From d20668ba319d2e12486aee501e2506f17b8e381d Mon Sep 17 00:00:00 2001 From: "D.S. Ljungmark" Date: Wed, 5 Jan 2022 17:34:13 +0100 Subject: [PATCH 1/2] Fix RUSTSEC-2020-0077 by replacing memmap with memmap2 This replaces the unmaintained memmap crate with the memmap2 crate in order to fix the recurring security issue. In order to get a new and shiny build with the updated dependency, we have to bump the patch version of the package. Some details here: https://github.com/danburkert/memmap-rs/issues/90 --- Cargo.toml | 4 ++-- src/disk/index.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 5316d1c..301ceee 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "segments" -version = "0.3.0" +version = "0.3.1" authors = ["tekjar "] edition = "2018" license = "Apache-2.0" @@ -12,7 +12,7 @@ description = "kafka inspired rumqtt's mqtt commitlog" [dependencies] fnv = "1" byteorder = "1.3" -memmap = "0.7" +memmap2 = "0.5" log = "0.4" [dev-dependencies] diff --git a/src/disk/index.rs b/src/disk/index.rs index 3eba6c0..4996d1f 100644 --- a/src/disk/index.rs +++ b/src/disk/index.rs @@ -1,5 +1,5 @@ use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; -use memmap::MmapMut; +use memmap2::MmapMut; use std::fs::{File, OpenOptions}; use std::io::{self, Write}; use std::path::{Path, PathBuf}; From 1b24a1ff38d84b19ea551d878bd38cfd3b00e9f3 Mon Sep 17 00:00:00 2001 From: "D.S. Ljungmark" Date: Wed, 5 Jan 2022 17:41:44 +0100 Subject: [PATCH 2/2] Bump pretty_assertions to a more recent version This fixes an audit warning due to the old pretty_assertions depending on an unmaintained and apparently security vulnerable package. By simply updating pretty_assertions to the stable 1.0 release, that is fixed neatly. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 301ceee..372899a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,4 +17,4 @@ log = "0.4" [dev-dependencies] tempfile = "3.1" -pretty_assertions = "0.6" +pretty_assertions = "1"