Skip to content

stronghold-runtime v2.0.0-rc.0

Compare
Choose a tag to compare
@github-actions github-actions released this 03 Jul 12:57
87d0ae0

Updating crates.io index

Cargo Audit

\`
Fetching advisory database from https://github.com/RustSec/advisory-db.git
Loaded 553 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (258 crate dependencies)
Crate: json
Version: 0.12.4
Warning: unmaintained
Title: json is unmaintained
Date: 2022-02-01
ID: RUSTSEC-2022-0081
URL: https://rustsec.org/advisories/RUSTSEC-2022-0081
Dependency tree:
json 0.12.4
└── stronghold_engine 2.0.0-rc.0
├── stronghold_native 0.1.0
└── iota_stronghold 2.0.0-rc.0
├── stronghold_native 0.1.0
└── stronghold-derive 1.0.0
├── stronghold-utils 1.0.0
│ ├── stronghold_engine 2.0.0-rc.0
│ └── iota_stronghold 2.0.0-rc.0
└── iota_stronghold 2.0.0-rc.0

Crate: atty
Version: 0.2.14
Warning: unsound
Title: Potential unaligned read
Date: 2021-07-04
ID: RUSTSEC-2021-0145
URL: https://rustsec.org/advisories/RUSTSEC-2021-0145
Dependency tree:
atty 0.2.14
├── env_logger 0.9.3
│ ├── stronghold_native 0.1.0
│ ├── stronghold-runtime 2.0.0-rc.0
│ │ └── stronghold_engine 2.0.0-rc.0
│ │ ├── stronghold_native 0.1.0
│ │ └── iota_stronghold 2.0.0-rc.0
│ │ ├── stronghold_native 0.1.0
│ │ └── stronghold-derive 1.0.0
│ │ ├── stronghold-utils 1.0.0
│ │ │ ├── stronghold_engine 2.0.0-rc.0
│ │ │ └── iota_stronghold 2.0.0-rc.0
│ │ └── iota_stronghold 2.0.0-rc.0
│ └── iota_stronghold 2.0.0-rc.0
├── criterion 0.4.0
│ ├── stronghold_engine 2.0.0-rc.0
│ ├── stronghold-runtime 2.0.0-rc.0
│ └── iota_stronghold 2.0.0-rc.0
└── clap 3.2.25
├── iota_stronghold 2.0.0-rc.0
└── criterion 0.4.0

warning: 2 allowed warnings found
\`

[2.0.0-rc.0]

  • 12ce12fe Secp256k1 ECDSA + SLIP-10 support added.
    Bump iota-crypto version to 0.21.2.
  • 1e72f00f(#474) Upgraded snapshot format to age-encryption.org/v1 with password-based recipient stanza. This resolves the issue with the previous snapshot format encryption being insecure if used with weak passwords. Snapshot encryption doesn't use associated data.
    Added sensitive data zeroization which would otherwise leak in stack and heap memory in plaintext after use.
    KeyProvider unsafe constructors with_passphrase_truncated, with_passphrase_hashed_argon2 were removed, with_passphrase_hashed constructor should be used instead.

Cargo Publish

\`
Updating crates.io index
Packaging stronghold-runtime v2.0.0-rc.0 (/home/runner/work/stronghold.rs/stronghold.rs/engine/runtime)
Packaged 42 files, 164.3KiB (38.4KiB compressed)
Uploading stronghold-runtime v2.0.0-rc.0 (/home/runner/work/stronghold.rs/stronghold.rs/engine/runtime)
warning: the following are not valid category slugs and were ignored: security. Please see https://crates.io/category_slugs for the list of all category slugs.
Uploaded stronghold-runtime v2.0.0-rc.0 to registry crates-io
note: Waiting for stronghold-runtime v2.0.0-rc.0 to be available at registry crates-io.
You may press ctrl-c to skip waiting; the crate should be available shortly.
Published stronghold-runtime v2.0.0-rc.0 at registry crates-io
\`