Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade tonic #6031

Open
SWvheerden opened this issue Dec 11, 2023 · 3 comments
Open

upgrade tonic #6031

SWvheerden opened this issue Dec 11, 2023 · 3 comments

Comments

@SWvheerden
Copy link
Collaborator

we need to upgrade tonic 0.6 as it uses webapki 21.0
https://github.com/tari-project/tari/security/dependabot/258
@brianp brianp self-assigned this Jan 8, 2024
@AaronFeickert
Copy link
Collaborator

This appears to be addressed by #6067. Running cargo tree indicates that webpki v0.22.4 is used, which is outside the affected version range.

@SWvheerden
Copy link
Collaborator Author

SWvheerden commented Jan 15, 2024
edited

This is not completely done as we are still behind on the latest releases.
This is partially fixed, and not that high an issue anymore as the webpki security issue is upgraded

@SWvheerden SWvheerden reopened this Jan 15, 2024
@AaronFeickert
Copy link
Collaborator

Is this a separate issue? I took this to be specific to the webpki vulnerability.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brianp @SWvheerden @AaronFeickert