Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix rust cargo audit (Uplift to 1.35.x) #12017

Merged
merged 1 commit into from
Jan 27, 2022
Merged

Fix rust cargo audit (Uplift to 1.35.x) #12017

merged 1 commit into from
Jan 27, 2022

Conversation

bsclifton
Copy link
Member

@bsclifton bsclifton commented Jan 27, 2022
edited
Loading

Manual uplift of #11890

Fixes cargo advisories brought in by the SKU portion of #11985

NO TICKET

@bsclifton bsclifton added CI/skip-android Do not run CI builds for Android CI/skip-macos-x64 Do not run CI builds for macOS x64 CI/skip-windows CI/skip-ios Do not run CI builds for iOS labels Jan 27, 2022
@bsclifton bsclifton added this to the 1.35.x - Release milestone Jan 27, 2022
@bsclifton bsclifton self-assigned this Jan 27, 2022
@bsclifton bsclifton requested a review from a team January 27, 2022 04:23
@github-actions github-actions bot added the CI/run-audit-deps Check for known npm/cargo vulnerabilities (audit_deps) label Jan 27, 2022
@bsclifton bsclifton changed the title Ignore chrono crate advisories again. (#11890) Fix rust cargo audit (Uplift to 1.35.x) Jan 27, 2022
@rillian @bsclifton
Ignore chrono crate advisories again. (#11890)
bf8c330 
Restore advisories against `chrono` and its use of the `time` 0.1
crate to the ignore list. RUSTSEC-2020-0071 and RUSTSEC-2020-0159
still have not been addressed by the upstream maintainer. We had
worked around this by porting previous uses to the newer `time` 0.3
crate as a replacement, but the SKU service and upcoming rss feed
support patch both re-introduce this dependency.

After auditing the new use to determine users are not affected, it's
best to silence the warnings so any other new issues stand out in an
`npm run audit_deps` report.

Reopens brave/brave-browser#18835
@bsclifton
Copy link
Member Author

Pushing a fix for lint (raised in https://ci.brave.com/blue/organizations/jenkins/pr-brave-browser-bsc-fix-audit-errors-1.35.x-noplatform/detail/pr-brave-browser-bsc-fix-audit-errors-1.35.x-noplatform/1/pipeline). Will mark as CI/Skip to avoid another run

@bsclifton bsclifton added CI/skip Do not run CI builds (except noplatform) and removed CI/skip-android Do not run CI builds for Android CI/skip-macos-x64 Do not run CI builds for macOS x64 CI/skip-windows CI/skip-ios Do not run CI builds for iOS labels Jan 27, 2022
@bsclifton bsclifton requested a review from a team as a code owner January 27, 2022 05:16
kjozwiak
kjozwiak approved these changes Jan 27, 2022
View reviewed changes
Copy link
Member

@kjozwiak kjozwiak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uplift into 1.35.x approved after deliberating with @brave/uplift-approvers.

@kjozwiak kjozwiak merged commit 6db29ee into 1.35.x Jan 27, 2022
@kjozwiak kjozwiak deleted the bsc-fix-audit-errors-1.35.x branch January 27, 2022 05:40
@bsclifton bsclifton removed the request for review from a team January 27, 2022 05:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kjozwiak kjozwiak kjozwiak approved these changes

Assignees

@bsclifton bsclifton

Labels
CI/run-audit-deps Check for known npm/cargo vulnerabilities (audit_deps) CI/skip Do not run CI builds (except noplatform)
Projects
None yet
Milestone
1.35.x - Release
Development

Successfully merging this pull request may close these issues.
3 participants
@bsclifton @kjozwiak @rillian