Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: update ed25519-dalek and base64 #368

Merged
merged 2 commits into from
Aug 29, 2023

Conversation

rvolosatovs
Copy link
Contributor

@rvolosatovs rvolosatovs commented Aug 23, 2023

This addresses a security vulnerability

@rvolosatovs
Copy link
Contributor Author

@microsoft-github-policy-service agree company="Cosmonic"

@bacongobbler
Copy link
Contributor

Hi @rvolosatovs. It appears the build is failing. Can you please fix up the PR so that the project compiles?

Here are the list of failures from CI:

error[E0432]: unresolved imports `ed25519_dalek::Keypair`, `ed25519_dalek::PublicKey`
 --> src/invoice/signature.rs:3:25
  |
3 | pub use ed25519_dalek::{Keypair, PublicKey, Signature as EdSignature, Signer};
  |                         ^^^^^^^  ^^^^^^^^^ no `PublicKey` in the root
  |                         |
  |                         no `Keypair` in the root
  |
  = help: consider importing this variant instead:
          openid::biscuit::jws::Secret::PublicKey

error[E0432]: unresolved import `ed25519_dalek::PublicKey`
 --> src/invoice/verification.rs:5:21
  |
5 | use ed25519_dalek::{PublicKey, Signature as EdSignature};
  |                     ^^^^^^^^^ no `PublicKey` in the root
  |
  = help: consider importing one of these items instead:
          crate::signature::PublicKey
          openid::biscuit::jws::Secret::PublicKey

warning: unused import: `Signer`
  --> src/invoice/mod.rs:40:47
   |
40 | use ed25519_dalek::{Signature as EdSignature, Signer};
   |                                               ^^^^^^
   |
   = note: `#[warn(unused_imports)]` on by default

For more information about this error, try `rustc --explain E0432`.
warning: `bindle` (lib) generated 1 warning
error: could not compile `bindle` (lib) due to 2 previous errors; 1 warning emitted
make: *** [Makefile:75: build-server] Error 101
Error: Process completed with exit code 2.

Thanks!

Signed-off-by: Roman Volosatovs <[email protected]>
@rvolosatovs
Copy link
Contributor Author

@bacongobbler this is now ready for review, PTAL

@rvolosatovs rvolosatovs changed the title build: update ed25519-dalek build: update ed25519-dalek and base64 Aug 29, 2023
Copy link
Contributor

@thomastaylor312 thomastaylor312 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @rvolosatovs. @bacongobbler are you good with this?

@thomastaylor312
Copy link
Contributor

Looks like there are some other vulns that cargo deny is finding. I'm ok ignoring for this PR and doing as a follow up before we cut a patch release

@thomastaylor312 thomastaylor312 merged commit 7672acf into deislabs:main Aug 29, 2023
4 of 6 checks passed
@rvolosatovs rvolosatovs deleted the update/dalek branch August 29, 2023 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants