Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update h2 to 0.3.24 to fix vulnerability RUSTSEC-2024-0003 #474

Merged
merged 1 commit into from
Jan 31, 2024
Merged

Update h2 to 0.3.24 to fix vulnerability RUSTSEC-2024-0003 #474

merged 1 commit into from
Jan 31, 2024

Conversation

striezel
Copy link
Contributor

The update fixes a resource exhaustion vulnerability in h2 which may lead to Denial of Service. For more information on that see https://rustsec.org/advisories/RUSTSEC-2024-0003.

@striezel
Update h2 to 0.3.24 to fix vulnerability RUSTSEC-2024-0003
84d4f33 
The update fixes a resource exhaustion vulnerability in h2 which
may lead to Denial of Service. For more information on that see
<https://rustsec.org/advisories/RUSTSEC-2024-0003>.
@kozabrada123
Copy link
Member

Hi, thank you for your contributions!
However, please target the dev branch instead of main, as pushes to main are meant for releases

@kozabrada123 kozabrada123 added the dependencies Pull requests that update a dependency file label Jan 31, 2024
@kozabrada123 kozabrada123 changed the base branch from main to dev January 31, 2024 21:29
@kozabrada123
Copy link
Member

Looks good, thank you!

@kozabrada123 kozabrada123 merged commit d3e5df6 into polyphony-chat:dev Jan 31, 2024
5 checks passed
@striezel
Copy link
Contributor Author

striezel commented Feb 1, 2024

However, please target the dev branch instead of main, as pushes to main are meant for releases

Thanks.

It may be a good idea to document that somehow for new / future contributors. Many projects contain a CONTRIBUTING.md in their repositories for such purposes.

@striezel striezel deleted the h2-update branch February 1, 2024 02:59
@kozabrada123
Copy link
Member

It may be a good idea to document that somehow for new / future contributors. Many projects contain a CONTRIBUTING.md in their repositories for such purposes.

While we could make a CONTRIBUTING.md for chorus specifically, we do have a section in the README on contributing, which also mentions the contribution guidelines of the project as a whole :P

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@striezel @kozabrada123