Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump ruzstd from 0.7.2 to 0.7.3 #16969

Merged
merged 1 commit into from
Nov 29, 2024
Merged

chore: bump ruzstd from 0.7.2 to 0.7.3 #16969

merged 1 commit into from
Nov 29, 2024

Conversation

dqhl76
Copy link
Collaborator

@dqhl76 dqhl76 commented Nov 29, 2024
edited
Loading

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

0.7.3: Security update, unsoundness in RingBuffer

cargo audit --db ./target/advisory-db
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 689 security advisories (from ./target/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1346 crate dependencies)
Crate:     ruzstd
Version:   0.7.2
Title:     `ruzstd` uninit and out-of-bounds memory reads
Date:      2024-11-28
ID:        RUSTSEC-2024-0400
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0400
Solution:  Upgrade to >=0.7.3

This block our CI

Tests

  • Unit Test
  • Logic Test
  • Benchmark Test
  • No Test - simple dep update

Type of change

  • Bug Fix (non-breaking change which fixes an issue)
  • New Feature (non-breaking change which adds functionality)
  • Breaking Change (fix or feature that could cause existing functionality not to work as expected)
  • Documentation Update
  • Refactoring
  • Performance Improvement
  • Other (dep update):

This change is Reviewable

@dqhl76 dqhl76 marked this pull request as ready for review November 29, 2024 02:18
@github-actions github-actions bot added the pr-chore this PR only has small changes that no need to record, like coding styles. label Nov 29, 2024
@dqhl76 dqhl76 enabled auto-merge November 29, 2024 02:46
@dqhl76 dqhl76 added this pull request to the merge queue Nov 29, 2024
Merged via the queue into databendlabs:main with commit b5e8f92 Nov 29, 2024
81 checks passed
@dqhl76 dqhl76 deleted the fix-sec branch November 29, 2024 03:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zhang2014 zhang2014 zhang2014 approved these changes

Assignees
No one assigned
Labels
pr-chore this PR only has small changes that no need to record, like coding styles.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dqhl76 @zhang2014