chore: bump ed25519-dalek package version #11986

yufansong · 2023-08-31T06:15:05Z

Describe the bug

In #11924 , it contains a dependency with security bugs. The async-nats will introduce the ed25519-dalek package. It need to be upgraded.

Crate:     ed25519-dalek
Version:   1.0.1
Title:     Double Public Key Signing Function Oracle Attack on `ed25519-dalek`
Date:      2022-06-11
ID:        RUSTSEC-2022-0093
URL:       https://rustsec.org/advisories/RUSTSEC-2022-0093
Solution:  Upgrade to >=2
Dependency tree:
ed25519-dalek 1.0.1
└── nkeys 0.3.1
    └── async-nats 0.31.0
        └── risingwave_connector 1.1.0-alpha
            ├── risingwave_stream 1.1.0-alpha
            │   ├── risingwave_ctl 1.1.0-alpha
            │   │   ├── risingwave_simulation 0.1.0
            │   │   ├── risingwave_cmd_all 1.1.0-alpha
            │   │   └── risingwave_cmd 1.1.0-alpha
            │   │       └── risingwave_cmd_all 1.1.0-alpha
            │   └── risingwave_compute 1.1.0-alpha
            │       ├── risingwave_simulation 0.1.0
            │       ├── risingwave_cmd_all 1.1.0-alpha
            │       └── risingwave_cmd 1.1.0-alpha
            ├── risingwave_source 1.1.0-alpha
            │   ├── risingwave_stream 1.1.0-alpha
            │   ├── risingwave_frontend 1.1.0-alpha
            │   │   ├── risingwave_stream 1.1.0-alpha
            │   │   ├── risingwave_sqlsmith 1.1.0-alpha
            │   │   │   └── risingwave_simulation 0.1.0
            │   │   ├── risingwave_simulation 0.1.0
            │   │   ├── risingwave_planner_test 1.1.0-alpha
            │   │   ├── risingwave_ctl 1.1.0-alpha
            │   │   ├── risingwave_cmd_all 1.1.0-alpha
            │   │   └── risingwave_cmd 1.1.0-alpha
            │   ├── risingwave_compute 1.1.0-alpha
            │   └── risingwave_batch 1.1.0-alpha
            │       ├── risingwave_frontend 1.1.0-alpha
            │       └── risingwave_compute 1.1.0-alpha
            ├── risingwave_simulation 0.1.0
            ├── risingwave_meta 1.1.0-alpha
            │   ├── risingwave_simulation 0.1.0
            │   ├── risingwave_hummock_test 1.1.0-alpha
            │   │   ├── risingwave_stream 1.1.0-alpha
            │   │   └── risingwave_compaction_test 1.1.0-alpha
            │   ├── risingwave_ctl 1.1.0-alpha
            │   ├── risingwave_compaction_test 1.1.0-alpha
            │   ├── risingwave_cmd_all 1.1.0-alpha
            │   ├── risingwave_cmd 1.1.0-alpha
            │   └── risingwave_backup_cmd 1.1.0-alpha
            ├── risingwave_frontend 1.1.0-alpha
            ├── risingwave_ctl 1.1.0-alpha
            ├── risingwave_compute 1.1.0-alpha
            └── risingwave_batch 1.1.0-alpha

Error message/log

No response

To Reproduce

No response

Expected behavior

No response

How did you deploy RisingWave?

No response

The version of RisingWave

No response

Additional context

No response

The text was updated successfully, but these errors were encountered:

xxchan · 2023-09-20T08:43:55Z

fixed in #12227

yufansong added the type/bug Something isn't working label Aug 31, 2023

github-actions bot added this to the release-1.2 milestone Aug 31, 2023

TennyZhuang assigned xxchan Sep 11, 2023

TennyZhuang modified the milestones: release-1.2, release-1.3 Sep 11, 2023

xxchan closed this as completed Sep 20, 2023

yufansong mentioned this issue Sep 20, 2023

fix: remove cargo audit --ignore RUSTSEC-2022-0093 #12465

Merged

8 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump ed25519-dalek package version #11986

chore: bump ed25519-dalek package version #11986

yufansong commented Aug 31, 2023

xxchan commented Sep 20, 2023

chore: bump ed25519-dalek package version #11986

chore: bump ed25519-dalek package version #11986

Comments

yufansong commented Aug 31, 2023

Describe the bug

Error message/log

To Reproduce

Expected behavior

How did you deploy RisingWave?

The version of RisingWave

Additional context

xxchan commented Sep 20, 2023