-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please update dependencies to non-vulnerable versions #49
Comments
Thanks for putting together that list. Happily, wen can upgrade to the latest version of both those packages without any code changes, so I've shoved up an internal diff to do so (it will be mirrored open source as soon as someone accepts it, sometime Monday probably). Would it be useful to get a release with those changes included? I would if this should go into our CI? Annoying that it requires installing cargo-deny though, would be much easier if it was a standard part of Cargo. |
Thanks for pushing that changeset in - look forward to it landing here. A release when it lands would be amazing - I'm in the process of porting to starlark 0.7 myself (: Not sure if your CI uses github actions internally (my guess is no), but if running cargo check on the OSS repo is sufficient for you, I use cargo deny in governor here, using the github action published by EmbarkStudios: https://github.com/antifuchs/governor/blob/master/.github/workflows/ci_push.yml#L53-L60. That has a cached install of cargo-deny, isn't tedious it doesn't take a long time to run. |
Cool, will release once it lands (I think it's probably a 0.8 as there are probably some minor breaking changes, but I'll double check). Running cargo check in the OSS repo seems good enough, that action looks pretty good, so I'll take a go at integrating it. |
Summary: As reported at #49 Reviewed By: stepancheg Differential Revision: D36235985 fbshipit-source-id: 5d3f288e53ab02a168e400b07b8403f2df0783b7
Summary: As reported at facebook/starlark-rust#49 Reviewed By: stepancheg Differential Revision: D36235985 fbshipit-source-id: 5d3f288e53ab02a168e400b07b8403f2df0783b7
Fixed in a74f58b and a release of 0.8 with the changes. |
Summary: Based on a request in #49 Reviewed By: krallin Differential Revision: D36400473 fbshipit-source-id: c2c03cd00572e039e94b7f2b3f7e1b68b57116be
Summary: Based on a request in facebook/starlark-rust#49 Reviewed By: krallin Differential Revision: D36400473 fbshipit-source-id: c2c03cd00572e039e94b7f2b3f7e1b68b57116be
Tests added to CI in 959865f |
Currently, running
cargo deny check advisories
on a rust project that uses the starlark crate results in errors about RUSTSEC advisories, both of them fixed by now:Would it be possible to bump those versions?
The text was updated successfully, but these errors were encountered: