search

fortanix / rust-sgx

The Fortanix Rust Enclave Development Platform
https://edp.fortanix.com
Mozilla Public License 2.0
433 stars 98 forks source link

Remove `failure` crate #564

Closed nshyrei closed 6 months ago

nshyrei commented 7 months ago

Changes all usages of failure crate (https://crates.io/crates/failure) across the project into thiserror (https://crates.io/crates/thiserror) and anyhow (https://crates.io/crates/anyhow). This change fixes vulnerability introduced by the failure crate (https://rustsec.org/advisories/RUSTSEC-2020-0036)

Taowyoo commented 7 months ago

The changes so far LGTM.

But since this upgrade change the function signatures, this will be a breaking change of all crates that are updated. Which means you need to increase the minor version number of all crates you updated.

ALSO Before we merge this PR, I have to get clear about out release strategy about crates under rust-sgx. If we want to have a version without this change but contains all changes before this PR and after last publish. We need to publish new version of crates with new patch version if they only contains some version compatible changes.

Otherwise, we could just bump the minor versions in this PR

What's you idea about this ^^ @raoulstrackx @ssavvides

nshyrei commented 7 months ago

@Taowyoo Please review last 2 commits

Taowyoo commented 6 months ago

Please fix the ci, some versions in Cargo.toml are not correct. @nshyrei

nshyrei commented 6 months ago

@Taowyoo Fixed, please review