Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.4][Backport] Add RUSTSEC-2023-0056 to audit.toml #4096

Merged
merged 2 commits into from
Sep 11, 2023
Merged

[1.4][Backport] Add RUSTSEC-2023-0056 to audit.toml #4096

merged 2 commits into from
Sep 11, 2023

Conversation

roypat
Copy link
Contributor

@roypat roypat commented Sep 8, 2023

To solve a cargo audit on vm-memory<=0.12.1

Changes

...

Reason

...

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following
Developer Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • If a specific issue led to this PR, this PR closes the issue.
  • The description of changes is clear and encompassing.
  • Any required documentation changes (code and docs) are included in this PR.
  • API changes follow the Runbook for Firecracker API changes.
  • User-facing changes are mentioned in CHANGELOG.md.
  • All added/changed functionality is tested.
  • New TODOs link to an issue.
  • Commits meet contribution quality standards.
  • This functionality cannot be added in rust-vmm.

@roypat roypat force-pushed the vm-mem-0-12-2-for-1-4 branch from 270bd27 to 74ad3f7 Compare September 8, 2023 11:27
pb8o
pb8o previously approved these changes Sep 8, 2023
View reviewed changes
Copy link
Contributor

@pb8o pb8o left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you amend the PR description to make it clear that it is a backport to 1.4?

@roypat roypat changed the title chore: Update vm-memory to 0.12.2 [1.3][Backport]chore: Update vm-memory to 0.12.2 Sep 8, 2023
@roypat roypat changed the title [1.3][Backport]chore: Update vm-memory to 0.12.2 [1.4][Backport]chore: Update vm-memory to 0.12.2 Sep 8, 2023
@roypat roypat force-pushed the vm-mem-0-12-2-for-1-4 branch from 74ad3f7 to 323be20 Compare September 8, 2023 12:47
pb8o
pb8o previously approved these changes Sep 8, 2023
View reviewed changes
@roypat
Ignore RUSTSEC-2023-0056
3082caa 
2023-0056 is a low severity finding on vm-memory filed by us.  It
affects an API that is not used by firecracker, and which requires
inclusion of third-party dependents of vm-memory, which are not present
in firecracker.  We ignore this advisory, as updating to 0.12.2 would
require backporting the boilerplate introduced for updating to 0.11.0,
which adds significant overhead.

Signed-off-by: Patrick Roy <[email protected]>
@roypat roypat force-pushed the vm-mem-0-12-2-for-1-4 branch from 323be20 to 3082caa Compare September 11, 2023 10:28
@roypat roypat changed the title [1.4][Backport]chore: Update vm-memory to 0.12.2 [1.4][Backport] Add RUSTSEC-2023-0056 to audit.toml Sep 11, 2023
@roypat roypat added the Status: Awaiting review Indicates that a pull request is ready to be reviewed label Sep 11, 2023
@roypat roypat merged commit 92bbb05 into firecracker-microvm:firecracker-v1.4 Sep 11, 2023
@roypat roypat deleted the vm-mem-0-12-2-for-1-4 branch April 15, 2024 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pb8o pb8o pb8o approved these changes

@zulinx86 zulinx86 zulinx86 approved these changes

Assignees
No one assigned
Labels
Status: Awaiting review Indicates that a pull request is ready to be reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@roypat @zulinx86 @pb8o