Skip to content
This repository was archived by the owner on Jul 28, 2025. It is now read-only.

Commit 19339f1

Browse files
joonasjoonas
authored
chore: Bump ptree to update config dependency (#304)
Bumping `ptree` to `0.5.0` in order to pull in `config` `0.14.0`, which addresses some outstanding security issues: Before: ``` Scanned old.spdx.json as SPDX SBOM and found 490 packages ╭─────────────────────────────────────┬──────┬───────────┬──────────────┬─────────┬───────────────────╮ │ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ ├─────────────────────────────────────┼──────┼───────────┼──────────────┼─────────┼───────────────────┤ │ https://osv.dev/RUSTSEC-2021-0139 │ │ crates.io │ ansi_term │ 0.12.1 │ all-old.spdx.json │ │ https://osv.dev/RUSTSEC-2021-0145 │ │ crates.io │ atty │ 0.2.14 │ all-old.spdx.json │ │ https://osv.dev/GHSA-g98v-hv3f-hcfr │ │ │ │ │ │ │ https://osv.dev/RUSTSEC-2024-0375 │ │ crates.io │ atty │ 0.2.14 │ all-old.spdx.json │ │ https://osv.dev/GHSA-wq9x-qwcq-mmgf │ 8.9 │ crates.io │ diesel │ 2.1.6 │ all-old.spdx.json │ │ https://osv.dev/RUSTSEC-2024-0365 │ │ crates.io │ diesel │ 2.1.6 │ all-old.spdx.json │ │ https://osv.dev/GHSA-2326-pfpj-vx3h │ │ crates.io │ lexical-core │ 0.7.6 │ all-old.spdx.json │ │ https://osv.dev/RUSTSEC-2023-0086 │ │ crates.io │ lexical-core │ 0.7.6 │ all-old.spdx.json │ │ https://osv.dev/RUSTSEC-2024-0373 │ 8.7 │ crates.io │ quinn-proto │ 0.11.6 │ all-old.spdx.json │ │ https://osv.dev/GHSA-vr26-jcq5-fjj8 │ │ │ │ │ │ │ https://osv.dev/RUSTSEC-2024-0320 │ │ crates.io │ yaml-rust │ 0.4.5 │ all-old.spdx.json │ ╰─────────────────────────────────────┴──────┴───────────┴──────────────┴─────────┴───────────────────╯ ``` After: ``` Scanned new.spdx.json as SPDX SBOM and found 499 packages ╭─────────────────────────────────────┬──────┬───────────┬─────────────┬─────────┬───────────────╮ │ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ ├─────────────────────────────────────┼──────┼───────────┼─────────────┼─────────┼───────────────┤ │ https://osv.dev/RUSTSEC-2021-0139 │ │ crates.io │ ansi_term │ 0.12.1 │ all.spdx.json │ │ https://osv.dev/RUSTSEC-2021-0145 │ │ crates.io │ atty │ 0.2.14 │ all.spdx.json │ │ https://osv.dev/GHSA-g98v-hv3f-hcfr │ │ │ │ │ │ │ https://osv.dev/RUSTSEC-2024-0375 │ │ crates.io │ atty │ 0.2.14 │ all.spdx.json │ │ https://osv.dev/GHSA-wq9x-qwcq-mmgf │ 8.9 │ crates.io │ diesel │ 2.1.6 │ all.spdx.json │ │ https://osv.dev/RUSTSEC-2024-0365 │ │ crates.io │ diesel │ 2.1.6 │ all.spdx.json │ │ https://osv.dev/RUSTSEC-2024-0373 │ 8.7 │ crates.io │ quinn-proto │ 0.11.6 │ all.spdx.json │ │ https://osv.dev/GHSA-vr26-jcq5-fjj8 │ │ │ │ │ │ │ https://osv.dev/RUSTSEC-2024-0320 │ │ crates.io │ yaml-rust │ 0.4.5 │ all.spdx.json │ ╰─────────────────────────────────────┴──────┴───────────┴─────────────┴─────────┴───────────────╯ ``` This also sets the stage to pull in a newer version of `ptree` to get rid of `atty` in case I can convince the author to merge changes for getting rid of it: https://gitlab.com/Noughmad/ptree/-/merge_requests/10 Signed-off-by: Joonas Bergius <joonas@cosmonic.com>
1 parent 694ad6e commit 19339f1

2 files changed

Lines changed: 229 additions & 136 deletions

File tree

0 commit comments

Comments
 (0)