search

tari-project / tari

The Tari protocol
https://tari.com
BSD 3-Clause "New" or "Revised" License
339 stars 210 forks source link

fix: update curve library #6381

Closed AaronFeickert closed 1 month ago

AaronFeickert commented 1 month ago

Description

Updates the curve library dependency.

Motivation and Context

The curve library has a timing vulnerability that was recently fixed. This PR updates the main lock file to pull in the patched version.

How Has This Been Tested?

Existing tests pass.

What process can a PR reviewer use to test or verify this change?

Confirm that the updated version is consistent with the security advisory.

AaronFeickert commented 1 month ago

Note that #6373 is also needed to fully patch this.

github-actions[bot] commented 1 month ago

Test Results (Integration tests)

 2 files  11 suites   15m 57s :stopwatch: 35 tests 34 :white_check_mark: 0 :zzz: 1 :x: 37 runs  34 :white_check_mark: 0 :zzz: 3 :x:

For more details on these failures, see this check.

Results for commit b59a4baa.

github-actions[bot] commented 1 month ago

Test Results (CI)

    3 files    120 suites   41m 51s :stopwatch: 1 294 tests 1 294 :white_check_mark: 0 :zzz: 0 :x: 3 874 runs  3 874 :white_check_mark: 0 :zzz: 0 :x:

Results for commit b59a4baa.