Skip to content

Comments

ci: update smallvec to fix cargo audit#1282

Merged
p-shahi merged 1 commit intomasterfrom
pshahi/update-smallvec
Jan 12, 2021
Merged

ci: update smallvec to fix cargo audit#1282
p-shahi merged 1 commit intomasterfrom
pshahi/update-smallvec

Conversation

@p-shahi
Copy link
Contributor

@p-shahi p-shahi commented Jan 12, 2021
edited
Loading

This is an attempt to solve the cargo audit failure. Bumping smallvec from 1.5.1 to 1.6.1

      Loaded 175 security advisories (from /nix/store/jcfdb61pfr6d0jmviwylrc8yc276z878-source)
    Updating crates.io index
warning: couldn't update crates.io index: registry: failed to make directory '/homeless-shelter': Permission denied; class=Os (2)
    Scanning /nix/store/xwhpzxz3z2gb4fhhzwh56njr1kqq19cp-Cargo.lock for vulnerabilities (409 crate dependencies)
error: Vulnerable crates found!

ID:       RUSTSEC-2021-0003
Crate:    smallvec
Version:  1.5.1
Date:     2021-01-08
URL:      https://rustsec.org/advisories/RUSTSEC-2021-0003
Title:    Buffer overflow in SmallVec::insert_many
Solution:  upgrade to >= 0.6.14, < 1.0.0 OR >= 1.6.1

@p-shahi p-shahi requested review from a user and hansl January 12, 2021 19:49
@p-shahi p-shahi merged commit 8c9272a into master Jan 12, 2021
@p-shahi p-shahi deleted the pshahi/update-smallvec branch January 12, 2021 19:51
dfinity-bot added a commit that referenced this pull request Jul 23, 2022
@dfinity-bot
build: niv advisory-db: update 2718c2db -> 48214447
7d00749 
## Changelog for advisory-db:
Branch: main
Commits: [rustsec/advisory-db@2718c2db...48214447](rustsec/advisory-db@2718c2d...4821444)

* [`48214447`](rustsec/advisory-db@4821444) Add advisory for `pkcs11` ([RustSec/advisory-db⁠#1282](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1282))
mergify bot pushed a commit that referenced this pull request Jul 23, 2022
@dfinity-bot
build: niv advisory-db: update 2718c2db -> 48214447 (#2372)
be67dc2 
## Changelog for advisory-db:
Branch: main
Commits: [rustsec/advisory-db@2718c2db...48214447](rustsec/advisory-db@2718c2d...4821444)

* [`48214447`](rustsec/advisory-db@4821444) Add advisory for `pkcs11` ([RustSec/advisory-db⁠#1282](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1282))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@hansl hansl hansl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@p-shahi @hansl