Update rand dependency because of RUSTSEC-2021-0023 #396
Conversation
|
CI failures are caused by clippy, at least one looks like an actual bug that was already fixed on the main branch |
|
I have a PR that fixes the lints which we can hopefully base this on top of: #399 |
|
Re-running CI now that #399 was merged |
|
Needs a rebase it seems |
|
@Fishrock123 I don't see a merge conflict on this branch. Seems like it can be merged? |
|
@Fishrock123 any chance this could be merged? |
jhorstmann
force-pushed
the
update-rand-on-2x-branch
branch
from
13ab959
to
17af8fc
Compare
|
Rebased. There might be new clippy lints since the last update, let's see. |
|
@Fishrock123 How can we help get this merged and a new release? |
|
@nox it would help to open a PR fixing the broken clippies. They're not broken because of this PR, but they are blocking merge |
|
@jhorstmann I've made a PR fixing the clippy lints and it got merged. Care to rebase this PR on top of current master? Thanks. |
|
@nox did you mean cherry-pick instead? My idea here was to apply the change to the 2.x branch for a maintenance release. The master branch seems to have switched to a different crate for random numbers. Looking at the rustsec advisory again it also seems that An updated maintenance release would still be nice. |
Yeah sorry, I just meant to tell you about the lint fixes so we can get this merged and released as some 2.y.z version. |
|
I just realised that the lints were independently fixed, so it seems all we need is a rebase, @jhorstmann. |
|
Ah, different lints were fixed, never mind. |
There is an open rustsec issue (RUSTSEC-2021-0023) about a transitive dependency of http-types 2.12.0. On the main branch this seems to be fixed by migrating to
fastrandbut I think this might also warrant a maintenance release.