Skip to content

Fix failing security check in ci #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mattsse opened this issue Jun 8, 2021 · 4 comments
Closed

Fix failing security check in ci #101

mattsse opened this issue Jun 8, 2021 · 4 comments
Assignees
@mattsse
Labels
p3 Medium Priority WIP Work in progress - do not review or merge

Comments

@mattsse
Copy link
Contributor

mattsse commented Jun 8, 2021

Issue summary

  • build fails because of detected vulnerabilities which are related to outdated deps (nalgebra)
  • Should be done in conjunction with updating all upstream substrate/polkadot deps and address potential breaking changes

Other information and links
@mattsse mattsse added the needs triage Issue needs to be triaged label Jun 8, 2021
@mattsse mattsse self-assigned this Jun 8, 2021
@clearloop
Copy link
Contributor

dup with #87

@dutterbutter dutterbutter added p3 Medium Priority WIP Work in progress - do not review or merge and removed needs triage Issue needs to be triaged labels Jun 9, 2021
@mattsse
Copy link
Contributor Author

mattsse commented Jun 10, 2021

This is due to an outdated version of cranelift which is pulled in by wasmtime in substrate.
substrate master is already upgraded, should be resolved soon

https://github.com/paritytech/substrate/blob/master/client/executor/wasmtime/Cargo.toml#L25

@mattsse
Copy link
Contributor Author

mattsse commented Jun 16, 2021

after #107 , the audit fails due to https://rustsec.org/advisories/RUSTSEC-2021-0070,
nalgebra is used in linregress which got bump yesterday https://github.com/n1m3/linregress/blob/master/Cargo.toml to 0.4.2, substrate's frame-system still uses 0.4.0 though, https://github.com/paritytech/substrate/blob/c93ef27486e5f14696e5b6d36edafea7936edbc8/frame/benchmarking/Cargo.toml

This will be bumped as well eventually.

@mattsse mattsse mentioned this issue Jun 17, 2021
Closed
@mattsse mattsse mentioned this issue Jul 2, 2021
Merged
@mattsse
Copy link
Contributor Author

mattsse commented Jul 2, 2021

closed with #158

@mattsse mattsse closed this as completed Jul 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattsse mattsse

Labels
p3 Medium Priority WIP Work in progress - do not review or merge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mattsse @clearloop @dutterbutter