Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: RUSTSEC-2024-0344 #671

Merged
merged 15 commits into from
Jul 9, 2024
Merged

fix: RUSTSEC-2024-0344 #671

merged 15 commits into from
Jul 9, 2024

Conversation

ChaoticTempest
Copy link
Member

This fixes the vulnerability for RUSTSEC-2024-0344. But ignores two other ones due to it only affecting the CLI and workspaces testing, which isn't vital to deal with for now.

@ChaoticTempest ChaoticTempest mentioned this pull request Dec 2, 2024
Open
3 tasks
ailisp
ailisp reviewed Jul 9, 2024
View reviewed changes
chain-signatures/Cargo.toml
# TODO: trigger Cargo.lock update for x25519-dalek once they release.
# This fixes https://rustsec.org/advisories/RUSTSEC-2024-0344 by pointing to a commit that includes the fix.
# This fix has yet to be propagated to crates.io so we will patch it instead.
x25519-dalek = { git = "https://github.com/dalek-cryptography/curve25519-dalek", rev = "5b7082bbc8e0b2106ab0d956064f61fa0f393cdc" }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice fix! Should we also patch it for fastauth

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, fastauth should just be left as-is for now so that we don't break anything

@ChaoticTempest ChaoticTempest force-pushed the phuong/fix/RUSTSEC-2024-0344 branch from 8f10266 to e1cf28b Compare July 9, 2024 07:40
@ChaoticTempest ChaoticTempest force-pushed the phuong/fix/RUSTSEC-2024-0344 branch from e1cf28b to 8e2b323 Compare July 9, 2024 18:19
@ChaoticTempest
Copy link
Member Author

This PR now also ignores RUSTSEC-2024-0347 due to it only affecting integration tests

Base automatically changed from phuong/chore/node-1.40 to develop July 9, 2024 21:39
ppca
ppca previously approved these changes Jul 9, 2024
View reviewed changes
@ChaoticTempest ChaoticTempest dismissed ppca’s stale review July 9, 2024 23:32

The merge-base changed after approval.

@ChaoticTempest ChaoticTempest merged commit 67170dd into develop Jul 9, 2024
3 checks passed
@ChaoticTempest ChaoticTempest deleted the phuong/fix/RUSTSEC-2024-0344 branch July 9, 2024 23:57
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 9, 2024

Terraform Feature Environment Destroy (dev-671)

Terraform Initialization ⚙️success

Terraform Destroy success

Show Destroy Plan 


No changes. No objects need to be destroyed.

Either you have not created any objects yet or the existing objects were
already deleted outside of Terraform.

Destroy complete! Resources: 0 destroyed.

Pusher: @ChaoticTempest, Action: pull_request, Working Directory: ``, Workflow: Terraform Feature Env (Destroy)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ailisp ailisp ailisp left review comments

@ppca ppca ppca approved these changes

@volovyks volovyks Awaiting requested review from volovyks

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ChaoticTempest @ailisp @ppca