-
Notifications
You must be signed in to change notification settings - Fork 619
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Outdated dependencies, Unresolved security advisories #6798
Comments
cc #6694 |
The first does not affect us. From an Issue on chrono:
|
Also, I'd like to mention the use of |
And differend versions of
|
Yes, we are aware of those. |
Describe the bug Various NEAR libraries refer to severely outdated libraries. Some of them subjects to security advisories (time 0.1 -> chrono -> near-chain-configs is affected by https://rustsec.org/advisories/RUSTSEC-2020-0071). This can result in a severe vulnerabilities and breaks downstream users.
In addition to that, the
nearcore
set of libraries uses outdated beta versions ofactix
andactix-web
and connected libraries.To Reproduce To see current state from the security side, install
cargo install cargo-deny
and runcargo deny check advisories
. There are currently 3 errors, 4 warnings.Critically: https://rustsec.org/advisories/RUSTSEC-2020-0071 https://rustsec.org/advisories/RUSTSEC-2022-0014 https://rustsec.org/advisories/RUSTSEC-2021-0131
Expected behavior The deps are kept up to date, and security is integrated into ci process.
Version (please complete the following information):
The text was updated successfully, but these errors were encountered: