Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix 3rd party vulnerabilities #2882

Closed
wants to merge 1 commit into from
Closed

Fix 3rd party vulnerabilities #2882

wants to merge 1 commit into from

Conversation

aamironov
Copy link

@aamironov aamironov commented Mar 11, 2024
edited
Loading

Describe your changes

List of fixed vulnerabilities with description:

Crate:     eyre
Version:   0.6.9
Title:     Parts of Report are dropped as the wrong type during downcast
Date:      2024-03-05
ID:        RUSTSEC-2024-0021
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0021

Crate:     h2
Version:   0.3.22
Title:     Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Date:      2024-01-17
ID:        RUSTSEC-2024-0003
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0003

Crate:     libgit2-sys
Version:   0.16.1+1.7.1
Title:     Memory corruption, denial of service, and arbitrary code execution in libgit2
Date:      2024-02-06
ID:        RUSTSEC-2024-0013
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0013
Severity:  8.6 (high)

Crate:     mio
Version:   0.8.10
Title:     Tokens for named pipes may be delivered after deregistration
Date:      2024-03-04
ID:        RUSTSEC-2024-0019
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0019

Crate:     serde-json-wasm
Version:   1.0.0
Title:     Stack overflow during recursive JSON parsing
Date:      2024-01-24
ID:        RUSTSEC-2024-0012
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0012

Crate:     shlex
Version:   1.2.0
Title:     Multiple issues involving quote API
Date:      2024-01-21
ID:        RUSTSEC-2024-0006
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0006

Indicate on which release or other PRs this topic is based on

Checklist before merging to draft

  • I have added a changelog
  • Git history is in acceptable state

@aamironov aamironov mentioned this pull request Mar 11, 2024
Closed
@quangtuyen88
Copy link

This is duplicated with #1023 and
#2860 (comment)

@codecov Codecov
Copy link

codecov bot commented Mar 11, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 53.88%. Comparing base (cc3edde) to head (ee1bc00).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2882      +/-   ##
==========================================
- Coverage   53.88%   53.88%   -0.01%     
==========================================
  Files         308      308              
  Lines      100154   100154              
==========================================
- Hits        53967    53966       -1     
- Misses      46187    46188       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@cwgoes
Copy link
Contributor

cwgoes commented Apr 29, 2024

Thanks for the contribution here; we need to do some cross-testing with dependency upgrades and will get to this soon.

@cwgoes cwgoes closed this Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aamironov @quangtuyen88 @cwgoes