Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo update #145

Merged
merged 3 commits into from
Dec 10, 2024
Merged

cargo update #145

merged 3 commits into from
Dec 10, 2024

Conversation

Mr-Kanister
Copy link
Contributor

Updates some dependencies. Unfortunately won't fix our Dependabot security issue as of this dependency:

hashbrown v0.12.3
└── indexmap v1.9.3
    └── tower v0.4.13
        └── tonic v0.12.3
            ├── backend-daemon v0.1.0 (./rust/backend/daemon)
            ├── client v0.1.0 (./rust/client)
            └── shared v0.1.0 (./rust/shared)
                ├── backend-daemon v0.1.0 (./rust/backend/daemon)
                └── client v0.1.0 (./rust/client)

@BenediktZinn
Copy link
Contributor

If tonic is dependent on something that has a known vulnerability, i am sure that will be resolved in the not too distant future

@Mr-Kanister
Copy link
Contributor Author

There's no issue at their side...
https://github.com/hyperium/tonic/issues?q=is%3Aissue+is%3Aopen+hashbrown

Mr-Kanister and others added 2 commits December 10, 2024 13:18
@Mr-Kanister @fhilgers
cargo update
ce77c52 
Signed-off-by: Mr-Kanister <[email protected]>
@fhilgers
build: update rust deps with Cargo.toml
b59f1be 
Signed-off-by: Felix Hilgers <[email protected]>
@fhilgers
Copy link
Collaborator

The problem with hashbrown is already fixed in our dev branch. Still updating dependencies should be done.

@fhilgers
Copy link
Collaborator

There's no issue at their side... https://github.com/hyperium/tonic/issues?q=is%3Aissue+is%3Aopen+hashbrown

tonic depends on an hashbrown with semantic version 0.12, aya was the problem which did depend on semantic version 0.15 and thus pulled 0.15.1, this was already changed by a pr adding the object crate to our dependencies.

@fhilgers
fix: backend/daemon buildscript
0e7c9f3 
Signed-off-by: Felix Hilgers <[email protected]>
@Mr-Kanister Mr-Kanister merged commit c54f904 into dev Dec 10, 2024
7 checks passed
@Mr-Kanister Mr-Kanister deleted the cargo-update branch December 10, 2024 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BenediktZinn BenediktZinn BenediktZinn approved these changes

@fhilgers fhilgers fhilgers approved these changes

@ffranzgitHub ffranzgitHub Awaiting requested review from ffranzgitHub

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Mr-Kanister @BenediktZinn @fhilgers