Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable rustls warning until upgrade to v1.17 agave #33

Merged
merged 1 commit into from
Apr 23, 2024

Conversation

ebatsell
Copy link
Collaborator

Due to the below error, this package needs to be upgraded, and the old version is pinned in solana dependencies, however none of the solana 1.16 versions will get the upgrade. This repo will need its dependencies upgraded to v1.17 on the agave once the below PR is merged. Additionally, there may be issues with solana-program-test in 1.17 that will need to be worked out.

anza-xyz/agave#930

Run cargo audit --ignore RUSTSEC-2022-0093 --ignore RUSTSEC-2023-0065
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 621 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (63[4](https://github.com/jito-foundation/stakenet/actions/runs/8759384154/job/24042265021?pr=31#step:4:5) crate dependencies)
Crate:     rustls
Version:   0.20.9
error: 2 vulnerabilities found!
Title:     `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input
Date:      2024-04-19
ID:        RUSTSEC-2024-0336
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0336
Severity:  7.[5](https://github.com/jito-foundation/stakenet/actions/runs/8759384154/job/24042265021?pr=31#step:4:6) (high)
Solution:  Upgrade to >=0.23.5 OR >=0.22.4, <0.23.0 OR >=0.21.11, <0.22.0

@ebatsell ebatsell merged commit 7df6dcc into master Apr 23, 2024
6 checks passed
@ebatsell ebatsell deleted the disable-rustls-warning branch April 23, 2024 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant