From 9864037c1b7f3a5ffba7879b65df221a909dc96c Mon Sep 17 00:00:00 2001 From: Yihau Chen Date: Wed, 23 Aug 2023 01:23:18 +0800 Subject: [PATCH] ci: fix audit (#32932) * ci: bump rustls-webpki to 0.101.4 * ci: ignore RUSTSEC-2023-0052 (cherry picked from commit e4a2d14c4e2da46e0069e36cbae610d9f9693622) # Conflicts: # Cargo.lock # ci/do-audit.sh # programs/sbf/Cargo.lock --- Cargo.lock | 13 +++++++++++++ ci/do-audit.sh | 5 +++++ programs/sbf/Cargo.lock | 13 +++++++++++++ 3 files changed, 31 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index 35848081d0e23b..ce1fe6b8218ba8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4438,6 +4438,19 @@ dependencies = [ ] [[package]] +<<<<<<< HEAD +======= +name = "rustls-webpki" +version = "0.101.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d" +dependencies = [ + "ring", + "untrusted", +] + +[[package]] +>>>>>>> e4a2d14c4e (ci: fix audit (#32932)) name = "rustversion" version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" diff --git a/ci/do-audit.sh b/ci/do-audit.sh index 1885a5928085c5..e9ec0a97868129 100755 --- a/ci/do-audit.sh +++ b/ci/do-audit.sh @@ -33,8 +33,13 @@ cargo_audit_ignores=( # https://github.com/solana-labs/solana/pull/32836 --ignore RUSTSEC-2022-0093 +<<<<<<< HEAD # webpki # https://github.com/solana-labs/solana/issues/32933 +======= + # webpki: CPU denial of service in certificate path building + # No fixed upgrade is available! +>>>>>>> e4a2d14c4e (ci: fix audit (#32932)) --ignore RUSTSEC-2023-0052 ) scripts/cargo-for-all-lock-files.sh audit "${cargo_audit_ignores[@]}" | $dep_tree_filter diff --git a/programs/sbf/Cargo.lock b/programs/sbf/Cargo.lock index 2716c435f2d4e8..afc54d2e08452c 100644 --- a/programs/sbf/Cargo.lock +++ b/programs/sbf/Cargo.lock @@ -4039,6 +4039,19 @@ dependencies = [ ] [[package]] +<<<<<<< HEAD +======= +name = "rustls-webpki" +version = "0.101.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d" +dependencies = [ + "ring", + "untrusted", +] + +[[package]] +>>>>>>> e4a2d14c4e (ci: fix audit (#32932)) name = "rustversion" version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index"