Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update rustls-webpki #1919

Merged
merged 1 commit into from
Sep 13, 2023
Merged

Update rustls-webpki #1919

merged 1 commit into from
Sep 13, 2023

Conversation

divergentdave
Copy link
Collaborator

This will resolve a CPU DoS security alert.

@divergentdave divergentdave requested a review from a team as a code owner September 13, 2023 17:19
Copy link
Contributor

@inahga inahga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm somewhat surprised dependabot didn't make a PR for this... is it because it's a transient dependency?

@divergentdave
Copy link
Collaborator Author

It did previously create #1791. We have two incompatible versions of this crate in our lockfile, and this updates the other one. It appears the advisory has also been updated since then to reflect that subsequent releases had incomplete fixes.

@divergentdave divergentdave enabled auto-merge (squash) September 13, 2023 17:46
@divergentdave divergentdave merged commit 6d4a164 into main Sep 13, 2023
@divergentdave divergentdave deleted the david/update-rustls-webpki branch September 13, 2023 18:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants