Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update openssl crate for RUSTSEC-2023-0072 #7083

Merged
merged 3 commits into from
Dec 4, 2023
Merged

Update openssl crate for RUSTSEC-2023-0072 #7083

merged 3 commits into from
Dec 4, 2023

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Nov 29, 2023
edited by zenmonkeykstop
Loading

Status

Ready for review

Description of Changes

  • Have cargo audit error on all warnings, not just some
  • Update openssl crate for RUSTSEC-2023-0072 (note that we aren't affected)
  • Fix new Rust warning about wrong resolver version

Testing

How should the reviewer test this PR?

  • CI passes
  • make rust-audit is clean

Deployment

Any special considerations for deployment? No

Checklist

  • Linting (make lint) and tests (make test) pass in the development container

@legoktm
Have cargo audit error on all warnings, not just some
ceec24c 
We weren't failing on unsound advisories, like the openssl crate's
RUSTSEC-2023-0072.
@legoktm
Update openssl crate for RUSTSEC-2023-0072
b1ef039 
sequoia-openpgp doesn't actually use the vulnerable
`X509StoreRef::objects` function, but it's a pretty straightforward
upgrade with no auditing required so let's do it.
@legoktm
Fix new Rust warning about wrong resolver version
20d1ef4 
> warning: virtual workspace defaulting to `resolver = "1"` despite one
> or more workspace members being on edition 2021 which implies
> `resolver = "2"`
> note: to keep the current resolver, specify `workspace.resolver = "1"`
> in the workspace root's manifest
> note: to use the edition 2021 resolver, specify `workspace.resolver =
> "2"` in the workspace root's manifest
> note: for more details see https://doc.rust-lang.org/cargo/reference/
> resolver.html#resolver-versions

So just set resolver = "2" in the root Cargo.toml, as instructed.
@legoktm legoktm requested a review from a team as a code owner November 29, 2023 16:57
zenmonkeykstop
zenmonkeykstop approved these changes Dec 4, 2023
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zenmonkeykstop zenmonkeykstop merged commit d122d38 into develop Dec 4, 2023
@zenmonkeykstop zenmonkeykstop deleted the openssl-RUSTSEC-2023-0072 branch December 4, 2023 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@legoktm @zenmonkeykstop