Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update tungstenite to drop idna #814

Merged
merged 2 commits into from
Dec 10, 2024
Merged

update tungstenite to drop idna #814

merged 2 commits into from
Dec 10, 2024

Conversation

arvidn
Copy link
Contributor

@arvidn arvidn commented Dec 10, 2024
edited
Loading

which triggers an audit failure. Still ignore audit failure for MarvinAttack in rsa.

The cargo audit failures before this change:

Crate:     idna
Version:   0.5.0
Title:     `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Date:      2024-12-09
ID:        RUSTSEC-2024-0421
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0421
Solution:  Upgrade to >=1.0.0
Dependency tree:
idna 0.5.0
└── url 2.5.2
    └── tungstenite 0.21.0
        ├── tokio-tungstenite 0.21.0
        │   └── chia-client 0.16.0
        │       ├── chia_rs 0.16.0
        │       └── chia 0.16.0
        └── chia-client 0.16.0

Crate:     rsa
Version:   0.9.7
Title:     Marvin Attack: potential key recovery through timing sidechannels
Date:      2023-11-22
ID:        RUSTSEC-2023-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2023-0071
Severity:  5.9 (medium)
Solution:  No fixed upgrade is available!
Dependency tree:
rsa 0.9.7
└── chia-ssl 0.11.0
    ├── chia_rs 0.16.0
    └── chia 0.16.0

Crate:     term
Version:   0.2.14
Warning:   unmaintained
Title:     term is looking for a new maintainer
Date:      2018-11-19
ID:        RUSTSEC-2018-0015
URL:       https://rustsec.org/advisories/RUSTSEC-2018-0015
Dependency tree:
term 0.2.14
└── text-diff 0.4.0
    └── chia-consensus 0.16.0
        ├── chia_rs 0.16.0
        ├── chia-tools 0.16.0
        ├── chia-fuzz 0.16.0
        │   └── clvm-utils-fuzz 0.16.0
        └── chia 0.16.0

Crate:     ppv-lite86
Version:   0.2.19
Warning:   yanked
Dependency tree:
ppv-lite86 0.2.19
└── rand_chacha 0.3.1
    └── rand 0.8.5
        ├── tungstenite 0.24.0
        │   ├── tokio-tungstenite 0.24.0
        │   │   └── chia-client 0.16.0
        │   │       ├── chia_rs 0.16.0
        │   │       └── chia 0.16.0
        │   └── chia-client 0.16.0
        ├── num-bigint-dig 0.8.4
        │   └── rsa 0.9.7
        │       └── chia-ssl 0.11.0
        │           ├── chia_rs 0.16.0
        │           └── chia 0.16.0
        ├── chia-ssl 0.11.0
        ├── chia-consensus 0.16.0
        │   ├── chia_rs 0.16.0
        │   ├── chia-tools 0.16.0
        │   ├── chia-fuzz 0.16.0
        │   │   └── clvm-utils-fuzz 0.16.0
        │   └── chia 0.16.0
        └── chia-bls 0.16.0
            ├── clvm-traits 0.16.0
            │   ├── clvm-utils-fuzz 0.16.0
            │   ├── clvm-utils 0.16.0
            │   │   ├── clvm-utils-fuzz 0.16.0
            │   │   ├── chia_rs 0.16.0
            │   │   ├── chia-tools 0.16.0
            │   │   ├── chia-puzzles 0.16.0
            │   │   │   ├── chia-tools 0.16.0
            │   │   │   ├── chia-puzzles-fuzz 0.16.0
            │   │   │   ├── chia-consensus 0.16.0
            │   │   │   └── chia 0.16.0
            │   │   ├── chia-protocol 0.16.0
            │   │   │   ├── chia_rs 0.16.0
            │   │   │   ├── chia-tools 0.16.0
            │   │   │   ├── chia-puzzles 0.16.0
            │   │   │   ├── chia-protocol-fuzz 0.16.0
            │   │   │   ├── chia-fuzz 0.16.0
            │   │   │   ├── chia-consensus 0.16.0
            │   │   │   ├── chia-client 0.16.0
            │   │   │   └── chia 0.16.0
            │   │   ├── chia-fuzz 0.16.0
            │   │   ├── chia-consensus 0.16.0
            │   │   └── chia 0.16.0
            │   ├── clvm-traits-fuzz 0.16.0
            │   ├── chia-tools 0.16.0
            │   ├── chia-puzzles-fuzz 0.16.0
            │   ├── chia-puzzles 0.16.0
            │   ├── chia-protocol-fuzz 0.16.0
            │   ├── chia-protocol 0.16.0
            │   ├── chia-fuzz 0.16.0
            │   ├── chia-consensus 0.16.0
            │   └── chia 0.16.0
            ├── chia_rs 0.16.0
            ├── chia-tools 0.16.0
            ├── chia-puzzles 0.16.0
            ├── chia-protocol 0.16.0
            ├── chia-fuzz 0.16.0
            ├── chia-consensus 0.16.0
            ├── chia-bls-fuzz 0.16.0
            └── chia 0.16.0

Rigidity
Rigidity previously approved these changes Dec 10, 2024
View reviewed changes
@coveralls-official Coveralls Official
Copy link

coveralls-official bot commented Dec 10, 2024
edited
Loading

Pull Request Test Coverage Report for Build 12263665439

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 83.945%
Totals Coverage Status
Change from base Build 12263517775: 0.0%
Covered Lines: 13014
Relevant Lines: 15503
💛 - Coveralls

@altendky altendky merged commit 8147db0 into main Dec 10, 2024
52 checks passed
@altendky altendky deleted the fix-audit-failures branch December 10, 2024 23:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@altendky altendky altendky approved these changes

@Rigidity Rigidity Rigidity left review comments

@bramv-chia bramv-chia Awaiting requested review from bramv-chia

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arvidn @altendky @Rigidity