Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: use forked metrics and forked sentry to fix RUSTSEC-2020-0041 temporarily #2266

Merged
merged 4 commits into from
Sep 11, 2020

Conversation

@@ -31,8 +27,6 @@ impl SentryConfig {
scope.set_extra("org_contact", org_contact.clone().into());
}
});

register_panic_handler();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How the sentry panic handler is registered in the new version?

Copy link
Collaborator Author

@yangby-cryptape yangby-cryptape Sep 8, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. I'm verifying it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

doitian
doitian previously approved these changes Sep 8, 2020
driftluo
driftluo previously approved these changes Sep 8, 2020
@yangby-cryptape
Copy link
Collaborator Author

bors merge

bors bot added a commit that referenced this pull request Sep 8, 2020
2266: fix: use forked metrics and forked sentry to fix RUSTSEC-2020-0041 temporarily r=yangby-cryptape a=yangby-cryptape

### Commits

- [chore(deps): bump crossbeam-channel from 0.4.3 to 0.4.4](728f5c3)
- [chore: remove direct dependencies of metrics exporters and observers](de3173a)
- [chore(deps): bump sentry from 0.16.0 to 0.19.1](e6b00c5)
  - [The module `sentry::internals` was deprecated.](https://github.com/getsentry/sentry-rust/blob/0.19.1/sentry/src/lib.rs#L133)
  - [`Sentry` will set itself as the panic handler automatically on setup, so no need to do that manually](../../../../getsentry/sentry-rust/issues/235#issuecomment-654832365)
- [chore: replace several dependencies sentry by sentry-core and sentry-log](80af819)
- [fix: use patched versions of metrics and sentry to fix RUSTSEC-2020-0041 temporarily](1eb9e0b)
  - [Changes of forked `metrics`](nervosnetwork/sentry-rust@1cdb9ff)
  - [Changes of forked `sentry`](nervosnetwork/metrics-rs@4fd13f6)

### References

- [RUSTSEC-2020-0041](../../../../rustsec/advisory-db/pull/381)

Co-authored-by: Boyu Yang <[email protected]>
@bors
Copy link
Contributor

bors bot commented Sep 8, 2020

Build failed:

@yangby-cryptape
Copy link
Collaborator Author

bors retry

bors bot added a commit that referenced this pull request Sep 8, 2020
2266: fix: use forked metrics and forked sentry to fix RUSTSEC-2020-0041 temporarily r=yangby-cryptape a=yangby-cryptape

### Commits

- [chore(deps): bump crossbeam-channel from 0.4.3 to 0.4.4](728f5c3)
- [chore: remove direct dependencies of metrics exporters and observers](de3173a)
- [chore(deps): bump sentry from 0.16.0 to 0.19.1](e6b00c5)
  - [The module `sentry::internals` was deprecated.](https://github.com/getsentry/sentry-rust/blob/0.19.1/sentry/src/lib.rs#L133)
  - [`Sentry` will set itself as the panic handler automatically on setup, so no need to do that manually](../../../../getsentry/sentry-rust/issues/235#issuecomment-654832365)
- [chore: replace several dependencies sentry by sentry-core and sentry-log](80af819)
- [fix: use patched versions of metrics and sentry to fix RUSTSEC-2020-0041 temporarily](1eb9e0b)
  - [Changes of forked `metrics`](nervosnetwork/sentry-rust@1cdb9ff)
  - [Changes of forked `sentry`](nervosnetwork/metrics-rs@4fd13f6)

### References

- [RUSTSEC-2020-0041](../../../../rustsec/advisory-db/pull/381)

Co-authored-by: Boyu Yang <[email protected]>
@bors
Copy link
Contributor

bors bot commented Sep 8, 2020

Build failed:

  • continuous-integration/travis-ci/push

@yangby-cryptape
Copy link
Collaborator Author

yangby-cryptape commented Sep 9, 2020

The last force-pushed replace bump sentry from 0.16.0 to 0.19.1 by bump sentry from 0.16.0 to 0.17.0.
Since ckb with sentry >=0.18.0,<=0.19.1 could NOT pass integration tests on MacOS in Travis CI.
(The underlying issue I found was that sync could be stopped randomly.)

I don't have Mac, so it's too hard to debug it for me via Travis CI. I gave up!
Maybe someone who has Mac could continue debugging to figure out the reason.
sentry will fix their latest version (0.19.x), it has been in progress.

@doitian
Copy link
Member

doitian commented Sep 11, 2020

bors retry

@bors
Copy link
Contributor

bors bot commented Sep 11, 2020

Build succeeded:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants