Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix: Fix cargo audit warnings #5183

Merged
merged 3 commits into from
Oct 23, 2024
Merged

fix: Fix cargo audit warnings #5183

merged 3 commits into from
Oct 23, 2024

Conversation

dima74
Copy link
Contributor

@dima74 dima74 commented Oct 22, 2024

Fixes #5172

cargo audit founds 4 warnings and no critical errors.

  • RUSTSEC-2024-0370 proc-macro-error is unmaintained
proc-macro-error 1.0.4
└── syn_derive 0.1.8
    └── borsh-derive 1.5.1
        └── borsh 1.5.1
            └── rust_decimal 1.36.0

This is a false-positive caused by Cargo.lock containing optional dependencies. However I noticed that we have dependency byte-unit used only once in bench code. I removed this dependency and the warning disappears

  • Two warnings related to atty:
    • RUSTSEC-2024-0375 atty is unmaintained
    • RUSTSEC-2021-0145 Potential unaligned read
atty 0.2.14
└── supports-color 1.3.1
    └── owo-colors 3.5.0

Fix: Update owo-colors to v4

  • futures-util 0.3.30 is yanked

Fix: Update to 0.3.31

dima74 added 3 commits October 22, 2024 22:00
@dima74
Remove byte-unit dependency
d6fa9fd 
Signed-off-by: Dmitry Murzin <diralik@yandex.ru>
@dima74
Update owo-colors to 4.1.0
9295922 
Signed-off-by: Dmitry Murzin <diralik@yandex.ru>
@dima74
Update futures to 0.3.31
20bd314 
Signed-off-by: Dmitry Murzin <diralik@yandex.ru>
@dima74 dima74 self-assigned this Oct 22, 2024
@dima74 dima74 changed the title Fix cargo audit warnings fix: Fix cargo audit warnings Oct 22, 2024
@mversic mversic merged commit 34b5655 into hyperledger-iroha:main Oct 23, 2024
14 checks passed
@dima74 dima74 deleted the diralik/fix-cargo-audit branch October 23, 2024 08:08
aoyako pushed a commit to aoyako/iroha that referenced this pull request Oct 23, 2024
@dima74 @aoyako
fix: Fix cargo audit warnings (hyperledger-iroha#5183)
0fa30fc 
* Remove `byte-unit` dependency
* Update `owo-colors` to 4.1.0
* Update `futures` to 0.3.31

---------

Signed-off-by: Dmitry Murzin <diralik@yandex.ru>
Signed-off-by: Lohachov Mykhailo <lohachov@soramitsu.co.jp>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@nxsaken nxsaken nxsaken approved these changes

@mversic mversic mversic approved these changes

@s8sato s8sato Awaiting requested review from s8sato s8sato is a code owner

@SamHSmith SamHSmith Awaiting requested review from SamHSmith

@outoftardis outoftardis Awaiting requested review from outoftardis outoftardis is a code owner

@0x009922 0x009922 Awaiting requested review from 0x009922 0x009922 is a code owner

@DCNick3 DCNick3 Awaiting requested review from DCNick3 DCNick3 is a code owner

Assignees

@dima74 dima74

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Run cargo audit and fix reports
3 participants
@dima74 @nxsaken @mversic