GitHub notified us about CVE-2019-25010, which is a vulnerability in the failure crate.
We can get rid of the dependency on failure by updating our graphql_client dependency. Unfortunately, a fixed version has not yet been released, so we have to depend on a specific upstream git commit.
Test Plan:
cargo tree does not show a dependency on failure (it did before this commit)
cargo check and cargo test report no problems
build spr with this change locally and use it for submitting and landing this pull request
GitHub notified us about CVE-2019-25010, which is a vulnerability in the
failure
crate. We can get rid of the dependency onfailure
by updating ourgraphql_client
dependency. Unfortunately, a fixed version has not yet been released, so we have to depend on a specific upstream git commit.Test Plan:
cargo tree
does not show a dependency onfailure
(it did before this commit)cargo check
andcargo test
report no problems