Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Update dependencies 24-03-2025 #532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 24, 2025
Merged

Update dependencies 24-03-2025 #532

merged 1 commit into from
Mar 24, 2025

Conversation

joseluisq
Copy link
Collaborator

@joseluisq joseluisq commented Mar 19, 2025
edited
Loading

Description

This PR updates dependencies as usual to provide security, bug fixes and improvements.

Security patch for RUSTSEC-2024-0437

This change removes the experimental Cargo feature from the resulting static-web-server binary temporarily (not the Cargo feature itself) to prevent shipping the security vulnerability #530 in an eventual release.

The experimental Cargo feature will be restored to be part of the binary again once the upstream patch is
available.

References

Old Windows 7, 8, 8.1 patch

We use the following patch in the Cargo.toml to be able to build SWS for old Windows 7, 8, 8.1 temporarily (#447) by pinning dependencies (MSRV 1.76.0) because newer versions of them require rustc 1.81 or later.

+ zerofrom = "=0.1.5"
+ zerofrom-derive = "=0.1.5"
+ litemap = "=0.7.4"

Remember, Microsoft stopped support for Windows 7 in 2020 (2023 for extended users). So take into account that we will not keep supporting this unmaintained platform for so long. Therefore, we could reconsider bumping up the MSRV in future SWS releases when convenient. We will advise users accordingly when this will occur and provide a patch if they need to build SWS manually for those old platforms.

Related Issue

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

@semanticdiff-com SemanticDiff.com
Copy link

semanticdiff-com bot commented Mar 19, 2025
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  .github/workflows/release.updates.yml  62% smaller
  .cargo/audit.toml Unsupported file format
  Cargo.lock Unsupported file format
  Cargo.toml Unsupported file format

@joseluisq joseluisq force-pushed the update-dependencies-19-03-2025 branch 2 times, most recently from 0e90b68 to e80e658 Compare March 19, 2025 01:42
@joseluisq joseluisq added enhancement New feature or request v2 v2 release security Related to Security dependency Related to dependencies labels Mar 19, 2025
@joseluisq joseluisq force-pushed the update-dependencies-19-03-2025 branch from e80e658 to 89d8757 Compare March 24, 2025 00:51
@joseluisq joseluisq linked an issue Mar 24, 2025 that may be closed by this pull request
RUSTSEC-2024-0437: Crash due to uncontrolled recursion in protobuf crate #530
Closed
@joseluisq
RUSTSEC-2024-0437:
373dd31 
This change removes the "experimental" Cargo feature from the
resulting static-web-server **binary** temporarily (not the Cargo
feature itself) to prevent shipping this vulnerable code along with
SWS binary.
The "experimental" Cargo feature will be restored once the upstream
patch is available.

Old Windows 7, 8, 8.1 patch:
Addtionally, it pins zerofrom, zerofrom-derive, litemap
dependencies **temporarily** to be able to build SWS for old Windows
7, 8, 8.1 because newer versions of them require rustc 1.81 or later.
@joseluisq joseluisq force-pushed the update-dependencies-19-03-2025 branch from 89d8757 to 373dd31 Compare March 24, 2025 01:06
@joseluisq joseluisq changed the title Update dependencies 19-03-2025 Update dependencies 24-03-2025 Mar 24, 2025
@joseluisq joseluisq merged commit ad4c171 into master Mar 24, 2025
35 checks passed
@joseluisq joseluisq deleted the update-dependencies-19-03-2025 branch March 24, 2025 01:22
@joseluisq joseluisq added this to the v2.36.1 milestone Mar 24, 2025
@joseluisq joseluisq mentioned this pull request Mar 30, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependency Related to dependencies enhancement New feature or request security Related to Security v2 v2 release
Projects
None yet
Milestone
v2.36.1
Development

Successfully merging this pull request may close these issues.

RUSTSEC-2024-0437: Crash due to uncontrolled recursion in protobuf crate
1 participant
@joseluisq