mirror of
https://github.com/sigp/lighthouse.git
synced 2026-05-07 08:52:54 +00:00
Update zeroize_derive (#2625)
## Issue Addressed NA ## Proposed Changes As `cargo audit` astutely pointed out, the version of `zeroize_derive` were were using had a vulnerability: ``` Crate: zeroize_derive Version: 1.1.0 Title: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s Date: 2021-09-24 ID: RUSTSEC-2021-0115 URL: https://rustsec.org/advisories/RUSTSEC-2021-0115 Solution: Upgrade to >=1.2.0 ``` This PR updates `zeroize` and `zeroize_derive` to appease `cargo audit`. `tiny-bip39` was also updated to allow compile. ## Additional Info I don't believe this vulnerability actually affected the Lighthouse code-base directly. However, `tiny-bip39` may have been affected which may have resulted in some uncleaned memory in Lighthouse. Whilst this is not ideal, it's not a major issue. Zeroization is a nice-to-have since it only protects from sophisticated attacks or attackers that already have a high level of access already.
This commit is contained in:
Paul Hauner
16
Cargo.lock
generated
16
Cargo.lock
generated
@@ -2935,6 +2935,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "bee0328b1209d157ef001c94dd85b4f8f64139adb0eac2659f4b08382b2f474d"
|
||||
dependencies = [
|
||||
"cfg-if 1.0.0",
|
||||
"js-sys",
|
||||
"wasm-bindgen",
|
||||
"web-sys",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -6320,13 +6323,14 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "tiny-bip39"
|
||||
version = "0.8.0"
|
||||
version = "0.8.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d9e44c4759bae7f1032e286a7ef990bd9ed23fe831b7eeba0beb97484c2e59b8"
|
||||
checksum = "524daa5624d9d4ffb5a0625971d35205b882111daa6b6338a7a6c578a3c36928"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"hmac 0.8.1",
|
||||
"once_cell",
|
||||
"parking_lot",
|
||||
"pbkdf2 0.4.0",
|
||||
"rand 0.7.3",
|
||||
"rustc-hash",
|
||||
@@ -7443,18 +7447,18 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "zeroize"
|
||||
version = "1.4.1"
|
||||
version = "1.4.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "377db0846015f7ae377174787dd452e1c5f5a9050bc6f954911d01f116daa0cd"
|
||||
checksum = "bf68b08513768deaa790264a7fac27a58cbf2705cfcdc9448362229217d7e970"
|
||||
dependencies = [
|
||||
"zeroize_derive",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "zeroize_derive"
|
||||
version = "1.1.0"
|
||||
version = "1.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a2c1e130bebaeab2f23886bf9acbaca14b092408c452543c857f66399cd6dab1"
|
||||
checksum = "bdff2024a851a322b08f179173ae2ba620445aef1e838f0c196820eade4ae0c7"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
|
||||
Reference in New Issue
Block a user