Jefffrey commented on PR #5160:
URL: https://github.com/apache/arrow-rs/pull/5160#issuecomment-1842659906
Example run with a dependency with CVE:
Run audit check step:
```
Run cargo audit
Updating crates.io index
Fetching advisory database from
`[https://github.com/RustSec/advisory-db.git`](https://github.com/RustSec/advisory-db.git%60)
Loaded 580 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (353 crate dependencies)
error: 1 vulnerability found!
Crate: cocoon
Version: 0.3.3
Title: Sequential calls of encryption API (`encrypt`, `wrap`, and
`dump`) result in nonce reuse
Date: 2023-10-15
ID: RUSTSEC-2023-0068
URL: https://rustsec.org/advisories/RUSTSEC-2023-0068
Severity: 4.5 (medium)
Solution: Upgrade to >=0.4.0
Dependency tree:
cocoon 0.3.3
└── arrow-csv 49.0.0
├── parquet 49.0.0
│ ├── parquet_derive_test 49.0.0
│ └── parquet_derive 49.0.0
│ └── parquet_derive_test 49.0.0
└── arrow 49.0.0
├── parquet 49.0.0
├── arrow-integration-testing 49.0.0
└── arrow-integration-test 49.0.0
└── arrow-integration-testing 49.0.0
Error: Process completed with exit code 1.
```
Subsequently fails.
-
https://github.com/apache/arrow-rs/actions/runs/7113685561/job/19366158937?pr=5160
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
