Update h2 to 0.3.24 to fix vulnerability RUSTSEC-2024-0003

polyphony-chat / chorus

A rust library for interacting with multiple Spacebar-compatible Instances at once.

https://crates.io/crates/chorus

Mozilla Public License 2.0

16 stars 7 forks source link

Update h2 to 0.3.24 to fix vulnerability RUSTSEC-2024-0003 #474

Closed striezel closed 5 months ago

striezel commented 5 months ago

The update fixes a resource exhaustion vulnerability in h2 which may lead to Denial of Service. For more information on that see https://rustsec.org/advisories/RUSTSEC-2024-0003.

kozabrada123 commented 5 months ago

Hi, thank you for your contributions! However, please target the dev branch instead of main, as pushes to main are meant for releases

kozabrada123 commented 5 months ago

Looks good, thank you!

striezel commented 5 months ago

However, please target the dev branch instead of main, as pushes to main are meant for releases

Thanks.

It may be a good idea to document that somehow for new / future contributors. Many projects contain a CONTRIBUTING.md in their repositories for such purposes.

kozabrada123 commented 5 months ago

It may be a good idea to document that somehow for new / future contributors. Many projects contain a CONTRIBUTING.md in their repositories for such purposes.

While we could make a CONTRIBUTING.md for chorus specifically, we do have a section in the README on contributing, which also mentions the contribution guidelines of the project as a whole :P