Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(security): improvements #1853

Merged
merged 15 commits into from
Jun 8, 2023
Merged

fix(security): improvements #1853

merged 15 commits into from
Jun 8, 2023

Conversation

onur-ozkan
Copy link
Member

@onur-ozkan onur-ozkan commented May 31, 2023

Fixes:

dependency updates:

  • bump librustzcash crates to k-1.3.0
  • use latest stable rmp-serde 0.14.3 -> v1.1.1 but rolled back to 0.14.3 in here fix(incompatible-dep): rollback rmp #1862 so need to review it in release PR.
  • bump blake2 to latest stable v0.10.4 -> v0.10.6
  • use latest stable metrics dependencies v0.19.0 -> v0.21.0
  • use latest stable hyper v0.14.11 -> v0.14.26
  • update rusqlite v0.24.2 -> 0.28.0
  • update env_logger v0.9.0 -> 0.9.3
  • remove getrandom
  • libm v0.2.7 added
  • mach2 v0.4.1 added instead of mach v0.3.2
  • portable-atomic v1.3.2 added
  • base64 v0.21.2 added
  • ahash 0.7.6 -> 0.8.3
  • block-modes 0.7.0 -> 0.8.1
  • fpe 0.3.13 -> 0.3.19
  • hashbrown 0.12.1 -> 0.13.2
  • hashlink 0.6.0 -> 0.8.2
  • httparse 1.6.0 -> 1.8.0
  • hyper 0.14.18 -> 0.14.26
  • libsqlite3-sys 0.20.1 -> 0.25.2
  • metrics-exporter-prometheus 0.10.0 -> 0.12.1
  • metrics-macros 0.5.1 -> 0.7.0
  • metrics-util 0.13.0 -> 0.15.0
  • num-traits 0.2.12 -> 0.2.15
  • ordered-float 2.10.0 -> 3.7.0
  • pkg-config 0.3.17 -> 0.3.27
  • quanta 0.9.3 -> 0.11.1
  • rmp 0.8.9 -> 0.8.11
  • sketches-ddsketch 0.1.3 -> 0.2.1
  • socket2 0.4.4 -> 0.4.9
  • termcolor 1.1.0 -> 1.2.0
  • version_check 0.9.2 -> 0.9.4

@onur-ozkan onur-ozkan requested review from shamardy, cipig and smk762 May 31, 2023 15:16
@onur-ozkan
Copy link
Member Author

It would be great if you can do some general testing to see if things goes well as expected @cipig @smk762

@onur-ozkan onur-ozkan changed the title security related improvements fix(security): security related improvements May 31, 2023
@onur-ozkan onur-ozkan changed the title fix(security): security related improvements fix(security): improvements May 31, 2023
@onur-ozkan

This comment was marked as resolved.

@onur-ozkan onur-ozkan added the in progress Changes will be made from the author label May 31, 2023
Signed-off-by: ozkanonur <[email protected]>
Signed-off-by: ozkanonur <[email protected]>
@onur-ozkan onur-ozkan added under review and removed in progress Changes will be made from the author labels Jun 1, 2023
Signed-off-by: ozkanonur <[email protected]>
Signed-off-by: ozkanonur <[email protected]>
Copy link
Collaborator

@shamardy shamardy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fixes! LGTM but I have 2 questions. Will approve once they are answered :)
I added some comments about added deps too so that I can remember to add them to the commit message.

@@ -3918,10 +3868,10 @@ dependencies = [
]

[[package]]
name = "mach"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure? Seems this Cargo.lock file isn't in this branch

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's in this branch, but I just noticed that It's the adex-cli Cargo.lock file. Should we update it too in this PR?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not in the mm2 workspace, I think we shouldn't do it in this PR.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we shouldn't do it in this PR.

Agreed

@rozhkovdmitrii I will leave this comment to you with the related advisory RUSTSEC-2020-0168 so that you can update it for cli in the future if you think it's important.

Cargo.lock Show resolved Hide resolved
Cargo.lock Show resolved Hide resolved
Cargo.lock Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants