Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump rustls to 0.21.11 #918

Merged
merged 1 commit into from
Apr 19, 2024
Merged

chore: bump rustls to 0.21.11 #918

merged 1 commit into from
Apr 19, 2024

Conversation

yihau
Copy link
Member

@yihau yihau commented Apr 19, 2024
edited
Loading

Problem

solve the audit report

Crate:     rustls
Version:   0.21.10
Title:     `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input
Date:      2024-04-19
ID:        RUSTSEC-2024-0336
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0336
Severity:  7.5 (high)
Solution:  Upgrade to >=0.23.5 OR >=0.22.4, <0.23.0 OR >=0.21.11, <0.22.0
Dependency tree:
rustls 0.21.10

@yihau yihau changed the title chore: bump rustls to 0.21.11 chore: bump rustls to 0.21.11 and h2 to 0.3.26 Apr 19, 2024
@yihau yihau changed the title chore: bump rustls to 0.21.11 and h2 to 0.3.26 chore: bump rustls to 0.21.11 Apr 19, 2024
@yihau yihau added automerge automerge Merge this Pull Request automatically once CI passes v1.17 v1.18 labels Apr 19, 2024
@mergify Mergify
Copy link

mergify bot commented Apr 19, 2024

Backports to the stable branch are to be avoided unless absolutely necessary for fixing bugs, security issues, and perf regressions. Changes intended for backport should be structured such that a minimum effective diff can be committed separately from any refactoring, plumbing, cleanup, etc that are not strictly necessary to achieve the goal. Any of the latter should go only into master and ride the normal stabilization schedule.

@mergify Mergify
Copy link

mergify bot commented Apr 19, 2024

Backports to the beta branch are to be avoided unless absolutely necessary for fixing bugs, security issues, and perf regressions. Changes intended for backport should be structured such that a minimum effective diff can be committed separately from any refactoring, plumbing, cleanup, etc that are not strictly necessary to achieve the goal. Any of the latter should go only into master and ride the normal stabilization schedule. Exceptions include CI/metrics changes, CLI improvements and documentation updates on a case by case basis.

@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.8%. Comparing base (f121f73) to head (28b8d5f).
Report is 11 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##           master     #918     +/-   ##
=========================================
- Coverage    81.9%    81.8%   -0.1%     
=========================================
  Files         853      853             
  Lines      231779   231782      +3     
=========================================
- Hits       189829   189828      -1     
- Misses      41950    41954      +4

@yihau yihau requested review from t-nelson and lijunwangs April 19, 2024 18:45
t-nelson
t-nelson approved these changes Apr 19, 2024
View reviewed changes
Copy link

@t-nelson t-nelson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@mergify mergify bot merged commit a20e004 into anza-xyz:master Apr 19, 2024
52 checks passed
mergify bot pushed a commit that referenced this pull request Apr 19, 2024
@yihau @mergify
chore: bump rustls to 0.21.11 (#918)
0c8af12 
(cherry picked from commit a20e004)

# Conflicts:
#	Cargo.lock
#	Cargo.toml
#	programs/sbf/Cargo.lock
@mergify mergify bot mentioned this pull request Apr 19, 2024
Closed
mergify bot pushed a commit that referenced this pull request Apr 19, 2024
@yihau @mergify
chore: bump rustls to 0.21.11 (#918)
f7cc02e 
(cherry picked from commit a20e004)
@mergify mergify bot mentioned this pull request Apr 19, 2024
Merged
@yihau yihau deleted the audit-rustls branch April 20, 2024 04:38
lijunwangs pushed a commit that referenced this pull request Apr 23, 2024
@mergify @yihau
v1.18: chore: bump rustls to 0.21.11 (backport of #918) (#931)
5485ec1 
chore: bump rustls to 0.21.11 (#918)

(cherry picked from commit a20e004)

Co-authored-by: Yihau Chen <[email protected]>
anwayde pushed a commit to firedancer-io/agave that referenced this pull request Jul 23, 2024
@mergify @yihau
v1.18: chore: bump rustls to 0.21.11 (backport of anza-xyz#918) (anza…
ee712a0 
…-xyz#931)

chore: bump rustls to 0.21.11 (anza-xyz#918)

(cherry picked from commit a20e004)

Co-authored-by: Yihau Chen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brooksprumo brooksprumo brooksprumo approved these changes

@t-nelson t-nelson t-nelson approved these changes

@lijunwangs lijunwangs Awaiting requested review from lijunwangs

Assignees
No one assigned
Labels
automerge automerge Merge this Pull Request automatically once CI passes v1.18
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yihau @codecov-commenter @t-nelson @brooksprumo