search

hyperledger / cacti

Hyperledger Cacti is a new approach to the blockchain interoperability problem
https://wiki.hyperledger.org/display/cactus
Apache License 2.0
324 stars 277 forks source link

build(deps): ensure persistent bump of openssl from 0.10.32 to 0.10.48 #2365

Closed petermetz closed 1 month ago

petermetz commented 1 year ago

Description

Upgrade dependencies in the Cargo.toml file not just the lock file as it was done by #2344 to remedy the same issue.

"ensure persistent" bump means that if the lockfile is deleted and regenerated the old openssl will be used once again without the necessary upgrades in the cargo.toml as well.

build(deps): bump openssl from 0.10.32 to 0.10.48 in ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/rust/gen #2344

The other PR opened by the robot which only uses the lock file to force the use of the newer versions: https://github.com/hyperledger/cacti/pull/2344/files

Acceptance Criteria

  1. ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/rust/gen/Cargo.toml is updated
  2. The same vulnerability does not resurface in the event of us having to delete the lock file and then re-generate it.
Poonam1607 commented 1 year ago

Hi @petermetz can I work on this issue?

petermetz commented 1 year ago

@Poonam1607 Yes, thank you for the offer! Assigning now.

Poonam1607 commented 1 year ago

Thank you! I am on it.