Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bumping dependency axum to version 0.5.16 #1110

Merged
merged 1 commit into from Oct 15, 2022
Merged

chore: bumping dependency axum to version 0.5.16 #1110

merged 1 commit into from Oct 15, 2022

Conversation

Will-Low
Copy link
Contributor

Motivation

There is a security vulnerability in the axum-core crate (RUSTSEC-2022-0055), which is used in axum and subsequently tonic.

I'm not sure if directly impacts tonic or not, but it may be related to #1097.

Solution

Proposing to upgrade the version of axum to 0.5.16, which contains the patched version of axum-core.

@Will-Low
tonic: bumping dependency axum to version 0.5.16
afe4131 
Security advisory RUSTSEC-2022-0055 was published for crate
`axum-core`, which is used by `axum`, a `tonic` dependency. This issue
is patched in `axum-core` 0.2.8, and in `axum` 0.5.16.

Bumping the `axum` version to 0.5.16 to remove the dependency on the
vulnerable version.
@Will-Low Will-Low closed this Oct 13, 2022
@Will-Low Will-Low reopened this Oct 13, 2022
@davidpdrsn
Copy link
Member

It doesn't impact tonic. See #1087

But @LucioFranco looks like #1088 went to 0.5.15 when it should have been 0.5.16 😅

@LucioFranco
Copy link
Member

oh oops

@LucioFranco LucioFranco changed the title tonic: bumping dependency axum to version 0.5.16 chore: bumping dependency axum to version 0.5.16 Oct 15, 2022
@LucioFranco LucioFranco merged commit be1fe02 into hyperium:master Oct 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidpdrsn davidpdrsn davidpdrsn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Will-Low @davidpdrsn @LucioFranco