Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update flate2 #623

Closed
wants to merge 1 commit into from
Closed

Update flate2 #623

wants to merge 1 commit into from

Conversation

Shnatsel
Copy link

@Shnatsel Shnatsel commented Sep 7, 2019
edited
Loading

This updates flate2 to version 1.0.11 which:

  • Updates to a new version of miniz_oxide with important safety fixes. It is 100% safe code now and forbids unsafe code.
  • Makes calls to miniz_oxide no longer go through the C API layer, which has soundness issues in the version currently used by reqwest
  • Drops most of the unsafe code from flate2 itself when used with Rust backend

I am aware that crate consumers normally use the latest available versions of dependencies. This change is meant to prohibit use of earlier versions due to soundness issues.

@Shnatsel
Update flate2
f7834da 
This updates flate2 to version 1.0.11, which:

- Pulls in new version of miniz_oxide with important of safety fixes
- Drops most of the unsafe code from flate2 itself when used with Rust backend
@seanmonstar
Copy link
Owner

Thanks, but we now use async-compression instead of flate2 directly.

@seanmonstar seanmonstar closed this Oct 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Shnatsel @seanmonstar