chore: bumping dependency `axum` to version 0.5.16 #1110

Will-Low · 2022-10-13T19:29:34Z

Motivation

There is a security vulnerability in the axum-core crate (RUSTSEC-2022-0055), which is used in axum and subsequently tonic.

I'm not sure if directly impacts tonic or not, but it may be related to #1097.

Solution

Proposing to upgrade the version of axum to 0.5.16, which contains the patched version of axum-core.

Security advisory RUSTSEC-2022-0055 was published for crate `axum-core`, which is used by `axum`, a `tonic` dependency. This issue is patched in `axum-core` 0.2.8, and in `axum` 0.5.16. Bumping the `axum` version to 0.5.16 to remove the dependency on the vulnerable version.

davidpdrsn · 2022-10-13T19:33:16Z

It doesn't impact tonic. See #1087

But @LucioFranco looks like #1088 went to 0.5.15 when it should have been 0.5.16 😅

LucioFranco · 2022-10-15T14:18:09Z

oh oops

Will-Low closed this Oct 13, 2022

Will-Low reopened this Oct 13, 2022

davidpdrsn approved these changes Oct 13, 2022

View reviewed changes

LucioFranco changed the title ~~tonic: bumping dependency axum to version 0.5.16~~ chore: bumping dependency axum to version 0.5.16 Oct 15, 2022

LucioFranco merged commit be1fe02 into hyperium:master Oct 15, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bumping dependency `axum` to version 0.5.16 #1110

chore: bumping dependency `axum` to version 0.5.16 #1110

Will-Low commented Oct 13, 2022

davidpdrsn commented Oct 13, 2022

LucioFranco commented Oct 15, 2022

chore: bumping dependency axum to version 0.5.16 #1110

chore: bumping dependency axum to version 0.5.16 #1110

Conversation

Will-Low commented Oct 13, 2022

Motivation

Solution

davidpdrsn commented Oct 13, 2022

LucioFranco commented Oct 15, 2022

chore: bumping dependency `axum` to version 0.5.16 #1110

chore: bumping dependency `axum` to version 0.5.16 #1110