Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignored RUSTSEC advisories #84

Closed
ghost opened this issue Mar 31, 2022 · 0 comments · Fixed by #111
Closed

Ignored RUSTSEC advisories #84

ghost opened this issue Mar 31, 2022 · 0 comments · Fixed by #111
Labels
wontfix This will not be worked on

Comments

@ghost
Copy link

ghost commented Mar 31, 2022
edited by zboto bot
Loading

This issue will track this repo's ignored security advisories and why, to promote transparency in our work.

Commits editing the ignored advisories list:

Ignored advisories:

  • RUSTSEC-2021-0124
    Upgrading tokio completely is not possible until grpc upgrades
  • RUSTSEC-2021-0078
    Server-side only issue
  • RUSTSEC-2021-0079
    Client is affected too, but we use hyper with reqwest to communicate with Zemu gRPC endpoint, which is normally done exclusively in a testing context, during development, thus we decided to ignore this advisory as is not critical to production environments.

Furthermore, to fix 2021-0078 and 2021-0079 upgrading reqwest and hyper would pull in tokio 1.x, which is not compatible with 0.2.x, leading to having to manage and run 2 separate executors, with potential incompatibilities with grpc.

🔗 zboto Link
@ghost ghost added the wontfix This will not be worked on label Mar 31, 2022
@ghost ghost pinned this issue Mar 31, 2022
@jleni jleni linked a pull request May 9, 2024 that will close this issue
remove ignored audit issues #111
Merged
@jleni jleni closed this as completed in #111 May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

remove ignored audit issues Zondax/ledger-rs
0 participants