Skip to content

Remove cargo-audit ignore for secp256k1 #2457

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
michaelsproul opened this issue Jul 14, 2021 · 0 comments
Closed

Remove cargo-audit ignore for secp256k1 #2457

michaelsproul opened this issue Jul 14, 2021 · 0 comments
Labels
v1.5.1 To be included in the v1.5.1 relase

Comments

@michaelsproul
Copy link
Member

michaelsproul commented Jul 14, 2021
edited
Loading

Description

Although Lighthouse isn't impacted by RUSTSEC-2021-0076 we should still move away from the vulnerable version of libsecp256k1, and get rid of the --ignore that was added in #2456.

This should be resolved by #2389.
@paulhauner paulhauner added the v1.5.1 To be included in the v1.5.1 relase label Aug 2, 2021
@paulhauner paulhauner mentioned this issue Aug 12, 2021
Closed
pawanjay176 pushed a commit to pawanjay176/lighthouse that referenced this issue Aug 27, 2021
@paulhauner @pawanjay176
Bump libp2p to address inconsistency in mesh peer tracking (sigp#2493)
b3fe09d 
## Issue Addressed

- Resolves sigp#2457
- Resolves sigp#2443

## Proposed Changes

Target the (presently unreleased) head of `libp2p/rust-libp2p:master` in order to obtain the fix from libp2p/rust-libp2p#2175.

Additionally:

- `libsecp256k1` needed to be upgraded to satisfy the new version of `libp2p`.
- There were also a handful of minor changes to `eth2_libp2p` to suit some interface changes.
- Two `cargo audit --ignore` flags were remove due to libp2p upgrades.

## Additional Info
 
 NA
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
v1.5.1 To be included in the v1.5.1 relase
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelsproul @paulhauner