Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies with known CVEs to the latest versions #3038

Merged
merged 3 commits into from Jul 18, 2023
Merged

Update dependencies with known CVEs to the latest versions #3038

merged 3 commits into from Jul 18, 2023

Conversation

0xTim
Copy link
Member

@0xTim 0xTim commented Jul 18, 2023
edited by MahdiBM

Async HTTP Client and SwiftNIO and SwiftNIO extras have CVEs that have been patched. We still depend on versions that are vulnerable, so this updates that.

@0xTim 0xTim added the semver-patch Internal changes only label Jul 18, 2023
@0xTim 0xTim requested a review from gwynne July 18, 2023 17:44
@codecov-commenter
Copy link

codecov-commenter commented Jul 18, 2023
edited

Codecov Report

Merging #3038 (17cd6b8) into main (b7c1f9c) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3038   +/-   ##
=======================================
  Coverage   76.72%   76.72%           
=======================================
  Files         211      211           
  Lines        7781     7781           
=======================================
  Hits         5970     5970           
  Misses       1811     1811

@0xTim 0xTim merged commit e98077d into main Jul 18, 2023
12 checks passed
@0xTim 0xTim deleted the dependency-updates branch July 18, 2023 19:52
@penny-for-vapor
Copy link

These changes are now available in 4.77.2

keniwhat pushed a commit to keniwhat/vapor that referenced this pull request Aug 29, 2023
Merge branch 'main' into range-eof-merge
70ff013 
* main: (75 commits)
  Make Storage Sendable (vapor#3056)
  Add Sendable Conformances to undelying types (vapor#3054)
  Resolve issue vapor#2650 (vapor#2674)
  Fix for vapor#2574 Missing quote from value (vapor#2839)
  Allow specifying a timeout for client requests (vapor#3043)
  Update dependencies with known CVEs to the latest versions (vapor#3038)
  Create CODEOWNERS
  Improve error reporting for `EncodingError` and `DecodingError` (vapor#2981)
  Fix incorrect use of non-localhost connection in test
  Update README with new Sponsor (vapor#3025)
  Add `ContentContainer.decode(_:as:)` (vapor#3023)
  Fixed drain handler call order in case of asynchronous buffer handling (vapor#3009)
  Update README with new Sponsor (vapor#3024)
  Update README with new Sponsor (vapor#3020)
  Don't use UnsafeRawBufferPointer.withMemoryRebound(to:_:) before Swift 5.7.2 (vapor#3021)
  Avoid deadlocking websocket tests (vapor#3019)
  Update README with new Sponsor (vapor#3014)
  Fix `Range: bytes=0-0` header not working properly (vapor#3010)
  Remove use of HTTPBin (vapor#3017)
  Improved error logging (vapor#3016)
  ...

# Conflicts:
#	Sources/Vapor/HTTP/Headers/HTTPHeaders+ContentRange.swift
#	Sources/Vapor/Utilities/FileIO.swift
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gwynne gwynne gwynne approved these changes

Assignees
No one assigned
Labels
semver-patch Internal changes only
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@0xTim @codecov-commenter @gwynne