Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update whoami for advisory (MystenLabs#16534)
## Description ``` 1380 │ whoami 1.3.0 registry+https://github.com/rust-lang/crates.io-index │ ------------------------------------------------------------------ security vulnerability detected │ = ID: RUSTSEC-2024-0020 = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0020 = With older versions of the whoami crate, calling the `username` function leads to an immediate stack buffer overflow on illumos and Solaris. Denial of service and data corruption have both been observed in the wild, and the issue is possibly exploitable as well. This also affects any other Unix platforms that aren't any of: `linux`, `macos`, `freebsd`, `dragonfly`, `bitrig`, `openbsd`, `netbsd`. This issue has been addressed in whoami 1.5.0. For more information, see [this GitHub issue](ardaku/whoami#91). = Announcement: ardaku/whoami#91 = Solution: Upgrade to >=1.5.0 (try `cargo update -p whoami`) ``` ## Test Plan How did you test the new or updated feature? --- If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section. ### Type of Change (Check all that apply) - [ ] protocol change - [ ] user-visible impact - [ ] breaking change for a client SDKs - [ ] breaking change for FNs (FN binary must upgrade) - [ ] breaking change for validators or node operators (must upgrade binaries) - [ ] breaking change for on-chain data layout - [ ] necessitate either a data wipe or data migration ### Release notes
- Loading branch information