search

entropyxyz / entropy-core

Protocol and cryptography development.
https://docs.entropy.xyz/
GNU Affero General Public License v3.0
9 stars 1 forks source link

Bump tdx-quote from `785cd66` to `f94a63b` #1044

Closed dependabot[bot] closed 2 weeks ago

dependabot[bot] commented 2 weeks ago

Bumps tdx-quote from 785cd66 to f94a63b.

Commits
  • f94a63b Readme
  • 5c99c6f Merge pull request #3 from entropyxyz/peg/check-pck-signature
  • e856ed2 Improve tests
  • a7245dd Check hash in QE report data
  • 6d100af Add sha2 dependency
  • c744ac5 Merge pull request #2 from entropyxyz/peg/qe-report-certification-data
  • 6beb62f Update test to verify with given PCK key
  • 3538cac WIP verify PCK signature in certification data
  • 5634d98 Parse certification data
  • See full diff in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
HCastano commented 2 weeks ago

@ameba23 can you take a look at this?

ameba23 commented 2 weeks ago

@ameba23 can you take a look at this?

This is the annoying dependency problem i was complaining about. For some reason rand-core is getting downgraded from 0.6.1 to 0.5.4, even though 0.6.1 is used in the tdx-quote lockfile.

Deleting the lockfile and rebuilding fixes this, but it also bumps a bunch of other stuff which im not really sure if we want.

And i just found an issue with the mock quotes on that new commit, so i am gonna close this, fix that problem, then make another PR pinning to a specific commit.

dependabot[bot] commented 2 weeks ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.