966

@Kixunil
Copy link
Contributor

Kixunil commented Oct 20, 2021

This may help? actions-rs/audit-check#132 (comment)

@romanz
Copy link
Owner Author

romanz commented Oct 20, 2021

Thanks!
Will take a look :)

romanz added a commit that referenced this pull request Oct 20, 2021
@romanz
Add cargo audit configuration file
d6d225e 
See #576 (comment)
@romanz
Copy link
Owner Author

romanz commented Oct 20, 2021

Cool, it seems to work :)
https://github.com/romanz/electrs/runs/3949291782#step:3:16

romanz added a commit that referenced this pull request Oct 20, 2021
@romanz
Add cargo audit configuration file
a82b1b9 
See #576 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@romanz @Kixunil