Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps(websocket): bump futures-rustls to 0.24.0 #4378

Merged
merged 7 commits into from
Aug 23, 2023
Merged

deps(websocket): bump futures-rustls to 0.24.0 #4378

merged 7 commits into from
Aug 23, 2023

Conversation

MOZGIII
Copy link
Contributor

@MOZGIII MOZGIII commented Aug 23, 2023
edited
Loading

Description

A simple dependency update to make the CVE detector happy.

Notes & open questions

This is a part of the work to make https://rustsec.org/advisories/RUSTSEC-2023-0052.html alerts go away.

Change checklist

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • A changelog entry has been made in the appropriate crates

@MOZGIII MOZGIII changed the title Bump futures-rustls at libp2p-websocket to 0.24.0 websocket: Bump futures-rustls to 0.24.0 Aug 23, 2023
@MOZGIII MOZGIII changed the title websocket: Bump futures-rustls to 0.24.0 chore(websocket): Bump futures-rustls to 0.24.0 Aug 23, 2023
@MOZGIII MOZGIII force-pushed the futures-rustls-websocket-update branch from bc3da57 to 2fcb249 Compare August 23, 2023 11:48
thomaseizinger
thomaseizinger reviewed Aug 23, 2023
View reviewed changes
Copy link
Contributor

@thomaseizinger thomaseizinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

transports/websocket/CHANGELOG.md Outdated Show resolved Hide resolved
transports/websocket/CHANGELOG.md Show resolved Hide resolved
transports/websocket/Cargo.toml Show resolved Hide resolved
@thomaseizinger thomaseizinger changed the title chore(websocket): Bump futures-rustls to 0.24.0 deps(websocket): bump futures-rustls to 0.24.0 Aug 23, 2023
thomaseizinger
thomaseizinger previously approved these changes Aug 23, 2023
View reviewed changes
@thomaseizinger
Copy link
Contributor

@MOZGIII It seems that mergify cannot update your branch. See https://github.com/libp2p/rust-libp2p/pull/4378/checks?check_run_id=16141066600. Mind fixing this?

@thomaseizinger thomaseizinger mentioned this pull request Aug 23, 2023
Closed
@MOZGIII
Copy link
Contributor Author

MOZGIII commented Aug 23, 2023

@MOZGIII It seems that mergify cannot update your branch. See #4378 (checks). Mind fixing this?

Oddly, I can't see this option (I usually have it though).

@mergify mergify bot dismissed thomaseizinger’s stale review August 23, 2023 13:06

Approvals have been dismissed because the PR was updated after the send-it label was applied.

@mergify mergify bot merged commit dc0a123 into libp2p:master Aug 23, 2023
@MOZGIII
Copy link
Contributor Author

MOZGIII commented Aug 23, 2023

Can we cut a release now?

@MOZGIII MOZGIII deleted the futures-rustls-websocket-update branch August 23, 2023 16:30
@MOZGIII MOZGIII mentioned this pull request Aug 23, 2023
Merged
4 tasks
kayabaNerve added a commit to serai-dex/serai that referenced this pull request Aug 23, 2023
@kayabaNerve
jsonrpsee 0.16.3
8a4ef3d 
Removes 3 crates from tree. Now RUSTSEC-2023-0053 is only held up by a lack of
libp2p-websocket release (libp2p/rust-libp2p#4378).
@mxinden
Copy link
Member

mxinden commented Aug 23, 2023

Thank you for the help.

Can we cut a release now?

I can do that tomorrow along with #4381.

mergify bot pushed a commit that referenced this pull request Aug 24, 2023
@MOZGIII
deps(tls): switch from webpki to rustls-webpki
240c5c2 
A simple dependency update to make the CVE detector happy.
Continuation of #4378.

Pull-Request: #4381.
@mxinden mxinden mentioned this pull request Aug 24, 2023
Merged
4 tasks
mergify bot pushed a commit that referenced this pull request Aug 24, 2023
@mxinden
chore: prepare libp2p v0.52.3
e8759c8 
- Addresses TLS CVE:
- #4381
- #4378
- Stable QUIC #4325
- New rust-libp2p-server release #4311

Pull-Request: #4387.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomaseizinger thomaseizinger thomaseizinger approved these changes

Assignees
No one assigned
Labels
send-it
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MOZGIII @thomaseizinger @mxinden