Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix audit #4014

Merged
merged 1 commit into from
Dec 9, 2024
Merged

fix audit #4014

merged 1 commit into from
Dec 9, 2024

Conversation

yihau
Copy link
Member

@yihau yihau commented Dec 9, 2024

Problem

the audit failed. we need to upgrade idna to >= 1.0.0. however, the dep chain looks like:

jsonrpc-core-client v18.0.0 -> jsonrpc-client-transports v18.0.0 -> url v1.7.2 -> idna v0.1.5

and jsonrpc-core-client has not released any new version in the past 3y ...

Summary of Changes

ignore it as a stopgap

@yihau yihau requested review from t-nelson and bw-solana December 9, 2024 14:24
@yihau yihau added v2.0 Backport to v2.0 branch v2.1 Backport to v2.1 branch labels Dec 9, 2024
@mergify Mergify
Copy link

mergify bot commented Dec 9, 2024

Backports to the stable branch are to be avoided unless absolutely necessary for fixing bugs, security issues, and perf regressions. Changes intended for backport should be structured such that a minimum effective diff can be committed separately from any refactoring, plumbing, cleanup, etc that are not strictly necessary to achieve the goal. Any of the latter should go only into master and ride the normal stabilization schedule.

@mergify Mergify
Copy link

mergify bot commented Dec 9, 2024

Backports to the beta branch are to be avoided unless absolutely necessary for fixing bugs, security issues, and perf regressions. Changes intended for backport should be structured such that a minimum effective diff can be committed separately from any refactoring, plumbing, cleanup, etc that are not strictly necessary to achieve the goal. Any of the latter should go only into master and ride the normal stabilization schedule. Exceptions include CI/metrics changes, CLI improvements and documentation updates on a case by case basis.

joncinque added a commit to joncinque/solana-program-library that referenced this pull request Dec 9, 2024
@joncinque
CI: Add idna to ignore
133b363 
#### Problem

Audit is failing due to an issue on idna.

#### Summary of changes

Since the dependency is pretty buried, do the same thing as
anza-xyz/agave#4014 and ignore it.
@joncinque joncinque mentioned this pull request Dec 9, 2024
Merged
@brooksprumo brooksprumo mentioned this pull request Dec 9, 2024
Merged
joncinque added a commit to solana-labs/solana-program-library that referenced this pull request Dec 9, 2024
@joncinque
CI: Add idna to ignore (#7569)
224a96b 
#### Problem

Audit is failing due to an issue on idna.

#### Summary of changes

Since the dependency is pretty buried, do the same thing as
anza-xyz/agave#4014 and ignore it.
@joncinque joncinque mentioned this pull request Dec 9, 2024
Merged
@pgarg66
Copy link

pgarg66 commented Dec 9, 2024

CI is broken due to this. Can we approve/merge this PR?

@joncinque joncinque merged commit 6c86ce5 into anza-xyz:master Dec 9, 2024
22 checks passed
mergify bot pushed a commit that referenced this pull request Dec 9, 2024
@yihau @mergify
fix audit (#4014)
967eaab 
(cherry picked from commit 6c86ce5)

# Conflicts:
#	ci/do-audit.sh
mergify bot pushed a commit that referenced this pull request Dec 9, 2024
@yihau @mergify
fix audit (#4014)
b0c37a7 
(cherry picked from commit 6c86ce5)
This was referenced Dec 9, 2024
Merged
Merged
yihau added a commit that referenced this pull request Dec 10, 2024
@yihau
fix audit (#4014)
c8bd0cc 
(cherry picked from commit 6c86ce5)

# Conflicts:
#	ci/do-audit.sh
yihau added a commit that referenced this pull request Dec 10, 2024
@yihau
fix audit (#4014)
0d12b04 
(cherry picked from commit 6c86ce5)
behzadnouri pushed a commit that referenced this pull request Dec 11, 2024
@yihau @behzadnouri
fix audit (#4014)
1bd64b3 
(cherry picked from commit 6c86ce5)

# Conflicts:
#	ci/do-audit.sh
t-nelson pushed a commit that referenced this pull request Dec 11, 2024
@mergify @yihau @joncinque
v2.0: fix audit (backport of #4014) (#4021)
10b95d1 
* fix audit (#4014)

(cherry picked from commit 6c86ce5)

# Conflicts:
#	ci/do-audit.sh

* Fix merge conflict

---------

Co-authored-by: Yihau Chen <yihau.chen@icloud.com>
Co-authored-by: Jon C <me@jonc.dev>
t-nelson pushed a commit that referenced this pull request Dec 11, 2024
@mergify @yihau
v2.1: fix audit (backport of #4014) (#4022)
aca7bbe 
fix audit (#4014)

(cherry picked from commit 6c86ce5)

Co-authored-by: Yihau Chen <yihau.chen@icloud.com>
@naviat naviat mentioned this pull request Dec 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joncinque joncinque joncinque approved these changes

@t-nelson t-nelson Awaiting requested review from t-nelson

@bw-solana bw-solana Awaiting requested review from bw-solana

Assignees
No one assigned
Labels
v2.0 Backport to v2.0 branch v2.1 Backport to v2.1 branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yihau @pgarg66 @joncinque