Update tungstenite to 0.20.1 for security update

lemunozm / message-io

Fast and easy-to-use event-driven network library.

Apache License 2.0

1.12k stars 75 forks source link

Update tungstenite to 0.20.1 for security update #166

Closed jhg closed 9 months ago

jhg commented 12 months ago

Crate: tungstenite Version: 0.16.0 Title: Tungstenite allows remote attackers to cause a denial of service Date: 2023-09-25 ID: RUSTSEC-2023-0065 URL: https://rustsec.org/advisories/RUSTSEC-2023-0065 Solution: Upgrade to >=0.20.1

jhg commented 12 months ago

I see now the Cargo.lock file, I'll update that to fix the error in the workflow.

lemunozm commented 12 months ago

Thanks a lot for your contribution!

jhg commented 9 months ago

Excuse me to late, it's done now. The Cargo.lock file is updated and it'll use tungstenite 0.21.0, the check and test show only warnings but without errors.

@lemunozm is there an estimated date for next release?

lemunozm commented 9 months ago

Thanks for fixing it! I'll try this week

lemunozm commented 9 months ago

This change is in v0.18.1