Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update hyper version to fix security vulnerability #247

Merged
merged 4 commits into from
Feb 16, 2021
Merged

Update hyper version to fix security vulnerability #247

merged 4 commits into from
Feb 16, 2021

Conversation

romoh
Copy link
Contributor

@romoh romoh commented Feb 13, 2021

What this PR does / why we need it:
The PR does 2 things:

  • The current used version of hyper crate has a security vulnerability and fails cargo audit. This updates it to a version that's compatible with our code && has the issue fixed.
  • Run a cargo update since we are updating the patch version anyways.

Special notes for your reviewer:
N/A

If applicable:

  • this PR contains documentation
  • this PR contains unit tests
  • added code adheres to standard Rust formatting (cargo fmt)
  • code builds properly (cargo build)
  • code is free of common mistakes (cargo clippy)
  • all Akri tests succeed (cargo test)
  • inline documentation builds (cargo doc)
  • version has been updated appropriately (./version.sh)

@bfjelds
Copy link
Collaborator

bfjelds commented Feb 14, 2021

It looks like the h2 dependency changed. Is it a problem that we aren't using the h2 fork?

@romoh
Copy link
Contributor Author

romoh commented Feb 14, 2021

It looks like the h2 dependency changed. Is it a problem that we aren't using the h2 fork?

h2 dependency is still there in the Cargo.lock and the version is locked in the toml file, so I highly doubt it.
The workflow failed in 'installing kubernetes'.. I'm rerunning the jobs to see if that was just a hiccup.

@romoh
Copy link
Contributor Author

romoh commented Feb 14, 2021

It looks like the h2 dependency changed. Is it a problem that we aren't using the h2 fork?

h2 dependency is still there in the Cargo.lock and the version is locked in the toml file, so I highly doubt it.
The workflow failed in 'installing kubernetes'.. I'm rerunning the jobs to see if that was just a hiccup.

Error below.. @bfjelds any clue what might be going on here?
Preparing to unpack .../8-kubeadm_1.16.15-00_amd64.deb ...
Unpacking kubeadm (1.16.15-00) ...
Errors were encountered while processing:
/tmp/apt-dpkg-install-d8lyhl/2-containers-common_100%3a1-7_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
Error: Process completed with exit code 100.

@bfjelds
Copy link
Collaborator

bfjelds commented Feb 15, 2021

I dont know why this started happening, but the solution is here: 2e168fd

romoh referenced this pull request Feb 16, 2021
@DazWilkin
Per: #206 (comment)
2e168fd
@DazWilkin DazWilkin mentioned this pull request Feb 16, 2021
Merged
8 tasks
@romoh romoh merged commit 1b5c9b7 into project-akri:main Feb 16, 2021
@romoh romoh mentioned this pull request Feb 16, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bfjelds bfjelds bfjelds approved these changes

@kate-goldenring kate-goldenring kate-goldenring approved these changes

@Britel Britel Awaiting requested review from Britel

@jiria jiria Awaiting requested review from jiria

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@romoh @bfjelds @kate-goldenring @web-flow