Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade cookie_store to 0.21.1 #397

Merged
merged 3 commits into from
Jan 11, 2025
Merged

upgrade cookie_store to 0.21.1 #397

merged 3 commits into from
Jan 11, 2025

Conversation

kranurag7
Copy link
Contributor

upgrading cookie_store to 0.21.1 via this commit because it was pulling idna which contained a CVE.

@kranurag7 kranurag7 marked this pull request as ready for review January 5, 2025 08:51
kranurag7
kranurag7 commented Jan 5, 2025
View reviewed changes
src/session.rs Outdated Show resolved Hide resolved
This was referenced Jan 5, 2025
Closed
Merged
blyxxyz
blyxxyz reviewed Jan 5, 2025
View reviewed changes
Copy link
Collaborator

@blyxxyz blyxxyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This gets rid of 2 dependencies and 5 duplicated dependencies so definitely a nice change, thank you!

I don't think that the CVE is a security concern for us, since we run the hostname through a URL parse before we set it on the cookie and we don't have any crazy authentication system where you can benefit from not matching a domain. So we don't need to rush out another release.

src/session.rs Outdated Show resolved Hide resolved
@ducaale
Copy link
Owner

ducaale commented Jan 11, 2025

@kranurag7 do you mind resolving current merge conflicts? We can fix any clippy warnings after merging this PR

kranurag7 and others added 3 commits January 11, 2025 23:11
@kranurag7
upgrade cookie_store to 0.21.1
53f7ece 
upgrading cookie_store to 0.21.1 via this commit because it was pulling
idna which contained a CVE.

Signed-off-by: kranurag7 <[email protected]>
@kranurag7 @blyxxyz
address review comments
355dd04 
Co-authored-by: Jan Verbeek <[email protected]>
@kranurag7 @blyxxyz
use builder.into()
bb82a77 
Signed-off-by: kranurag7 <[email protected]>

Co-authored-by: Jan Verbeek <[email protected]>
@kranurag7 kranurag7 force-pushed the kr/upgrade-cookie_store branch from 377d86a to bb82a77 Compare January 11, 2025 17:46
blyxxyz
blyxxyz approved these changes Jan 11, 2025
View reviewed changes
Copy link
Collaborator

@blyxxyz blyxxyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@ducaale ducaale merged commit 1a1a0b5 into ducaale:master Jan 11, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blyxxyz blyxxyz blyxxyz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kranurag7 @ducaale @blyxxyz