Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix cargo audit #13716

Closed
wants to merge 4 commits into from
Closed

fix: fix cargo audit #13716

wants to merge 4 commits into from

Conversation

fuyufjh
Copy link
Member

@fuyufjh fuyufjh commented Nov 29, 2023

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

Fix CI failure due to

    Scanning Cargo.lock for vulnerabilities (970 crate dependencies)
Crate:     rsa
Version:   0.9.2
Title:     Marvin Attack: potential key recovery through timing sidechannels
Date:      2023-11-22
ID:        RUSTSEC-2023-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2023-0071
Severity:  7.4 (high)
Solution:  No fixed upgrade is available!
Dependency tree:
....
error: 1 vulnerability found!
warning: 3 allowed warnings found

This is caused by advisory database we used added this new vulnerability yesterday.
https://github.com/rustsec/advisory-db/pulls?q=is%3Apr+is%3Aclosed+RUSTSEC-2023-0071+

Checklist

  • I have written necessary rustdoc comments
  • I have added necessary unit tests and integration tests
  • I have added test labels as necessary. See details.
  • I have added fuzzing tests or opened an issue to track them. (Optional, recommended for new SQL features Sqlsmith: Sql feature generation #7934).
  • My PR contains breaking changes. (If it deprecates some features, please create a tracking issue to remove them in the future).
  • All checks passed in ./risedev check (or alias, ./risedev c)
  • My PR changes performance-critical code. (Please run macro/micro-benchmarks and show the results.)
  • My PR contains critical fixes that are necessary to be merged into the latest release. (Please check out the details)

Documentation

  • My PR needs documentation updates. (Please use the Release note section below to summarize the impact on users)

Release note

If this PR includes changes that directly affect users or other significant modifications relevant to the community, kindly draft a release note to provide a concise summary of these changes. Please prioritize highlighting the impact these changes will have on users.

@fuyufjh fuyufjh requested a review from kwannoel November 29, 2023 05:49
@fuyufjh
Copy link
Member Author

fuyufjh commented Nov 29, 2023

Oops. Conflicted with #13704 but it seems better to maintain such list in the config file.

@fuyufjh fuyufjh enabled auto-merge November 29, 2023 05:51
xxchan added a commit that referenced this pull request Nov 29, 2023
@xxchan
merge #13716
bf5e130
@kwannoel kwannoel disabled auto-merge November 29, 2023 06:22
@kwannoel
Copy link
Contributor

Included in #13719

@kwannoel kwannoel closed this Nov 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kwannoel kwannoel kwannoel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fuyufjh @kwannoel