Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump tempfile v0.3.5 and time v0.2.23 to fix CVE-2020-26235 and run cargo update. #549

Merged
merged 1 commit into from
May 15, 2023
Merged

chore: bump tempfile v0.3.5 and time v0.2.23 to fix CVE-2020-26235 and run cargo update. #549

merged 1 commit into from
May 15, 2023

Conversation

Peefy
Copy link
Contributor

@Peefy Peefy commented May 15, 2023

1. Does this PR affect any open issues?(Y/N) and add issue references (e.g. "fix #123", "re #123".):

  • N
  • Y

fix for https://github.com/KusionStack/KCLVM/security/dependabot/77 and https://github.com/KusionStack/KCLVM/security/dependabot/87

chore: bump tempfile v0.3.5 and time v0.2.23 to fix CVE-2020-26235 and run cargo update.

2. What is the scope of this PR (e.g. component or file name):

3. Provide a description of the PR(e.g. more details, effects, motivations or doc link):

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Other

4. Are there any breaking changes?(Y/N) and describe the breaking changes(e.g. more details, motivations or doc link):

  • N
  • Y

5. Are there test cases for these changes?(Y/N) select and add more details, references or doc links:

  • Unit test
  • Integration test
  • Benchmark (add benchmark stats below)
  • Manual test (add detailed scripts or steps below)
  • Other

6. Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

@Peefy Peefy added dependencies Pull requests that update a dependency file security labels May 15, 2023
@Peefy Peefy requested review from NeverRaR and zong-zhe May 15, 2023 02:58
zong-zhe
zong-zhe approved these changes May 15, 2023
View reviewed changes
Copy link
Contributor

@zong-zhe zong-zhe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@coveralls
Copy link
Collaborator

Pull Request Test Coverage Report for Build 4976023884

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 31 unchanged lines in 1 file lost coverage.
  • Overall coverage decreased (-20.2%) to 67.79%
Files with Coverage Reduction New Missed Lines %
compiler_base/session/src/lib.rs 31 50.0%
Totals Coverage Status
Change from base Build 4956494211: -20.2%
Covered Lines: 30485
Relevant Lines: 44970
💛 - Coveralls

@Peefy Peefy merged commit 4a73c4b into kcl-lang:main May 15, 2023
@Peefy Peefy deleted the security-time-and-tempfile-crates branch May 15, 2023 03:39
@github-actions github-actions bot locked and limited conversation to collaborators May 15, 2023
@Peefy Peefy self-assigned this May 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zong-zhe zong-zhe zong-zhe approved these changes

@NeverRaR NeverRaR Awaiting requested review from NeverRaR

Assignees

@Peefy Peefy

Labels
dependencies Pull requests that update a dependency file security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Peefy @coveralls @zong-zhe