Skip to content

fix: ignore RUSTSEC-2024-0370#1483

Merged
Fraser999 merged 1 commit intomainfrom
fraser/ignore-rustsec-2024-0370
Sep 20, 2024
Merged

fix: ignore RUSTSEC-2024-0370#1483
Fraser999 merged 1 commit intomainfrom
fraser/ignore-rustsec-2024-0370

Conversation

@Fraser999
Copy link
Copy Markdown
Contributor

@Fraser999 Fraser999 commented Sep 11, 2024

Summary

Ignore RustSec warning.

Background

We get a non-critical warning when running cargo audit: RUSTSEC-2024-0370.

When running cargo tree -i -p=proc-macro-error we can see that proc-macro-error is a dependency of borsh which is already at the latest version.

Given that the RustSec report doesn't suggest any concrete problems with proc-macro-error and how difficult it will be to move away from this dependency, I have just ignored this warning in CI.

Changes

  • Ignore RustSec warning in .cargo/audit.toml.
  • Also fixed a typo causing a compiler warning.

Testing

Ran cargo audit locally.

@Fraser999 Fraser999 requested a review from a team as a code owner September 11, 2024 09:19
@Fraser999 Fraser999 force-pushed the fraser/ignore-rustsec-2024-0370 branch from c6a6057 to fdfadc8 Compare September 11, 2024 09:31
@Fraser999 Fraser999 changed the title fix: ignore RUSTSEC-2024-0370 fix: ignore RUSTSEC-2024-0370 Sep 11, 2024
joroshiba
joroshiba reviewed Sep 18, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@joroshiba joroshiba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

SuperFluffy
SuperFluffy approved these changes Sep 20, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@SuperFluffy SuperFluffy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose we should make an issue over at borsh?

@Fraser999 Fraser999 added this pull request to the merge queue Sep 20, 2024
@Fraser999
Copy link
Copy Markdown
Contributor Author

Fraser999 commented Sep 20, 2024

I suppose we should make an issue over at borsh?

There's an issue logged here which would resolve this.

Merged via the queue into main with commit f7a68a1 Sep 20, 2024
@Fraser999 Fraser999 deleted the fraser/ignore-rustsec-2024-0370 branch September 20, 2024 11:59
steezeburger added a commit that referenced this pull request Sep 23, 2024
@steezeburger
Merge branch 'main' into spike/noble-usdc
83f1643 
* main:
  feat(conductor): implement restart logic (#1463)
  fix: ignore `RUSTSEC-2024-0370` (#1483)
  fix, refactor(sequencer): refactor ics20 logic (#1495)
  fix(ci): use commit SHA instead of PR number preview-env images (#1501)
  chore(bridge-withdrawer): pass GRPC and CometBFT clients to consumers directly (#1510)
  fix(sequencer): Fix incorrect error message from BridgeUnlock actions (#1505)
  fix(bridge-contracts): fix memo transaction hash encoding (#1428)
  fix: build docker when workflow explicitly includes component (#1498)
  chore(sequencer): migrate from `anyhow::Result` to `eyre::Result` (#1387)
  fix(ci): typo for required field in sequencer preview-env (#1500)
  feat(ci): provide demo/preview environments (#1406)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joroshiba joroshiba joroshiba left review comments

+1 more reviewer

@SuperFluffy SuperFluffy SuperFluffy approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Fraser999 @joroshiba @SuperFluffy