Skip to content

fix: ignore RUSTSEC-2021-0139#1171

Merged
Fraser999 merged 1 commit intomainfrom
fraser/cargo-audit-fix
Jun 10, 2024
Merged

fix: ignore RUSTSEC-2021-0139#1171
Fraser999 merged 1 commit intomainfrom
fraser/cargo-audit-fix

Conversation

@Fraser999
Copy link
Contributor

@Fraser999 Fraser999 commented Jun 10, 2024

Summary

Ignore RustSec warning.

Background

We get a non-critical warning when running cargo audit: RUSTSEC-2021-0139.

When running cargo tree -i -p=ansi_term we can see that ansi_term is a dependency of dylint and tracing-subscriber v0.2. While tracing-subscriber v0.3 doesn't depend upon ansi_term, we can't easily upgrade to that version as several of our dependencies do not support v0.3. Also, dylint's latest version still depends upon ansi_term.

Given that the RustSec report doesn't suggest any concrete problems with ansi_term and how difficult it will be to move away from this dependency, I have just ignored this warning in CI.

We also have a further audit warning about v0.1.29 of jobserver being yanked, so I have updated that dependency.

Changes

  • Ignore RustSec warning in newly-added .cargo/audit.toml file.

Testing

CI and ran cargo audit locally.

Related Issues

Closes #914.

@Fraser999 Fraser999 requested review from a team as code owners June 10, 2024 14:15
@Fraser999 Fraser999 requested review from joroshiba and noot June 10, 2024 14:15
@github-actions github-actions bot added the ci issues that are related to ci and github workflows label Jun 10, 2024
@Fraser999 Fraser999 added this pull request to the merge queue Jun 10, 2024
Merged via the queue into main with commit 684fd74 Jun 10, 2024
@Fraser999 Fraser999 deleted the fraser/cargo-audit-fix branch June 10, 2024 17:01
steezeburger added a commit that referenced this pull request Jun 10, 2024
@steezeburger
Merge branch 'main' into fix/hermes-chart
537c0a2 
* main:
  fix: ignore RUSTSEC-2021-0139 (#1171)
  chore(sequencer-relayer)!: remove functionality to restrict relaying blocks to only those proposed by a given validator (#1168)
  chore(metrics): update `metric_name` macro to handle a collection of names (#1163)
  fix(bridge-withdrawer): skip linting generated contract code (#1172)
  fix(core, sequencer): prefix removal source non-refund ics20 packet (#1162)
  chore(docs): add sequencer-relayer doc to specs (#1126)
  feat(bridge-withdrawer): sync logic (#1165)
  chore(withdrawer): replace contracts with `astria-bridge-contracts` submodule (#1164)
  feat(sequencer)!: implement bridge sudo and withdrawer addresses (#1142)
  feat(sequencer): implement refund to rollup logic upon ics20 transfer refund (#1161)
  feat(bridge-withdrawer): bridge withdrawer startup (#1160)
  feat(core, proto)!: add bech32m addresses (#1124)
  feat(withdrawer): bridged ERC20 token withdrawals (#1149)
  feat(sequencer-relayer)!: add chain IDs for sequencer and Celestia to config env vars (#1063)
  test(bridge-withdrawer): add submitter tests (#1133)
  chore: bump penumbra deps (#1159)
  feat(sequencer): implement `bridge/account_last_tx_hash` abci query (#1158)
  fix(withdrawer): use block subscription in batcher; send to destination_chain_address (#1157)
  fix(withdrawer): update AstriaWithdrawer to check that withdrawal value is sufficient (#1148)
  chore(ci): build bridge withdrawer images (#1156)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joroshiba joroshiba joroshiba approved these changes

+1 more reviewer

@noot noot noot approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ci issues that are related to ci and github workflows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

RUSTSEC-2021-0139: ansi_term is Unmaintained

3 participants

@Fraser999 @joroshiba @noot