Skip to content

Commit

Permalink
Update h2 to 0.3.26 to address RUSTSEC-2024-0332 (#5775)
Browse files Browse the repository at this point in the history 
### What

addresses

```
    = ID: RUSTSEC-2024-0332
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0332
    = An attacker can send a flood of CONTINUATION frames, causing `h2` to process them indefinitely.
      This results in an increase in CPU usage.

      Tokio task budget helps prevent this from a complete denial-of-service, as the server can still
      respond to legitimate requests, albeit with increased latency.

      More details at "https://seanmonstar.com/blog/hyper-http2-continuation-flood/.
```

as flagged by cargo deny

### Checklist
* [x] I have read and agree to [Contributor
Guide](https://github.com/rerun-io/rerun/blob/main/CONTRIBUTING.md) and
the [Code of
Conduct](https://github.com/rerun-io/rerun/blob/main/CODE_OF_CONDUCT.md)
* [x] I've included a screenshot or gif (if applicable)
* [x] I have tested the web demo (if applicable):
* Using newly built examples:
[rerun.io/viewer](https://rerun.io/viewer/pr/5775)
* Using examples from latest `main` build:
[rerun.io/viewer](https://rerun.io/viewer/pr/5775?manifest_url=https://app.rerun.io/version/main/examples_manifest.json)
* Using full set of examples from `nightly` build:
[rerun.io/viewer](https://rerun.io/viewer/pr/5775?manifest_url=https://app.rerun.io/version/nightly/examples_manifest.json)
* [x] The PR title and labels are set such as to maximize their
usefulness for the next release's CHANGELOG
* [x] If applicable, add a new check to the [release
checklist](https://github.com/rerun-io/rerun/blob/main/tests/python/release_checklist)!

- [PR Build Summary](https://build.rerun.io/pr/5775)
- [Docs
preview](https://rerun.io/preview/d0991aacd4ca9b0e4459d677f90aea68ca39fa33/docs)
<!--DOCS-PREVIEW-->
- [Examples
preview](https://rerun.io/preview/d0991aacd4ca9b0e4459d677f90aea68ca39fa33/examples)
<!--EXAMPLES-PREVIEW-->
- [Recent benchmark results](https://build.rerun.io/graphs/crates.html)
- [Wasm size tracking](https://build.rerun.io/graphs/sizes.html)
  • Loading branch information
@Wumpf
Wumpf authored Apr 4, 2024
1 parent 48b3c9e commit a5df691
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit a5df691

Please sign in to comment.