Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo audit error #4703

Closed
koushiro opened this issue May 16, 2019 · 4 comments
Closed

cargo audit error #4703

koushiro opened this issue May 16, 2019 · 4 comments
Labels
type/bug Type: Issue - Confirmed a bug

Comments

@koushiro
Copy link
Contributor

koushiro commented May 16, 2019
edited

Bug Report

What did you do?

➜ tikv git:(master) cargo audit
Fetching advisory database from https://github.com/RustSec/advisory-db.git
Loaded 24 security advisories (from /home/koushiro/.cargo/advisory-db)
Scanning Cargo.lock for vulnerabilities (306 crate dependencies)
error: Vulnerable crates found!

ID: RUSTSEC-2019-0003
Crate: protobuf
Version: 2.0.4
Date: 2018-06-08
URL: stepancheg/rust-protobuf#411
Title: Out of Memory in stream::read_raw_bytes_into()
Solution: upgrade to:

error: 1 vulnerability found!

It makes Jenkins job failed.
@Hoverbear
Copy link
Contributor

Hoverbear commented May 16, 2019
edited

From @zhangjinpeng1987

image
CI record: https://internal.pingcap.net/idc-jenkins/blue/organizations/jenkins/tikv_ghpr_test/detail/tikv_ghpr_test/4453/pipeline/

Specifically, the fix of: stepancheg/rust-protobuf@66a22c8#diff-03da03412d4490720c45da0a6f43d56cR37

@rleungx rleungx added the type/bug Type: Issue - Confirmed a bug label May 16, 2019
@Hoverbear
Copy link
Contributor

There is a fix pending on our internal infrastructure.

@kennytm
Copy link
Contributor

kennytm commented May 19, 2019

We're currently only ignoring the audit, but the actual fix is still not applied. Let's keep this open until protobuf is updated and the audit is re-enabled.

@kennytm kennytm reopened this May 19, 2019
@Hoverbear Hoverbear removed their assignment Mar 2, 2020
@BusyJay BusyJay closed this as completed Aug 28, 2020
@BusyJay
Copy link
Member

BusyJay commented Aug 28, 2020

The error was passed and daily audit check has been setup for quite a while.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug Type: Issue - Confirmed a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kennytm @Hoverbear @BusyJay @koushiro @rleungx