-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: RUSTSEC-2024-0344 #671
Conversation
…ore/node-1.40-rc.1
# TODO: trigger Cargo.lock update for x25519-dalek once they release. | ||
# This fixes https://rustsec.org/advisories/RUSTSEC-2024-0344 by pointing to a commit that includes the fix. | ||
# This fix has yet to be propagated to crates.io so we will patch it instead. | ||
x25519-dalek = { git = "https://github.com/dalek-cryptography/curve25519-dalek", rev = "5b7082bbc8e0b2106ab0d956064f61fa0f393cdc" } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice fix! Should we also patch it for fastauth
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, fastauth should just be left as-is for now so that we don't break anything
8f10266
to
e1cf28b
Compare
e1cf28b
to
8e2b323
Compare
This PR now also ignores RUSTSEC-2024-0347 due to it only affecting integration tests |
…x/RUSTSEC-2024-0344
The merge-base changed after approval.
Terraform Feature Environment Destroy (dev-671)Terraform Initialization ⚙️
|
This fixes the vulnerability for RUSTSEC-2024-0344. But ignores two other ones due to it only affecting the CLI and workspaces testing, which isn't vital to deal with for now.