Closed dforsten closed 2 months ago
8 of the 9 critical issues should now be fixed. The rust-crypto issue looks more complex, will dig into it next.
The most straight-forward fix seems to be to use "parity-crypto" instead, which is already used in the repository. Investigating why "rust-crypto" is still being used, and how easily it could be switched out with "parity-crypto".
Simply removing "rust-crypto" from the "network-devp2p" project fixed the issue. I will set the pull request to ready for review since all critical issues directly fixable inside of the diamond-node repository are now fixed.
The indirect issues in external crates we include have to be fixed in a separate issues, probably requiring creating forks of the affected crates.
thanks, critical errors went down from 9 to 5.
parity-daemonize is forked here, https://github.com/DMDcoin/parity-daemonize so we can solve the CVEs connected with the "failure" crate.
all critical issues are solved now.
Dependabot currently reports 52 issues, 9 of which are critical. Fix all critical issues.