Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace sized-chunks and upgrade crossbeam-channel as reported by cargo audit #2264

Closed
doitian opened this issue Sep 7, 2020 · 1 comment
Closed

Replace sized-chunks and upgrade crossbeam-channel as reported by cargo audit #2264

doitian opened this issue Sep 7, 2020 · 1 comment
Assignees
@yangby-cryptape
Labels
t:enhancement Type: Feature, refactoring. urgent Has an upcoming deadline

Comments

@doitian
Copy link
Member

doitian commented Sep 7, 2020 

error: Vulnerable crates found!
ID:       RUSTSEC-2020-0041
Crate:    sized-chunks
Version:  0.1.2
Date:     2020-09-06
URL:      https://rustsec.org/advisories/RUSTSEC-2020-0041
Title:    Multiple soundness issues in Chunk and InlineArray
Solution:  No safe upgrade is available!
Dependency tree: 
sized-chunks 0.1.2
ID:       RUSTSEC-2020-0041
Crate:    sized-chunks
Version:  0.6.2
Date:     2020-09-06
URL:      https://rustsec.org/advisories/RUSTSEC-2020-0041
Title:    Multiple soundness issues in Chunk and InlineArray
Solution:  No safe upgrade is available!
Dependency tree: 
sized-chunks 0.6.2
error: 1 warning found
Crate:    crossbeam-channel
Version:  0.4.3
Warning:  package has been yanked!
Dependency tree: 
crossbeam-channel 0.4.3

CKB itself locks crossbeam-channel at 0.3.9. The version 0.4.3 is a dependency of atomic-shim. The following command can upgrade only crossbeam-channel 0.4.3

cargo update -p crossbeam-channel:0.4.3

Since "No safe upgrade is available!" for sized-chunks, we have to find an alternative crate or write one ourselves.
@doitian doitian added urgent Has an upcoming deadline t:enhancement Type: Feature, refactoring. labels Sep 7, 2020
This was referenced Sep 7, 2020
Closed
Merged
@yangby-cryptape
Copy link
Collaborator

Ref: #2266

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yangby-cryptape yangby-cryptape

Labels
t:enhancement Type: Feature, refactoring. urgent Has an upcoming deadline
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doitian @yangby-cryptape