Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: bumping dependency axum to version 0.5.16 #1110

Merged
merged 1 commit into from
Oct 15, 2022

Conversation

Will-Low
Copy link
Contributor

Motivation

There is a security vulnerability in the axum-core crate (RUSTSEC-2022-0055), which is used in axum and subsequently tonic.

I'm not sure if directly impacts tonic or not, but it may be related to #1097.

Solution

Proposing to upgrade the version of axum to 0.5.16, which contains the patched version of axum-core.

Security advisory RUSTSEC-2022-0055 was published for crate
`axum-core`, which is used by `axum`, a `tonic` dependency. This issue
is patched in `axum-core` 0.2.8, and in `axum` 0.5.16.

Bumping the `axum` version to 0.5.16 to remove the dependency on the
vulnerable version.
@Will-Low Will-Low closed this Oct 13, 2022
@Will-Low Will-Low reopened this Oct 13, 2022
@davidpdrsn
Copy link
Member

It doesn't impact tonic. See #1087

But @LucioFranco looks like #1088 went to 0.5.15 when it should have been 0.5.16 😅

@LucioFranco
Copy link
Member

oh oops

@LucioFranco LucioFranco changed the title tonic: bumping dependency axum to version 0.5.16 chore: bumping dependency axum to version 0.5.16 Oct 15, 2022
@LucioFranco LucioFranco merged commit be1fe02 into hyperium:master Oct 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants