-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix cargo audit vulnerabilities: rustls-webpki #2180
Fix cargo audit vulnerabilities: rustls-webpki #2180
Conversation
Looks like there's still a problem with cargo check, Assuming there would be no other blockers, I would be in favour of bumping MSRV as I believe |
Robot Results
|
I'm okay to bump the MSRV. The question is now: which version?
|
I think we can bump to the smallest version that satisfies updated dependencies as part of this PR, and go from there. Maybe we'll have to do another bump to solve the 2nd vuln, but also shouldn't be a problem. As for Yocto, which was usually the blocker, we now use |
Codecov Report
Additional details and impacted files |
Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
3033549
to
6e16a6f
Compare
https://github.com/thin-edge/thin-edge.io/actions/runs/5941141470/job/16111321664?pr=2169 reports vulnerabilities on
rustls-webpki
webpki
Proposed changes
rustls-webpki
:cargo update
except fortime
andtime-macros
which require rust 1.67webpki
: there is no fix yetTypes of changes
Paste Link to the issue
Checklist
cargo fmt
as mentioned in CODING_GUIDELINEScargo clippy
as mentioned in CODING_GUIDELINESFurther comments