Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update cargo-audit to rustsec 0.29.3. #23834

Merged
merged 1 commit into from
May 28, 2024
Merged

Update cargo-audit to rustsec 0.29.3. #23834

merged 1 commit into from
May 28, 2024

Conversation

rillian
Copy link
Collaborator

@rillian rillian commented May 26, 2024
edited

Update Cargo.lock for our vendored cargo-audit to pick up recent fixes to the gix crate series.

Addresses GHSA-7w47-3wg8-547c and GHSA-49jc-r788-3fc9.

Follow up to #23795.

Resolves

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

@rillian
Update cargo-audit to rustsec 0.29.3.
fadb7d6 
Update Cargo.lock for our vendored `cargo-audit` to pick up recent
fixes to the `gix` crate series.

Addresses GHSA-7w47-3wg8-547c and GHSA-49jc-r788-3fc9.
@rillian rillian self-assigned this May 26, 2024
@rillian rillian requested a review from a team as a code owner May 26, 2024 00:50
@github-actions github-actions bot added the CI/run-audit-deps Check for known npm/cargo vulnerabilities (audit_deps) label May 26, 2024
@rillian
Copy link
Collaborator Author

rillian commented May 26, 2024

CI failures are unrelated.

@rillian rillian enabled auto-merge May 27, 2024 16:51
@rillian rillian merged commit 9ae8fdf into master May 28, 2024
20 checks passed
@rillian rillian deleted the cargo-audit-rustsec-0.29.3 branch May 28, 2024 16:27
@github-actions github-actions bot added this to the 1.68.x - Nightly milestone May 28, 2024
@rillian rillian mentioned this pull request May 28, 2024
Merged
7 tasks
rillian added a commit that referenced this pull request May 28, 2024
@rillian
Update cargo-audit rustsec to 0.29.3
ef1b653 
Backport of #23834 and #23795 to 1.66.x.

Addresses:

- GHSA-7w47-3wg8-547c
- GHSA-49jc-r788-3fc9
- https://rustsec.org/advisories/RUSTSEC-2024-0335
- https://rustsec.org/advisories/RUSTSEC-2024-0332
- https://rustsec.org/advisories/RUSTSEC-2024-0336
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antonok-edm antonok-edm antonok-edm approved these changes

Assignees

@rillian rillian

Labels
CI/run-audit-deps Check for known npm/cargo vulnerabilities (audit_deps)
Projects
None yet
Milestone
1.68.x - Beta
2 participants
@rillian @antonok-edm