Skip to content

Commit

Permalink
Fix DoS issue in rustls
Browse files Browse the repository at this point in the history 
rustls is depended on by ureq, but the version it depends on has a
vulnerability. So I have explicitly depended on a more recent version
here in the project here.

[changelog]
security: upgraded rustls dependency to address DoS vulnerability
  • Loading branch information
@drewdeponte
drewdeponte committed Jul 6, 2024
1 parent 48136c4 commit 1721d16
Show file tree
Hide file tree
Showing 2 changed files with 218 additions and 0 deletions.
216 changes: 216 additions & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,13 @@ ureq = "2.10.0"
version-compare = "0.2.0"
clap = { version = "4.5.8", features = ["derive"] }
tempfile = "3.10.1"
rustls = "0.23.10" # to force higher version than ureq requires for security fixes

[build-dependencies]
clap = { version = "4.5.8", features = ["string"] }
clap_complete = "4.5.7"
clap_mangen = "0.2.22"
rustls = "0.23.10" # to force higher version than ureq requires for security fixes

[features]
backup_cmd = []

0 comments on commit 1721d16

Please sign in to comment.