Update zeroize_derive (#2625)

## Issue Addressed NA ## Proposed Changes As `cargo audit` astutely pointed out, the version of `zeroize_derive` were were using had a vulnerability: ``` Crate: zeroize_derive Version: 1.1.0 Title: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s Date: 2021-09-24 ID: RUSTSEC-2021-0115 URL: https://rustsec.org/advisories/RUSTSEC-2021-0115 Solution: Upgrade to >=1.2.0 ``` This PR updates `zeroize` and `zeroize_derive` to appease `cargo audit`. `tiny-bip39` was also updated to allow compile. ## Additional Info I don't believe this vulnerability actually affected the Lighthouse code-base directly. However, `tiny-bip39` may have been affected which may have resulted in some uncleaned memory in Lighthouse. Whilst this is not ideal, it's not a major issue. Zeroization is a nice-to-have since it only protects from sophisticated attacks or attackers that already have a high level of access already.
2026-05-30 04:37:13 +00:00 · 2021-09-25 05:58:37 +00:00
parent fe52322088
commit 924a1345b1
7 changed files with 16 additions and 12 deletions
--- a/common/eth2/Cargo.toml
+++ b/common/eth2/Cargo.toml
@@ -15,7 +15,7 @@ reqwest = { version = "0.11.0", features = ["json","stream"] }
 eth2_libp2p = { path = "../../beacon_node/eth2_libp2p" }
 proto_array = { path = "../../consensus/proto_array", optional = true }
 eth2_serde_utils = "0.1.0"
-zeroize = { version = "1.1.1", features = ["zeroize_derive"] }
+zeroize = { version = "1.4.2", features = ["zeroize_derive"] }
 eth2_keystore = { path = "../../crypto/eth2_keystore" }
 libsecp256k1 = "0.6.0"
 ring = "0.16.19"