Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update mountpoint-s3-client to fix libgit2-sys security issue #141

Merged
merged 2 commits into from
Feb 13, 2024
Merged

Update mountpoint-s3-client to fix libgit2-sys security issue #141

merged 2 commits into from
Feb 13, 2024

Conversation

muddyfish
Copy link
Contributor

@muddyfish muddyfish commented Feb 13, 2024
edited
Loading

Description

Previous PRs are blocked on Rust's cargo deny failing: https://github.com/awslabs/s3-connector-for-pytorch/actions/runs/7867873103/job/21464194689?pr=138

These failures are unrelated to their content changes, but instead are due to a new security issue found in libgit2-sys.
https://rustsec.org/advisories/RUSTSEC-2024-0013

This library is being pulled in by our built dependency for automatically including versioning information into the release. Mountpoint also used this library, pulling in an earlier version than we were wanting. This PR pulls in an updated Mountpoint version with a more recent dependency on built.

Additional context

No breaking changes

Related items

Testing

  • cargo deny check passes
  • cargo test --no-default-features passes
  • pytest passes

By submitting this pull request, I confirm that my contribution is made under the terms of BSD 3-Clause License and I agree to the terms of the LICENSE.

@dnanuti dnanuti mentioned this pull request Feb 13, 2024
Closed
@muddyfish muddyfish merged commit b2852be into awslabs:main Feb 13, 2024
19 checks passed
@muddyfish muddyfish deleted the fix/libgit2 branch February 13, 2024 11:15
@dnanuti dnanuti mentioned this pull request Feb 13, 2024
Closed
dnanuti pushed a commit that referenced this pull request Feb 13, 2024
@muddyfish
Update mountpoint-s3-client to fix libgit2-sys security issue (#141)
84defea 
* Update mountpoint-s3-client to fix libgit2-sys security issue

https://rustsec.org/advisories/RUSTSEC-2024-0013

* Update rust-checks to use brand new `manifest-path` input variable

---------

Co-authored-by: Simon Beal <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dnanuti dnanuti dnanuti approved these changes

@IsaevIlya IsaevIlya Awaiting requested review from IsaevIlya

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@muddyfish @dnanuti