Skip to content

Commit

Permalink
Upgrade spin crate to patch a vulnerability.
Browse files Browse the repository at this point in the history 
The vulnerability:
```
$ ./build-support/bin/ci.py --cargo-audit
...
error: Vulnerable crates found!

ID:	 RUSTSEC-2019-0013
Crate:	 spin
Version: 0.5.1
Date:	 2019-08-27
URL:	 mvdnes/spin-rs#65
Title:	 Wrong memory orderings in RwLock potentially violates mutual exclusion
Solution: upgrade to: >= 0.5.2

error: 1 vulnerability found!
Cargo audit failure
```

Although we don't directly depend on `spin`, we depend on `lazy_static`
(amongst others) which does:
```
$ (cd src/rust/engine && ../../../build-support/bin/native/cargo tree -p spin -i)
spin v0.5.2
├── lazy_static v1.3.0
...
```

So this change was generated with a targeted upgrade:
```
$ ./build-support/bin/native/cargo update --manifest-path src/rust/engine/Cargo.toml -p spin --aggressive
```
  • Loading branch information
@jsirois
jsirois committed Sep 23, 2019
1 parent a1bda4b commit dd7dce3
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/rust/engine/Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit dd7dce3

Please sign in to comment.