Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix security-audit, upgrade ahash to 0.8.6 and 0.7.7 #4202

Merged
merged 1 commit into from
Oct 25, 2023
Merged

Fix security-audit, upgrade ahash to 0.8.6 and 0.7.7 #4202

merged 1 commit into from
Oct 25, 2023

Conversation

eval-exec
Copy link
Collaborator

What problem does this PR solve?

cargo deny check --hide-inclusion-graph --show-stats advisories sources
warning[unmaintained]: `net2` crate has been deprecated; use `socket2` instead
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:269:1
    │
269 │ net2 0.2.39 registry+https://github.com/rust-lang/crates.io-index
    │ ----------------------------------------------------------------- unmaintained advisory detected
 advisories FAILED: 2 errors, 2 warnings, 0 notes
        sources ok: 0 errors, 0 warnings, 0 notes
    │
    = ID: RUSTSEC-2020-0016
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0016
    = The [`net2`](https://crates.io/crates/net2) crate has been deprecated
      and users are encouraged to considered [`socket2`](https://crates.io/crates/socket2) instead.
    = Announcement: https://github.com/deprecrated/net2-rs/commit/3350e3819adf151709047e93f25583a5df681091
    = Solution: No safe upgrade is available!

error[yanked]: detected yanked crate (try `cargo update -p ahash`)
  ┌─ /home/runner/work/ckb/ckb/Cargo.lock:5:1
  │
5 │ ahash 0.7.6 registry+https://github.com/rust-lang/crates.io-index
  │ ----------------------------------------------------------------- yanked version

error[yanked]: detected yanked crate (try `cargo update -p ahash`)
  ┌─ /home/runner/work/ckb/ckb/Cargo.lock:6:1
  │
6 │ ahash 0.8.3 registry+https://github.com/rust-lang/crates.io-index
  │ ----------------------------------------------------------------- yanked version

warning[advisory-not-detected]: advisory was not encountered
  ┌─ /home/runner/work/ckb/ckb/deny.toml:8:5
  │
8 │     "RUSTSEC-2021-0145"
  │     ^^^^^^^^^^^^^^^^^^^ no crate matched advisory criteria

make: *** [Makefile:189: security-audit] Error 1
Error: Process completed with exit code 2.

There is a security-audit error occured on #4201's merge queue. We need to update ahash

What is changed and how it works?

Related changes

  • updata ahash version

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code ci-runs-only: [ quick_checks,linters ]

Side effects

  • None

Release note 

None: Exclude this PR from the release note.

@eval-exec eval-exec requested a review from a team as a code owner October 25, 2023 02:07
@eval-exec eval-exec requested review from doitian and zhangsoledad and removed request for a team October 25, 2023 02:07
@eval-exec eval-exec mentioned this pull request Oct 25, 2023
Merged
@zhangsoledad zhangsoledad added this pull request to the merge queue Oct 25, 2023
Merged via the queue into nervosnetwork:develop with commit 2930920 Oct 25, 2023
34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zhangsoledad zhangsoledad zhangsoledad approved these changes

@doitian doitian Awaiting requested review from doitian doitian is a code owner automatically assigned from nervosnetwork/ckb-dev

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eval-exec @zhangsoledad