Skip to content

Upgrade futures- crates to 0.3.31 to fix use after free#2253

Merged
cfm merged 1 commit into
mainfrom
bump-futures
Oct 7, 2024
Merged

Upgrade futures- crates to 0.3.31 to fix use after free#2253
cfm merged 1 commit into
mainfrom
bump-futures

Conversation

@legoktm
Copy link
Copy Markdown
Member

@legoktm legoktm commented Oct 7, 2024

Status

Ready for review

Description

futures-util 0.3.30 was yanked because it had a use after free, see rust-lang/futures-rs#2886.

Test Plan

  • CI passes

Checklist

  • These changes should not need testing in Qubes
  • No update to the AppArmor profile is required for these changes

@legoktm
Upgrade futures- crates to 0.3.31 to fix use after free
d31a0ce 
futures-util 0.3.30 was yanked because it had a use after free, see
<rust-lang/futures-rs#2886>.
@legoktm legoktm requested a review from a team as a code owner October 7, 2024 15:59
@legoktm legoktm added this to the 0.14.0 milestone Oct 7, 2024
@cfm cfm self-assigned this Oct 7, 2024
cfm
cfm approved these changes Oct 7, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@cfm cfm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. @legoktm and I confirmed out of band that it's sufficient for this upgrade to be appied in Cargo.lock without being enforced in Cargo.toml, as is the pattern we're used to in Python requirements.inrequirements.txt.

@cfm cfm added this pull request to the merge queue Oct 7, 2024
Merged via the queue into main with commit 0d7ef59 Oct 7, 2024
@cfm cfm deleted the bump-futures branch October 7, 2024 19:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfm cfm cfm approved these changes

Assignees

@cfm cfm

Labels

None yet

Projects

SecureDrop
Archived in project

Milestone

0.14.0

Development

Successfully merging this pull request may close these issues.

2 participants

@legoktm @cfm