GitHub notified us about CVE-2019-25010, which is a vulnerability in the failure crate.
We can get rid of the dependency on failure by updating our graphql_client dependency. Unfortunately, a fixed version has not yet been released, so we have to depend on a specific upstream git commit.
Test Plan:
cargo tree does not show a dependency on failure (it did before this commit)
cargo check and cargo test report no problems
build spr with this change locally and use it for submitting and landing this pull request
GitHub notified us about CVE-2019-25010, which is a vulnerability in the
failurecrate. We can get rid of the dependency onfailureby updating ourgraphql_clientdependency. Unfortunately, a fixed version has not yet been released, so we have to depend on a specific upstream git commit.Test Plan:
cargo treedoes not show a dependency onfailure(it did before this commit)cargo checkandcargo testreport no problems