dforsten
commented
5 months ago 8 of the 9 critical issues should now be fixed. The rust-crypto issue looks more complex, will dig into it next.
Closed dforsten closed 2 months ago
dforsten
commented
5 months ago 8 of the 9 critical issues should now be fixed. The rust-crypto issue looks more complex, will dig into it next.
dforsten
commented
5 months ago The most straight-forward fix seems to be to use "parity-crypto" instead, which is already used in the repository. Investigating why "rust-crypto" is still being used, and how easily it could be switched out with "parity-crypto".
dforsten
commented
5 months ago Simply removing "rust-crypto" from the "network-devp2p" project fixed the issue. I will set the pull request to ready for review since all critical issues directly fixable inside of the diamond-node repository are now fixed.
The indirect issues in external crates we include have to be fixed in a separate issues, probably requiring creating forks of the affected crates.
SurfingNerd
commented
4 months ago thanks, critical errors went down from 9 to 5.
SurfingNerd
commented
4 months ago parity-daemonize is forked here, https://github.com/DMDcoin/parity-daemonize so we can solve the CVEs connected with the "failure" crate.
SurfingNerd
commented
2 months ago all critical issues are solved now.
Dependabot currently reports 52 issues, 9 of which are critical. Fix all critical issues.