Skip to content

Fix/tokio util vulnerability #434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ankitpatel2405 wants to merge 33 commits into
base: master
Choose a base branch
from
Open

Fix/tokio util vulnerability #434

ankitpatel2405 wants to merge 33 commits into from

Conversation

@ankitpatel2405
Copy link

@ankitpatel2405 ankitpatel2405 commented Jan 8, 2026

No description provided.

jonquark and others added 30 commits June 29, 2023 15:59
@jonquark @0x2ec
Enable mend (aka Whitesource) dependency vulnerability scanning
fb4272a
@0x2ec
Update dependencies
fcc37fc 
A kind of rebased version of commit
c2e548fb10fda84b808adf1ca6445956149f2770, but on top of a later
version of upstream master.
@Foelsgaard @0x2ec
Update actix-web 0.7 -> 4.3
e1b9d22
@Foelsgaard @0x2ec
Remove samples
1852708 
Most of the samples are horribly outdated and some, like browse-client
and read-client don't even compile.

Since their dependencies are generally very old, they show up on
whitesource scans.

Delete them and possibly restore them later in updated form.
@Foelsgaard @0x2ec
Replace rustc-serialize with hex
a7a6842
@Foelsgaard @0x2ec
Replace tempdir with tempfile
3534c0d
@Foelsgaard @0x2ec
Update jquery 3.3.1 -> 3.7.0
727493e
@0x2ec
core/fuzz: update dependencies
5810976
@0x2ec
types/fuzz: update dependencies
108d2fd
@0x2ec
[patch] core/fuzz: update openssl 0.10.38 -> 0.10.55
9a756a6
@laumann @0x2ec
client/session: Allow setting requested_max_references_per_node
af35a90 
This indicates to servers how many nodes can be included in a response
to a browse request. Some servers abort a connection if the number of
nodes it's trying to inlude in a browse response is too many.

Change the signature of browse() to allow passing in a custom maximum
which can help as a workaround.
[scan] Starting whitesource scan
b80844d 
Starting whitesource scan to update Mend tool report
@Foelsgaard
Remove use of arbitrary_precision from serde_json
0d73e65 
The use of it causes problems up the chain for other dependees of
serde_json and removing *also* fixes a test.
@Foelsgaard
Update openssl
b97816f
@Foelsgaard
Update rumqttc 0.20->0.22
a06b546
[scan] Initializing open source scan
1256931 
Initializing open source scan to update mend dashboard.
@Foelsgaard
Update chrono 0.4.26 -> 0.4.31
21424ce
@Foelsgaard
Run cargo update
84597d9
[scan] Initializing whitesource scan
636964a 
Updating the open source scan in Mend tool
[scan] Initializing whitesource scan
e53aac3 
Initializing whitesource scan
[scan] Initializing whitesource scan
ce327a3 
Initializing whitesource scan
@Foelsgaard
Run cargo update
719fd6f
[patch] Start OSS scan
bd15b94 
Manually starting OSS scan
@Foelsgaard
[patch] Update openssl
8754ee5
@Foelsgaard
[patch] Update rustix
09f4ad6
@Foelsgaard
Update dependencies
26b590f
@Foelsgaard
Remove Cargo.lock
07fa339
@Foelsgaard
Remove other lock files + update gitignore
ac373c5
Start OSS scan (locka99#12)
43cb8da
Start OSS scanning
e63acf3 
Start whitesource scan
[patch]
Gergo Csillag and others added 3 commits May 15, 2025 10:40
[patch]Update url version
0ff48a6 
Update ulr version from 1.7 to 2.5.4
URL normalization in comaprison
6dbf77e 
Add url normalization in the url comaprison between configured and
server.
@ankitpatel2405
Security: Update tokio-util from 0.6 to 0.7.18 to fix vulnerability
f6c6a37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ankitpatel2405 @jonquark @0x2ec @Foelsgaard @laumann