Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove ignores of criterion-based RUSTSEC advisories once fixed #306

Closed
brycx opened this issue Nov 23, 2022 · 2 comments · Fixed by #343
Closed

Remove ignores of criterion-based RUSTSEC advisories once fixed #306

brycx opened this issue Nov 23, 2022 · 2 comments · Fixed by #343
Labels
security Security-related issues or improvements

Comments

@brycx
Copy link
Member

brycx commented Nov 23, 2022
edited

criterion relies on atty which is unsound and also seems as if it's unmaintained. Let's see if criterion (bheisler/criterion.rs#629) moves away from this, and if not, how else we should handle this.
@brycx brycx added the security Security-related issues or improvements label Nov 23, 2022
@brycx
Copy link
Member Author

brycx commented Dec 7, 2022
edited

As this is a part of our development dependency-tree and is causing a great deal of noise, I'll add this advisory to the ignore list. This is the same approach we took with serde_cbor (RUSTSEC-2021-0127) which also got pulled in by criterion. We need to remove the ignore once criterion no longer depends on the crate.

@brycx brycx mentioned this issue Dec 7, 2022
Merged
@brycx brycx changed the title RUSTSEC-2021-0145: atty is unsound Remove ignores of criterion-based RUSTSEC advisories once fixed Dec 7, 2022
@brycx
Copy link
Member Author

brycx commented Dec 7, 2022

Tracking issues:

@brycx brycx mentioned this issue May 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Security-related issues or improvements
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update criterion to 0.5.0 orion-rs/orion
1 participant
@brycx