Skip to content

deps(websocket): bump futures-rustls to 0.24.0#4378

Merged
mergify[bot] merged 7 commits intolibp2p:masterfrom
humanode-network:futures-rustls-websocket-update
Aug 23, 2023
Merged

deps(websocket): bump futures-rustls to 0.24.0#4378
mergify[bot] merged 7 commits intolibp2p:masterfrom
humanode-network:futures-rustls-websocket-update

Conversation

@MOZGIII
Copy link
Contributor

@MOZGIII MOZGIII commented Aug 23, 2023
edited
Loading

Description

A simple dependency update to make the CVE detector happy.

Notes & open questions

This is a part of the work to make https://rustsec.org/advisories/RUSTSEC-2023-0052.html alerts go away.

Change checklist

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • A changelog entry has been made in the appropriate crates

@MOZGIII MOZGIII changed the title Bump futures-rustls at libp2p-websocket to 0.24.0 websocket: Bump futures-rustls to 0.24.0 Aug 23, 2023
@MOZGIII MOZGIII changed the title websocket: Bump futures-rustls to 0.24.0 chore(websocket): Bump futures-rustls to 0.24.0 Aug 23, 2023
@MOZGIII MOZGIII force-pushed the futures-rustls-websocket-update branch from bc3da57 to 2fcb249 Compare August 23, 2023 11:48
thomaseizinger
thomaseizinger reviewed Aug 23, 2023
View reviewed changes
Copy link
Contributor

@thomaseizinger thomaseizinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@thomaseizinger thomaseizinger changed the title chore(websocket): Bump futures-rustls to 0.24.0 deps(websocket): bump futures-rustls to 0.24.0 Aug 23, 2023
thomaseizinger
thomaseizinger previously approved these changes Aug 23, 2023
View reviewed changes
@thomaseizinger
Copy link
Contributor

thomaseizinger commented Aug 23, 2023

@MOZGIII It seems that mergify cannot update your branch. See https://github.com/libp2p/rust-libp2p/pull/4378/checks?check_run_id=16141066600. Mind fixing this?

@thomaseizinger thomaseizinger mentioned this pull request Aug 23, 2023
Closed
@MOZGIII
Copy link
Contributor Author

MOZGIII commented Aug 23, 2023

@MOZGIII It seems that mergify cannot update your branch. See #4378 (checks). Mind fixing this?

Oddly, I can't see this option (I usually have it though).

@mergify mergify bot dismissed thomaseizinger’s stale review August 23, 2023 13:06

Approvals have been dismissed because the PR was updated after the send-it label was applied.

@mergify mergify bot merged commit dc0a123 into libp2p:master Aug 23, 2023
@MOZGIII
Copy link
Contributor Author

MOZGIII commented Aug 23, 2023

Can we cut a release now?

@MOZGIII MOZGIII deleted the futures-rustls-websocket-update branch August 23, 2023 16:30
@MOZGIII MOZGIII mentioned this pull request Aug 23, 2023
Merged
4 tasks
kayabaNerve added a commit to serai-dex/serai that referenced this pull request Aug 23, 2023
@kayabaNerve
jsonrpsee 0.16.3
8a4ef3d 
Removes 3 crates from tree. Now RUSTSEC-2023-0053 is only held up by a lack of
libp2p-websocket release (libp2p/rust-libp2p#4378).
@mxinden
Copy link
Member

mxinden commented Aug 23, 2023

Thank you for the help.

Can we cut a release now?

I can do that tomorrow along with #4381.

mergify bot pushed a commit that referenced this pull request Aug 24, 2023
@MOZGIII
deps(tls): switch from webpki to rustls-webpki
240c5c2 
A simple dependency update to make the CVE detector happy.
Continuation of #4378.

Pull-Request: #4381.
@mxinden mxinden mentioned this pull request Aug 24, 2023
Merged
4 tasks
mergify bot pushed a commit that referenced this pull request Aug 24, 2023
@mxinden
chore: prepare libp2p v0.52.3
e8759c8 
- Addresses TLS CVE:
- #4381
- #4378
- Stable QUIC #4325
- New rust-libp2p-server release #4311

Pull-Request: #4387.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thomaseizinger thomaseizinger thomaseizinger approved these changes

Assignees

No one assigned

Labels

send-it

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MOZGIII @thomaseizinger @mxinden