Skip to content

Security #1: Attempt to bump up generic-array #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
michalfita merged 1 commit into from
Jul 27, 2022
Merged

Security #1: Attempt to bump up generic-array #22

michalfita merged 1 commit into from
Jul 27, 2022

Conversation

@michalfita
Copy link
Collaborator

@michalfita michalfita commented Jul 24, 2022

@michalfita michalfita requested a review from tmplt July 24, 2022 16:24
@michalfita michalfita mentioned this pull request Jul 25, 2022
Closed
@tmplt
Copy link
Member

tmplt commented Jul 25, 2022

The linked report does not exist: 404.

@michalfita
Copy link
Collaborator Author

michalfita commented Jul 25, 2022

image
That's pretty interesting, so for some bizarre reason you don't have access rights to it.

@michalfita
Copy link
Collaborator Author

michalfita commented Jul 25, 2022

What about now?

tmplt
tmplt requested changes Jul 25, 2022
View reviewed changes
Copy link
Member

@tmplt tmplt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still can't access the report. But both dep bumps LGTM. I'd rewrite the commit:

cargo: bump nb, cortex-m

nb bumped due to <link to report>.

or similar.

hal/Cargo.toml Outdated
[package]
name = "atsamx7x-hal"
version = "0.1.0"
version = "0.2.0"
Copy link
Member

@tmplt tmplt Jul 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Techically, a MINOR bump is overkill. A PATCH bump suffices.

hal/Cargo.toml

[dependencies]
cortex-m = "0.7"
cortex-m = "0.7.5"
Copy link
Member

@tmplt tmplt Jul 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commit does not mention a cortex-m bump.

@michalfita michalfita mentioned this pull request Jul 26, 2022
Closed
@michalfita michalfita force-pushed the security/1/bump-up-dependencies-to-once-using-newer-generic-array branch from 32bb559 to a2b53ef Compare July 27, 2022 17:59
@michalfita michalfita merged commit ce2b8bb into development Jul 27, 2022
@michalfita michalfita deleted the security/1/bump-up-dependencies-to-once-using-newer-generic-array branch July 27, 2022 21:46
@michalfita michalfita restored the security/1/bump-up-dependencies-to-once-using-newer-generic-array branch October 26, 2022 18:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tmplt tmplt tmplt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@michalfita @tmplt