Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore RUSTSEC-2019-0003. #7766

Merged
merged 1 commit into from
May 20, 2019
Merged

Ignore RUSTSEC-2019-0003. #7766

merged 1 commit into from
May 20, 2019

Conversation

jsirois
Copy link
Contributor

@jsirois jsirois commented May 19, 2019

We have a fix in-flight in
pantsbuild/rust-protobuf#2 that will still need
this --ignore even when we're consuming it. Adding the --ignore now
silences nightly CRON audit noise in the meantime and going forward
until we can upgrade to a public official release of protobuf with the
RUSTSEC-2019-0003 fix.

Part of fixing #7760

@jsirois
Ignore RUSTSEC-2019-0003.
80b0a0e 
We have a fix in-flight in
pantsbuild/rust-protobuf#2 that will still need
this `--ignore` even when we're consuming it. Adding the `--ignore` now
silences nightly CRON audit noise in the meantime and going forward
until we can upgrade to a public official release of protobuf with the
`RUSTSEC-2019-0003` fix.

Part of fixing pantsbuild#7760
@jsirois
Copy link
Contributor Author

jsirois commented May 19, 2019

Tested locally with:

$ ./build-support/bin/ci.sh -a

[=== 00:00 CI BEGINS ===]
[=== 00:00 Setting interpreter constraints to ['CPython==3.6.*'] ===]
[=== 00:00 Running cargo audit on rust code ===]
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 24 security advisories (from /home/jsirois/.cache/pants/rust/cargo/advisory-db)
    Scanning /home/jsirois/dev/pantsbuild/jsirois-pants/src/rust/engine/Cargo.lock for vulnerabilities (318 crate dependencies)
     Success No vulnerable packages found
[=== 00:06 CI ENDS ===]


SUCCESS

@jsirois jsirois merged commit 91a88ba into pantsbuild:master May 20, 2019
@jsirois jsirois deleted the issues/7760/ignore branch May 20, 2019 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stuhood stuhood stuhood approved these changes

@illicitonion illicitonion illicitonion approved these changes

@Eric-Arellano Eric-Arellano Eric-Arellano approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jsirois @stuhood @illicitonion @Eric-Arellano