Get the audit CI job passing #2151

jyn514 · 2021-12-07T20:54:35Z

Note that I didn't say "fix the vulnerabilities" - this just ignores the chrono and time vulnerabilities because they're both very hard to fix and not very common in practice.

This uncovered a tokio vulnerability, which I've fixed by upgrading tokio.

cc #2117

This fixes the following `cargo audit` warning: ``` Crate: tokio Version: 1.13.0 Title: Data race when sending and receiving after closing a `oneshot` channel Date: 2021-11-16 ID: RUSTSEC-2021-0124 URL: https://rustsec.org/advisories/RUSTSEC-2021-0124 Solution: Upgrade to >=1.8.4, <1.9.0 OR >=1.13.1 ``` Versions changed: ``` Updating tokio v1.13.0 -> v1.14.0 Updating tokio-macros v1.5.1 -> v1.6.0 ```

These can't be fixed for now, and are causing us to miss more important audit vulnerabilities.

jyn514 requested a review from a team as a code owner December 7, 2021 20:54

Ignore warnings about localtime_r not actually being threadsafe

071e19b

These can't be fixed for now, and are causing us to miss more important audit vulnerabilities.

jyn514 force-pushed the jnelson/audit branch from f694eb2 to 071e19b Compare December 7, 2021 20:54

taylorlee approved these changes Dec 10, 2021

View reviewed changes

Merge branch 'master' into jnelson/audit

89a9ad2

threepointone approved these changes Dec 13, 2021

View reviewed changes

threepointone merged commit f41ec5e into master Dec 13, 2021

delete-merged-branch bot deleted the jnelson/audit branch December 13, 2021 09:19

threepointone mentioned this pull request Dec 16, 2021

1.19.6 #2159

Merged

This pull request was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Get the audit CI job passing #2151

Get the audit CI job passing #2151

jyn514 commented Dec 7, 2021

Get the audit CI job passing #2151

Get the audit CI job passing #2151

Conversation

jyn514 commented Dec 7, 2021