Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update deps and fix cargo-deny config #550

Merged
merged 3 commits into from
Mar 7, 2025
Merged

chore: update deps and fix cargo-deny config #550

merged 3 commits into from
Mar 7, 2025

Conversation

tobz
Copy link
Member

@tobz tobz commented Mar 7, 2025

Summary

Two parts:

  • update dependencies (simple)
  • fix our cargo-deny configuration to compensate for two recent RUSTSEC advisories that we would dispute as being not relevant to us
    • paste is now "unmaintained", but it's been stable basically since it was created, so who cares?
    • protobuf has an issue related to uncontrolled recursion when decoding payloads, but we only use it for encoding payloads, and never for decoding

Change Type

  • Bug fix
  • New feature
  • Non-functional (chore, refactoring, docs)
  • Performance

How did you test this PR?

N/A

References

N/A

@tobz tobz added the type/chore Updates to dependencies or general "administrative" tasks necessary to maintain the codebase/repo. label Mar 7, 2025
@tobz tobz requested a review from a team as a code owner March 7, 2025 19:39
jszwedko
jszwedko approved these changes Mar 7, 2025
View reviewed changes
deny.toml
@@ -3,7 +3,10 @@ version = 2
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
yanked = "warn"
ignore = []
ignore = [
{ id = "RUSTSEC-2024-0436", reason = "paste is a stable crate and we do not consider it being unmaintained as a security risk" },
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL there is a reason field we can use in the ignore block.

@tobz
Copy link
Member Author

tobz commented Mar 7, 2025

/merge

@dd-devflow
Copy link

dd-devflow bot commented Mar 7, 2025
edited
Loading

View all feedbacks in Devflow UI.
2025-03-07 19:59:42 UTC ℹ️ Start processing command /merge

2025-03-07 19:59:48 UTC ℹ️ MergeQueue: pull request added to the queue

The median merge time in main is 0s.

2025-03-07 19:59:56 UTC ℹ️ MergeQueue: This merge request was already merged

This pull request was merged directly.

@tobz tobz merged commit 0552851 into main Mar 7, 2025
20 of 23 checks passed
@tobz tobz deleted the tobz/update-deps-fix-deny-20250307 branch March 7, 2025 19:59
@tobz
Copy link
Member Author

tobz commented Mar 7, 2025

/merge -c

@dd-devflow
Copy link

dd-devflow bot commented Mar 7, 2025
edited
Loading

View all feedbacks in Devflow UI.
2025-03-07 20:00:03 UTC ℹ️ Start processing command /merge -c
If you need support, contact us on Slack #devflow!

2025-03-07 20:00:05 UTCDevflow: /merge -c

This merge request was already processed and can't be unqueued anymore.

To get help about command usage, write /merge --help

If you need support, contact us on Slack #devflow with those details!

github-actions bot pushed a commit that referenced this pull request Mar 7, 2025
@tobz
chore: update deps and fix cargo-deny config (#550) 0552851
068ff32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jszwedko jszwedko jszwedko approved these changes

Assignees
No one assigned
Labels
mergequeue-status: done type/chore Updates to dependencies or general "administrative" tasks necessary to maintain the codebase/repo.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tobz @jszwedko