Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2021-0073 — prost-types 0.7.0 #107

Closed
jnicholls opened this issue Jul 27, 2021 · 3 comments
Closed

RUSTSEC-2021-0073 — prost-types 0.7.0 #107

jnicholls opened this issue Jul 27, 2021 · 3 comments

Comments

@jnicholls
Copy link

jnicholls commented Jul 27, 2021
edited

cosmos-rust as well as tendermint-rs rely on prost and prost-types 0.7. The prost-types crate has a reported security advisory RUSTSEC-2021-0073. An upgrade to prost and prost-types 0.8 would address the advisory.

This issue upstream in prost 0.8 is preventing a clean upgrade to 0.8, but once it is addressed or a workaround is taken, this ticket can track the upgrade in cosmos-rust. Thanks.
@tony-iqlusion
Copy link
Member

Yeah, we're aware, and as you've noted are blocked on an upgrade to tendermint-rs.

@jnicholls
Copy link
Author

jnicholls commented Jul 27, 2021
edited

Yep, thanks @tony-iqlusion. Having this issue gives me something to point to for tracking purposes in my work with Cosmos. Appreciate the work you do!

@tony-iqlusion
Copy link
Member

Fixed in #144

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jnicholls @tony-iqlusion