Skip to content

Commit

Permalink
Update various dependencies (#5659)
Browse files Browse the repository at this point in the history 
* Bump `async-graphql` from 7.0.6 to 7.0.11

This additionally bumps the `async-graphql-axum` crate, missed by
Dependabot.

Patches [`CVE-2024-47614`](https://nvd.nist.gov/vuln/detail/CVE-2024-47614):

async-graphql before 7.0.10 does not limit the number of directives for
a field. This can lead to Service Disruption, Resource Exhaustion, and
User Experience Degradation. This vulnerability is fixed in 7.0.10.

* Bump `diesel` from 2.2.1 to 2.2.4

Fixes [`RUSTSEC-2024-0365`](https://rustsec.org/advisories/RUSTSEC-2024-0365):

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

* Bump `object_store` from 0.10.1 to 0.11.0

Fixes [`RUSTSEC-2024-0358`](https://rustsec.org/advisories/RUSTSEC-2024-0358):

Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log
files

* Bump `openssl` from 0.10.64 to 0.10.66

Fixes [`RUSTSEC-2024-0357`](https://rustsec.org/advisories/RUSTSEC-2024-0357):

`MemBio::get_buf` has undefined behavior with empty buffers

* Bump `quinn-proto` from 0.11.3 to 0.11.8

Fixes [`RUSTSEC-2024-0373`](https://rustsec.org/advisories/RUSTSEC-2024-0373):

`Endpoint::retry()` calls can lead to panicking
  • Loading branch information
@encalypto
encalypto authored Oct 9, 2024
1 parent 90e949d commit fbb4589
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 81 deletions.
126 changes: 49 additions & 77 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,13 @@ license = "MIT OR Apache-2.0"

[workspace.dependencies]
anyhow = "1.0"
async-graphql = { version = "7.0.6", features = ["chrono", "uuid"] }
async-graphql-axum = "7.0.6"
async-graphql = { version = "7.0.11", features = ["chrono", "uuid"] }
async-graphql-axum = "7.0.11"
axum = "0.7.5"
chrono = "0.4.38"
clap = { version = "4.5.4", features = ["derive", "env"] }
derivative = "2.2.0"
diesel = { version = "2.1.3", features = ["postgres", "serde_json", "numeric", "r2d2", "chrono", "uuid"] }
diesel = { version = "2.2.4", features = ["postgres", "serde_json", "numeric", "r2d2", "chrono", "uuid"] }
diesel-derive-enum = { version = "2.1.0", features = ["postgres"] }
diesel-dynamic-schema = "0.2.1"
diesel_derives = "2.1.4"
Expand Down
2 changes: 1 addition & 1 deletion graph/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ web3 = { git = "https://github.com/graphprotocol/rust-web3", branch = "graph-pat
] }
serde_plain = "1.0.2"
csv = "1.3.0"
object_store = { version = "0.10.1", features = ["gcp"] }
object_store = { version = "0.11.0", features = ["gcp"] }

[dev-dependencies]
clap.workspace = true
Expand Down

0 comments on commit fbb4589

Please sign in to comment.