Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: ignore the tonic audit as a temporary stopgap #3052

Merged
merged 1 commit into from
Oct 2, 2024
Merged

ci: ignore the tonic audit as a temporary stopgap #3052

merged 1 commit into from
Oct 2, 2024

Conversation

yihau
Copy link
Member

@yihau yihau commented Oct 2, 2024

Problem

I'm too naive. #3050 will take some time to upgrade. use this quick fix for unblocking master asap

Summary of Changes

ignore tonic audit report temporarily

@yihau yihau requested review from t-nelson and willhickey October 2, 2024 05:23
@2501babe 2501babe self-requested a review October 2, 2024 12:58
@yihau yihau merged commit 9b5525d into anza-xyz:master Oct 2, 2024
20 checks passed
@yihau yihau deleted the audit-2 branch October 2, 2024 13:01
joncinque added a commit to joncinque/solana-program-library that referenced this pull request Oct 2, 2024
@joncinque
ci: Add tonic to audit ignore
05e761e 
#### Problem

Similar to anza-xyz/agave#3052, we need to
ignore the RUSTSEC advisory on tonic until it's resolved upstream.

#### Summary of changes

Ignore the tonic advisory.
@joncinque joncinque mentioned this pull request Oct 2, 2024
Merged
joncinque added a commit to solana-labs/solana-program-library that referenced this pull request Oct 2, 2024
@joncinque
ci: Add tonic to audit ignore (#7322)
17880f9 
#### Problem

Similar to anza-xyz/agave#3052, we need to
ignore the RUSTSEC advisory on tonic until it's resolved upstream.

#### Summary of changes

Ignore the tonic advisory.
@mergify Mergify
Copy link

mergify bot commented Oct 3, 2024

Backports to the stable branch are to be avoided unless absolutely necessary for fixing bugs, security issues, and perf regressions. Changes intended for backport should be structured such that a minimum effective diff can be committed separately from any refactoring, plumbing, cleanup, etc that are not strictly necessary to achieve the goal. Any of the latter should go only into master and ride the normal stabilization schedule.

mergify bot pushed a commit that referenced this pull request Oct 3, 2024
@yihau @mergify
ci: ignore the tonic audit as a temporary stopgap (#3052)
e149466 
(cherry picked from commit 9b5525d)

# Conflicts:
#	ci/do-audit.sh
@mergify mergify bot mentioned this pull request Oct 3, 2024
Merged
willhickey added a commit that referenced this pull request Oct 4, 2024
@mergify @yihau @willhickey
v1.18: ci: ignore the tonic audit as a temporary stopgap (backport of #…
92ddaa2 
…3052) (#3062)

* ci: ignore the tonic audit as a temporary stopgap (#3052)

(cherry picked from commit 9b5525d)

# Conflicts:
#	ci/do-audit.sh

* Fix conflicts

* Update to mimic v2.0 change

---------

Co-authored-by: Yihau Chen <yihau.chen@icloud.com>
Co-authored-by: WillHickey <will.hickey@anza.xyz>
ray-kast pushed a commit to abklabs/agave that referenced this pull request Nov 27, 2024
@yihau @ray-kast
ci: ignore the tonic audit as a temporary stopgap (anza-xyz#3052)
a046dc6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@2501babe 2501babe 2501babe approved these changes

@t-nelson t-nelson Awaiting requested review from t-nelson

@willhickey willhickey Awaiting requested review from willhickey

Assignees
No one assigned
Labels
v1.18
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yihau @2501babe @willhickey