Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: fix audit #32932

Merged
merged 2 commits into from
Aug 22, 2023
Merged

ci: fix audit #32932

merged 2 commits into from
Aug 22, 2023

Conversation

yihau
Copy link
Member

@yihau yihau commented Aug 22, 2023

Summary of Changes

  • bump rustl-webpki to 0.101.4
  • ignore RUSTSEC-2023-0052 temporarily

@yihau yihau mentioned this pull request Aug 22, 2023
4 tasks
@yihau yihau marked this pull request as ready for review August 22, 2023 15:19
@yihau
Copy link
Member Author

yihau commented Aug 22, 2023

we can ignore the regression program count error. it's not related to this PR.

@yihau yihau requested a review from t-nelson August 22, 2023 16:59
@t-nelson
Copy link
Contributor

we can ignore the regression program count error. it's not related to this PR.

you sure this didn't somehow trigger more builds? i wouldn't expect webpki to be linked into any bpf stuff, but i've seen dumber occurrences

@yihau
Copy link
Member Author

yihau commented Aug 22, 2023

yeah. tbh I had a PR yesterday to increase the number to 18 #32922. I just forgot to rebase this one before I open it 😢
(I can rebase this one for ensuring we're safe)

Copy link
Contributor

@t-nelson t-nelson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@yihau yihau merged commit e4a2d14 into solana-labs:master Aug 22, 2023
@yihau yihau deleted the fix-audit branch August 22, 2023 17:23
@t-nelson
Copy link
Contributor

yeah. tbh I had a PR yesterday to increase the number to 18 #32922. I just forgot to rebase this one before I open it 😢 (I can rebase this one for ensuring we're safe)

so tempted...
Screenshot from 2023-08-22 11-40-52

@mvines
Copy link
Member

mvines commented Aug 23, 2023

It looks like v1.16 is also affected by this issue? seems like #32943, on v1.16, just failed due to this too. Backport to v1.16?

@yihau
Copy link
Member Author

yihau commented Aug 23, 2023

yeah my bad! thank you for pointing this out!

@willhickey willhickey added the v1.16 PRs that should be backported to v1.16 label Aug 25, 2023
mergify bot pushed a commit that referenced this pull request Aug 25, 2023
* ci: bump rustls-webpki to 0.101.4

* ci: ignore RUSTSEC-2023-0052

(cherry picked from commit e4a2d14)

# Conflicts:
#	Cargo.lock
#	ci/do-audit.sh
#	programs/sbf/Cargo.lock
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
v1.16 PRs that should be backported to v1.16
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants