Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update mio to 0.8.11 #60

Merged
merged 1 commit into from
Mar 4, 2024
Merged

update mio to 0.8.11 #60

merged 1 commit into from
Mar 4, 2024

Conversation

bw-solana
Copy link

@bw-solana bw-solana commented Mar 4, 2024

Problem

New security advisory popped up requiring moving from mio v0.8.8 to >= v0.8.11

Note: This appears to be a windows only vulnerability.

https://crates.io/crates/mio
https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md

Summary of Changes

Move to v0.8.11

@bw-solana bw-solana marked this pull request as ready for review March 4, 2024 18:54
@bw-solana bw-solana requested a review from CriesofCarrots March 4, 2024 18:54
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.8%. Comparing base (3f9a7a5) to head (dd81a3d).
Report is 1 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff            @@
##           master      #60     +/-   ##
=========================================
- Coverage    81.8%    81.8%   -0.1%     
=========================================
  Files         837      837             
  Lines      225922   225922             
=========================================
- Hits       184955   184888     -67     
- Misses      40967    41034     +67     

@bw-solana bw-solana merged commit f591210 into anza-xyz:master Mar 4, 2024
44 checks passed
@AshwinSekar
Copy link

I added the 1.17 and 1.18 backport labels as those branches are also failing for the same vuln

Copy link

mergify bot commented Mar 4, 2024

Backports to the stable branch are to be avoided unless absolutely necessary for fixing bugs, security issues, and perf regressions. Changes intended for backport should be structured such that a minimum effective diff can be committed separately from any refactoring, plumbing, cleanup, etc that are not strictly necessary to achieve the goal. Any of the latter should go only into master and ride the normal stabilization schedule.

Copy link

mergify bot commented Mar 4, 2024

Backports to the beta branch are to be avoided unless absolutely necessary for fixing bugs, security issues, and perf regressions. Changes intended for backport should be structured such that a minimum effective diff can be committed separately from any refactoring, plumbing, cleanup, etc that are not strictly necessary to achieve the goal. Any of the latter should go only into master and ride the normal stabilization schedule. Exceptions include CI/metrics changes, CLI improvements and documentation updates on a case by case basis.

mergify bot pushed a commit that referenced this pull request Mar 4, 2024
(cherry picked from commit f591210)
mergify bot pushed a commit that referenced this pull request Mar 4, 2024
(cherry picked from commit f591210)
@t-nelson
Copy link

t-nelson commented Mar 4, 2024

I added the 1.17 and 1.18 backport labels as those branches are also failing for the same vuln

can we do ignores instead?
Screenshot from 2024-03-04 16-02-23

cc/ @AshwinSekar @bw-solana

@bw-solana
Copy link
Author

I added the 1.17 and 1.18 backport labels as those branches are also failing for the same vuln

can we do ignores instead?

Screenshot from 2024-03-04 16-02-23

cc/ @AshwinSekar @bw-solana

Yep, that's viable as well

yihau pushed a commit that referenced this pull request Mar 5, 2024
update mio to 0.8.11 (#60)

(cherry picked from commit f591210)

Co-authored-by: Brennan <[email protected]>
CriesofCarrots pushed a commit that referenced this pull request Mar 5, 2024
* Revert "v1.18: update mio to 0.8.11 (backport of #60) (#71)"

This reverts commit 9b784a2.

* ci: ignore mio audit
anwayde pushed a commit to firedancer-io/agave that referenced this pull request Jul 23, 2024
update mio to 0.8.11 (anza-xyz#60)

(cherry picked from commit f591210)

Co-authored-by: Brennan <[email protected]>
anwayde pushed a commit to firedancer-io/agave that referenced this pull request Jul 23, 2024
* Revert "v1.18: update mio to 0.8.11 (backport of anza-xyz#60) (anza-xyz#71)"

This reverts commit 9b784a2.

* ci: ignore mio audit
codebender828 pushed a commit to codebender828/agave that referenced this pull request Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants