Bump the vulnerable dependencies by majecty · Pull Request #1986 · CodeChain-io/codechain

majecty · 2020-08-26T06:33:15Z

This is the same commit as #1985 on the master branch.

All bump up includes minor updates. I checked this using cargo-audit.

Updated dependencies:

http 0.1.17 -> 0.1.21
hyper 0.12.19 -> 0.12.35
smallvec 0.6.4 -> 0.6.13
libflate 0.1.23 -> 0.1.27
spin 0.5.0 -> 0.5.2
yaml-rust: This commit updates clap instead. clap 2.33 does not
affected by the problem.

Links about the security advisories

All bump up includes minor updates. I checked this using cargo-audit. Updated dependencies: * http 0.1.17 -> 0.1.21 * hyper 0.12.19 -> 0.12.35 * smallvec 0.6.4 -> 0.6.13 * libflate 0.1.23 -> 0.1.27 * spin 0.5.0 -> 0.5.2 * yaml-rust: This commit updates clap instead. clap 2.33 does not affected by the problem. Links about the security advisories * https://rustsec.org/advisories/RUSTSEC-2019-0034 * https://rustsec.org/advisories/RUSTSEC-2019-0033 * https://rustsec.org/advisories/RUSTSEC-2020-0008 * https://rustsec.org/advisories/RUSTSEC-2019-0010 * https://rustsec.org/advisories/RUSTSEC-2019-0012 * https://rustsec.org/advisories/RUSTSEC-2019-0013 * https://rustsec.org/advisories/RUSTSEC-2018-0006

majecty requested a review from sgkim126 August 26, 2020 06:33

sgkim126 approved these changes Aug 27, 2020

View reviewed changes

sgkim126 merged commit 908e255 into CodeChain-io:master Aug 27, 2020

majecty deleted the f/dependency-master branch August 27, 2020 06:01

Provide feedback