Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: cargo-audit ressurect with new 0.21.1 version #619

Merged
merged 1 commit into from
Jan 23, 2025
Merged

ci: cargo-audit ressurect with new 0.21.1 version #619

merged 1 commit into from
Jan 23, 2025

Conversation

storopoli
Copy link
Member

@storopoli storopoli commented Jan 20, 2025
edited
Loading

Description

Enable security.yml GH Actions workflow with the new [email protected] release.

cargo-audit version 0.21.1 no longer gives errors when parsing our Cargo.lock.

Hence, we can activate it back.
CI is failing because of REAL RUSTSEC warnings (amongst them the vulnerability, RED alert/error, from idna can be fixed with #542).

Tagging @AaronFeickert if he wants to take a look, and is available.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature/Enhancement (non-breaking change which adds functionality or enhances an existing one)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactor
  • New or updated tests
  • Dependency Update

Checklist

  • I have performed a self-review of my code.
  • I have commented my code where necessary.
  • I have updated the documentation if needed.
  • My changes do not introduce new warnings.
  • I have added tests that prove my changes are effective or that my feature works.
  • New and existing tests pass with my changes.

Related Issues

STR-601

@storopoli storopoli requested a review from a team as a code owner January 20, 2025 10:59
@codecov Codecov
Copy link

codecov bot commented Jan 20, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 55.98%. Comparing base (6651b20) to head (e6d5c7c).
Report is 1 commits behind head on main.

@@           Coverage Diff           @@
##             main     #619   +/-   ##
=======================================
  Coverage   55.97%   55.98%           
=======================================
  Files         315      315           
  Lines       33428    33428           
=======================================
+ Hits        18712    18713    +1     
+ Misses      14716    14715    -1

see 4 files with indirect coverage changes

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 20, 2025
edited
Loading

Commit: 08af75b

SP1 Performance Test Results

program cycles success
BTC_BLOCKSPACE 30,357,421
EL_BLOCK 98,534
CL_BLOCK 57,370
L1_BATCH 30,387,324
L2_BATCH 5,473
CHECKPOINT 15,895

@storopoli storopoli force-pushed the storopoli/cargo-audit-ressurect branch from cde16f1 to 227cd78 Compare January 20, 2025 11:57
AaronFeickert
AaronFeickert approved these changes Jan 20, 2025
View reviewed changes
Copy link
Contributor

@AaronFeickert AaronFeickert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy to see this back again! ACK, modulo the note about failing CI.

@storopoli storopoli enabled auto-merge January 20, 2025 17:38
@storopoli storopoli requested a review from Rajil1213 January 23, 2025 13:54
@Rajil1213
Copy link
Contributor

Rajil1213 commented Jan 23, 2025
edited
Loading

There is still a vulnerability that we should resolve if we can before merging this.

EDIT: I see that the vulnerability is supposed to be resolved via #542. I don't think there's a point in enabling the security checks just to have it fail. If it's okay, we should wait for that other ticket.

@storopoli
Copy link
Member Author

There is still a vulnerability that we should resolve if we can before merging this.

EDIT: I see that the vulnerability is supposed to be resolved via #542. I don't think there's a point in enabling the security checks just to have it fail. If it's okay, we should wait for that other ticket.

Sure, I'll mark this as a draft and once #542 gets merged I'll rebase and then we can 1-Rajill-ACK-merge the PR.

@storopoli storopoli disabled auto-merge January 23, 2025 16:36
@storopoli storopoli marked this pull request as draft January 23, 2025 16:36
@storopoli storopoli force-pushed the storopoli/cargo-audit-ressurect branch from 227cd78 to e6d5c7c Compare January 23, 2025 22:38
@storopoli storopoli marked this pull request as ready for review January 23, 2025 22:42
@storopoli
Copy link
Member Author

@Rajil1213 all green now!

@storopoli storopoli added this pull request to the merge queue Jan 23, 2025
Merged via the queue into main with commit 0db65b9 Jan 23, 2025
21 checks passed
@storopoli storopoli deleted the storopoli/cargo-audit-ressurect branch January 23, 2025 23:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AaronFeickert AaronFeickert AaronFeickert approved these changes

@Rajil1213 Rajil1213 Rajil1213 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@storopoli @Rajil1213 @AaronFeickert