-
Notifications
You must be signed in to change notification settings - Fork 784
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cargo audit vuln ignored: RUSTSEC-2020-0043 #1669
Labels
Comments
This was referenced Sep 26, 2020
bors bot
pushed a commit
that referenced
this issue
Sep 26, 2020
## Issue Addressed Resolves #1651 ## Description This supercedes #1658. Great work was done by @pawanjay176, I just needed to make a change whilst he is away. See #1658 for a description, prior reviews and approval by @michaelsproul. ## Additional info Ignores a rustsec advisory. This is tracked in #1669. Co-authored-by: pawan <pawandhananjay@gmail.com>
bors bot
pushed a commit
that referenced
this issue
Sep 27, 2020
## Issue Addressed NA ## Proposed Changes There are four new conditions introduced in v0.12.3: 1. _[REJECT]_ The attestation's epoch matches its target -- i.e. `attestation.data.target.epoch == compute_epoch_at_slot(attestation.data.slot)` 1. _[REJECT]_ The attestation's target block is an ancestor of the block named in the LMD vote -- i.e. `get_ancestor(store, attestation.data.beacon_block_root, compute_start_slot_at_epoch(attestation.data.target.epoch)) == attestation.data.target.root` 1. _[REJECT]_ The committee index is within the expected range -- i.e. `data.index < get_committee_count_per_slot(state, data.target.epoch)`. 1. _[REJECT]_ The number of aggregation bits matches the committee size -- i.e. `len(attestation.aggregation_bits) == len(get_beacon_committee(state, data.slot, data.index))`. This PR implements new logic to suit (1) and (2). Tests are added for (3) and (4), although they were already implicitly enforced. ## Additional Info - There's a bit of edge-case with target root verification that I raised here: ethereum/consensus-specs#2001 (comment) - I've had to add an `--ignore` to `cargo audit` to get CI to pass. See #1669
I'm pushing this back to |
This should disappear when @realbigsean removes the websocket server. |
PR to remove webserver is here: #1920 |
paulhauner
added
the
low-hanging-fruit
Easy to resolve, get it before someone else does!
label
Dec 4, 2020
bors bot
pushed a commit
that referenced
this issue
Dec 4, 2020
## Issue Addressed Resolves #1434 (this is the last major feature in the standard spec. There are only a couple of places we may be off-spec due to recent spec changes or ongoing discussion) Partly addresses #1669 ## Proposed Changes - remove the websocket server - remove the `TeeEventHandler` and `NullEventHandler` - add server sent events according to the eth2 API spec ## Additional Info This is according to the currently unmerged PR here: ethereum/beacon-APIs#117 Co-authored-by: realbigsean <seananderson33@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Description
In #1670 I am going to add
--ignore RUSTSEC-2020-0043
here:lighthouse/Makefile
Line 140 in 3412a3e
So we can suppress this error which prevents CI from passing:
I have suppressed this error since there is not safe upgrade available (according to the above message). Once
ws
cuts a new release, we should update ASAP.Interestingly, #1434 will likely remove this dep.
The text was updated successfully, but these errors were encountered: