Skip to content

Address cargo audit failure RUSTSEC-2025-0009 #7086

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 10, 2025
Merged

Address cargo audit failure RUSTSEC-2025-0009 #7086

merged 4 commits into from
Mar 10, 2025

Conversation

eserilev
Copy link
Member

@eserilev eserilev commented Mar 7, 2025

@eserilev
Copy link
Member Author

eserilev commented Mar 7, 2025

I guess we'd merge to release-v7.0.0 and then cherry-pick to unstable?

@eserilev eserilev added ready-for-review The code is ready for review and removed ready-for-review The code is ready for review labels Mar 7, 2025
@michaelsproul
Copy link
Member

michaelsproul commented Mar 10, 2025
edited
Loading

Wondering if we should just merge an --ignore so we can unblock CI. As I understand we're waiting for @jxs to merge some stuff upstream in libp2p so we can avoid ring 0.16 completely.

@michaelsproul michaelsproul mentioned this pull request Mar 10, 2025
Closed
@jxs
Copy link
Member

jxs commented Mar 10, 2025

Hi @michaelsproul released libp2p-tls 0.6.1 this should be addressed with
cargo update -p libp2p-tls

@eserilev eserilev added the ready-for-review The code is ready for review label Mar 10, 2025
@eserilev
Copy link
Member Author

I've updated libp2p-tls, and removed the relevant cargo audit ignore

jimmygchen
jimmygchen approved these changes Mar 10, 2025
View reviewed changes
Copy link
Member

@jimmygchen jimmygchen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@jimmygchen jimmygchen added ready-for-merge This PR is ready to merge. and removed ready-for-review The code is ready for review labels Mar 10, 2025
@mergify Mergify
Copy link

mergify bot commented Mar 10, 2025

This pull request has been removed from the queue for the following reason: checks failed.

The merge conditions cannot be satisfied due to failing checks:

You may have to fix your CI before adding the pull request to the queue again.

If you want to requeue this pull request, you can post a @mergifyio requeue comment.

@mergify mergify bot merged commit 0f5e680 into sigp:release-v7.0.0 Mar 10, 2025
31 checks passed
@michaelsproul michaelsproul mentioned this pull request Mar 18, 2025
Merged
mergify bot pushed a commit that referenced this pull request Mar 19, 2025
@michaelsproul
Update ring to 0.17.14 to fix build compat (#7164)
76d8984 
Cross builds were failing since:

- #7086

This seems to have been due to a regression upstream in `ring` which is noted in the v0.17.14 release notes. I'm hoping that updating remedies it.

> Compatibility with GNU binutils 2.29 (used on Amazon Linux 2), and probably even earlier versions, was restored. It is expected that ring 0.17.14 will build on all the systems that 0.17.12 would build on.

https://github.com/briansmith/ring/blob/main/RELEASES.md#version-01714-2025-03-11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmygchen jimmygchen jimmygchen approved these changes

Assignees
No one assigned
Labels
ready-for-merge This PR is ready to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@eserilev @michaelsproul @jxs @jimmygchen