Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump quinn-proto to 0.11.8 for cargo audit pass #16419

Merged
merged 1 commit into from
Sep 9, 2024
Merged

chore: bump quinn-proto to 0.11.8 for cargo audit pass #16419

merged 1 commit into from
Sep 9, 2024

Conversation

dqhl76
Copy link
Collaborator

@dqhl76 dqhl76 commented Sep 8, 2024
edited by drmingdrmer
Loading

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

cargo audit block CI, try solve it

==> build-tool using image runner/build-tool:dev-nightly-2024-07-02
    Fetching advisory database from `[https://github.com/RustSec/advisory-db.git`](https://github.com/RustSec/advisory-db.git%60)
      Loaded 658 security advisories (from ./target/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1413 crate dependencies)
Crate:     quinn-proto
Version:   0.11.6
Title:     `Endpoint::retry()` calls can lead to panicking
Date:      2024-09-02
ID:        RUSTSEC-2024-0373
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0373
Severity:  7.5 (high)
Solution:  Upgrade to >=0.11.7

Tests

  • Unit Test
  • Logic Test
  • Benchmark Test
  • No Test - Explain why

Type of change

  • Bug Fix (non-breaking change which fixes an issue)
  • New Feature (non-breaking change which adds functionality)
  • Breaking Change (fix or feature that could cause existing functionality not to work as expected)
  • Documentation Update
  • Refactoring
  • Performance Improvement
  • Other (chore bump version):

This change is Reviewable

@github-actions github-actions bot added the pr-chore this PR only has small changes that no need to record, like coding styles. label Sep 8, 2024
@dqhl76 dqhl76 marked this pull request as ready for review September 8, 2024 17:01
@dosubot dosubot bot added size:XS This PR changes 0-9 lines, ignoring generated files. dependencies Pull requests that update a dependency file labels Sep 8, 2024
@BohuTANG BohuTANG requested a review from Xuanwo September 9, 2024 00:59
Xuanwo
Xuanwo approved these changes Sep 9, 2024
View reviewed changes
Copy link
Member

@Xuanwo Xuanwo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Sep 9, 2024
@dqhl76 dqhl76 added this pull request to the merge queue Sep 9, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Sep 9, 2024
@dqhl76 dqhl76 added this pull request to the merge queue Sep 9, 2024
@Xuanwo
Copy link
Member

Xuanwo commented Sep 9, 2024
edited
Loading

cc @BohuTANG, please merge this PR manually. Our merge queue consistently fails due to a check on the main branch.

@dqhl76 dqhl76 removed this pull request from the merge queue due to a manual request Sep 9, 2024
@zhang2014 zhang2014 merged commit aa0c9ea into databendlabs:main Sep 9, 2024
98 checks passed
@dqhl76 dqhl76 deleted the fix-audit branch September 14, 2024 05:37
@andylokandy andylokandy mentioned this pull request Oct 15, 2024
Merged
11 tasks
@andylokandy andylokandy mentioned this pull request Oct 25, 2024
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TCeason TCeason TCeason approved these changes

@Xuanwo Xuanwo Xuanwo approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file lgtm This PR has been approved by a maintainer pr-chore this PR only has small changes that no need to record, like coding styles. size:XS This PR changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dqhl76 @Xuanwo @TCeason @zhang2014