Skip to content

fix: Fix cargo audit warnings#5183

Merged
mversic merged 3 commits intohyperledger-iroha:mainfrom
dima74:diralik/fix-cargo-audit
Oct 23, 2024
Merged

fix: Fix cargo audit warnings#5183
mversic merged 3 commits intohyperledger-iroha:mainfrom
dima74:diralik/fix-cargo-audit

Conversation

@dima74
Copy link
Copy Markdown
Contributor

@dima74 dima74 commented Oct 22, 2024

Fixes #5172

cargo audit founds 4 warnings and no critical errors.

  • RUSTSEC-2024-0370 proc-macro-error is unmaintained
proc-macro-error 1.0.4
└── syn_derive 0.1.8
    └── borsh-derive 1.5.1
        └── borsh 1.5.1
            └── rust_decimal 1.36.0

This is a false-positive caused by Cargo.lock containing optional dependencies. However I noticed that we have dependency byte-unit used only once in bench code. I removed this dependency and the warning disappears

  • Two warnings related to atty:
    • RUSTSEC-2024-0375 atty is unmaintained
    • RUSTSEC-2021-0145 Potential unaligned read
atty 0.2.14
└── supports-color 1.3.1
    └── owo-colors 3.5.0

Fix: Update owo-colors to v4

  • futures-util 0.3.30 is yanked

Fix: Update to 0.3.31

dima74 added 3 commits October 22, 2024 22:00
@dima74
Remove byte-unit dependency
d6fa9fd 
Signed-off-by: Dmitry Murzin <diralik@yandex.ru>
@dima74
Update owo-colors to 4.1.0
9295922 
Signed-off-by: Dmitry Murzin <diralik@yandex.ru>
@dima74
Update futures to 0.3.31
20bd314 
Signed-off-by: Dmitry Murzin <diralik@yandex.ru>
@dima74 dima74 self-assigned this Oct 22, 2024
@dima74 dima74 changed the title Fix cargo audit warnings fix: Fix cargo audit warnings Oct 22, 2024
@mversic mversic merged commit 34b5655 into hyperledger-iroha:main Oct 23, 2024
@dima74 dima74 deleted the diralik/fix-cargo-audit branch October 23, 2024 08:08
aoyako pushed a commit to aoyako/iroha that referenced this pull request Oct 23, 2024
@dima74 @aoyako
fix: Fix cargo audit warnings (hyperledger-iroha#5183)
0fa30fc 
* Remove `byte-unit` dependency
* Update `owo-colors` to 4.1.0
* Update `futures` to 0.3.31

---------

Signed-off-by: Dmitry Murzin <diralik@yandex.ru>
Signed-off-by: Lohachov Mykhailo <lohachov@soramitsu.co.jp>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mversic mversic mversic approved these changes

@s8sato s8sato Awaiting requested review from s8sato s8sato is a code owner

@SamHSmith SamHSmith Awaiting requested review from SamHSmith

@outoftardis outoftardis Awaiting requested review from outoftardis outoftardis is a code owner

@0x009922 0x009922 Awaiting requested review from 0x009922 0x009922 is a code owner

@DCNick3 DCNick3 Awaiting requested review from DCNick3 DCNick3 is a code owner

+1 more reviewer

@nxsaken nxsaken nxsaken approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@dima74 dima74

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Run cargo audit and fix reports

3 participants

@dima74 @nxsaken @mversic