search

phylum-dev / cli

Command line interface for the Phylum API
https://phylum.io
GNU General Public License v3.0
103 stars 11 forks source link

Bump deno version #1276

Closed kylewillmon closed 11 months ago

kylewillmon commented 1 year ago

This includes migration to the new op2 macro because op is now deprecated (See denoland/deno_core#279). The new macro requires explicit annotation for string and serde parameters and return values because of the performance hit. We use these heavily (and don't care about the performance).

phylum-io[bot] commented 1 year ago

Phylum OSS Supply Chain Risk Analysis - INCOMPLETE

The analysis contains 2 package(s) Phylum has not yet processed, preventing a complete risk analysis. Phylum is processing these packages currently and should complete soon. Please wait for up to 30 minutes, then re-run the analysis.

View this project in the Phylum UI

kylewillmon commented 1 year ago

Looks like the build requires protoc now, which is causing CI to fail....

I'll investigate later today to see if I can avoid the dependency

kylewillmon commented 1 year ago

It looks like there is no opt out. protoc has been required to build deno since denoland/deno@2d9298f

I'll update the workflows to restore CI.

phylum-io[bot] commented 12 months ago

Phylum OSS Supply Chain Risk Analysis - SUCCESS

The Phylum risk analysis is complete and has passed the active policy.

View this project in the Phylum UI

phylum-io[bot] commented 11 months ago

Phylum OSS Supply Chain Risk Analysis - INCOMPLETE

The analysis contains 1 package(s) Phylum has not yet processed, preventing a complete risk analysis. Phylum is processing these packages currently and should complete soon. Please wait for up to 30 minutes, then re-run the analysis.

View this project in the Phylum UI

kylewillmon commented 11 months ago

I've opened littledivy/aead-gcm-stream#2 to fix the build error on Rust 1.71.0

Hoping to get a quick response there. I'd rather not bump MSRV beyond the latest 3 minor releases.

phylum-io[bot] commented 11 months ago

Phylum OSS Supply Chain Risk Analysis - FAILED

This repository analyzes the risk of new dependencies. An administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: rsa@0.9.3 failed.

rsa@0.9.3 is vulnerable to Marvin Attack: potential key recovery through timing sidechannels

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

rsa@0.9.3 is vulnerable to Marvin Attack: potential key recovery through timing sidechannels

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

View this project in the Phylum UI

phylum-io[bot] commented 11 months ago

Phylum OSS Supply Chain Risk Analysis - FAILED

This repository analyzes the risk of new dependencies. An administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: rsa@0.9.5 failed.

rsa@0.9.5 is vulnerable to Marvin Attack: potential key recovery through timing sidechannels

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

rsa@0.9.5 is vulnerable to Marvin Attack: potential key recovery through timing sidechannels

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

View this project in the Phylum UI

phylum-io[bot] commented 11 months ago

Phylum OSS Supply Chain Risk Analysis - SUCCESS

The Phylum risk analysis is complete and has passed the active policy.

View this project in the Phylum UI