Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address RUSTSEC-2023-0037 #259

Closed
wants to merge 1 commit into from
Closed

Conversation

dmitris
Copy link
Contributor

@dmitris dmitris commented May 18, 2023

Summary

Address RUSTSEC-2023-0037 security advisory.
Change references of the unmaintained crate xsalsa20poly1305 to crypto_secretbox.
It should fix the failing security_audit check - https://github.com/sigstore/sigstore-rs/actions/runs/5014422162/jobs/8988653668.

https://rustsec.org/advisories/RUSTSEC-2023-0037.html

Release Note

(Bug fixes and fixes of previous known issues)

  • replace xsalsa20poly1305 with crypto_secretbox to address RUSTSEC-2023-0037 security advisory

Documentation

  • no changes

Change references of the unmaintained crate xsalsa20poly1305
to crypto_secretbox.

https://rustsec.org/advisories/RUSTSEC-2023-0037.html
Signed-off-by: Dmitry S <dsavints@gmail.com>
@lukehinds
Copy link
Member

I think we can close this one now @dmitris , based on #260 landing?

@dmitris
Copy link
Contributor Author

dmitris commented May 19, 2023

done in #260

@dmitris dmitris closed this May 19, 2023
@dmitris dmitris deleted the xsalsa20poly1305 branch May 19, 2023 08:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants