Workaround make audit failure for rust-nix #2697

The workaround is to add common/rust-psutil and change it's Cargo.toml to use v0.22.2. And then change common/eth2/Cargo.toml to point to ../common/rust-psutil. Also updated Makefile: - lint: target to Allow needless_borrow to pass the `cargo lint` action. - test-release, test-debug: addded --exclude psutil if Windows_NT The failure is: Compiling cargo-audit v0.15.2 Finished release [optimized] target(s) in 3m 34s Replacing /home/runner/.cargo/bin/cargo-audit Replaced package `cargo-audit v0.15.2` with `cargo-audit v0.15.2` (executable `cargo-audit`) cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 367 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (652 crate dependencies) Crate: nix error: 2 vulnerabilities found! Version: 0.17.0 Title: Out-of-bounds write in nix::unistd::getgrouplist Date: 2021-09-27 ID: RUSTSEC-2021-0119 URL: https://rustsec.org/advisories/RUSTSEC-2021-0119 Solution: Upgrade to ^0.20.2 OR ^0.21.2 OR ^0.22.2 OR >=0.23.0 Dependency tree: nix 0.17.0 Crate: nix Version: 0.22.0 Title: Out-of-bounds write in nix::unistd::getgrouplist Date: 2021-09-27 ID: RUSTSEC-2021-0119 URL: https://rustsec.org/advisories/RUSTSEC-2021-0119 Solution: Upgrade to ^0.20.2 OR ^0.21.2 OR ^0.22.2 OR >=0.23.0 Dependency tree: nix 0.22.0 Crate: stdweb Version: 0.4.20 Warning: unmaintained Title: stdweb is unmaintained Date: 2020-05-04 ID: RUSTSEC-2020-0056 URL: https://rustsec.org/advisories/RUSTSEC-2020-0056 Dependency tree: stdweb 0.4.20 └── time 0.2.27 warning: 1 allowed warning found make: *** [Makefile:154: audit] Error 1 Error: Process completed with exit code 2.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Workaround make audit failure for rust-nix #2697

Workaround make audit failure for rust-nix #2697

Commits on Oct 10, 2021