Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix smallvec vulnerability #502

Closed
wants to merge 4 commits into from
Closed

Fix smallvec vulnerability #502

wants to merge 4 commits into from

Commits on Jan 27, 2021

  1. Output cargo deny version 

    Signed-off-by: Fintan Halpenny <fintan.halpenny@gmail.com>
    @FintanH
    FintanH committed Jan 27, 2021
    Configuration menu
    Copy the full SHA
    f773c2d View commit details
    Browse the repository at this point in the history

  2. Use db-urls 

    The field db-url is deprecated and db-urls should be used instead.

Signed-off-by: Fintan Halpenny <fintan.halpenny@gmail.com>
    @FintanH
    FintanH committed Jan 27, 2021
    Configuration menu
    Copy the full SHA
    c441e47 View commit details
    Browse the repository at this point in the history

  3. Use smallvec 1.6.1 

    We force the smallvec dependency to be 1.6.1 due to the vulnerability
outlined in the issue here
Amanieu/parking_lot#274. We depend on governor
which in turn depends on parking_lot.

Signed-off-by: Fintan Halpenny <fintan.halpenny@gmail.com>
    @FintanH
    FintanH committed Jan 27, 2021
    Configuration menu
    Copy the full SHA
    fd6b16e View commit details
    Browse the repository at this point in the history

  4. Improve bounds 

    And link governor issue.

Signed-off-by: Fintan Halpenny <fintan.halpenny@gmail.com>
    @FintanH
    FintanH committed Jan 27, 2021
    Configuration menu
    Copy the full SHA
    7941d09 View commit details
    Browse the repository at this point in the history