Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update ckb-vm to 0.20.0-rc4 #2963

Merged
merged 1 commit into from
Aug 23, 2021
Merged

feat: update ckb-vm to 0.20.0-rc4 #2963

merged 1 commit into from
Aug 23, 2021

Conversation

mohanson
Copy link
Contributor

@mohanson mohanson commented Aug 23, 2021
edited by doitian
Loading

ckb-vm 0.20.0-rc3 -> 0.20.0-rc4

ckb-vm 0.20.0-rc4 release note: https://github.com/nervosnetwork/ckb-vm/releases/tag/0.20.0-rc4

@mohanson mohanson requested a review from a team as a code owner August 23, 2021 05:32
@mohanson
Copy link
Contributor Author

CI Security_Audit_Licenses failed, follow the suggestion to upgrading crossbeam-deque to 0.8.1

error[A001]: Data race in crossbeam-deque
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:122:1
    │
122 │ crossbeam-deque 0.8.0 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2021-0093
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0093
    = In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug.
      
      Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue.
      
      Credits to @kmaork for discovering, reporting and fixing the bug.
 advisories FAILED: 1 errors, 3 warnings, 1 notes
        sources ok: 0 errors, 0 warnings, 0 notes
    = Announcement: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw
    = Solution: Upgrade to >=0.7.4, <0.8.0 OR >=0.8.1

@driftluo
Copy link
Collaborator

rebase dev is enough @mohanson

@doitian
Copy link
Member

doitian commented Aug 23, 2021

Please rebase.

@mohanson
Copy link
Contributor Author

Rebased

@doitian
Copy link
Member

doitian commented Aug 23, 2021

bors r=quake,doitian

@doitian doitian changed the title Update ckb-vm to 0.20.0-rc4 feat: update ckb-vm to 0.20.0-rc4 Aug 23, 2021
@doitian doitian mentioned this pull request Aug 23, 2021
Closed
3 tasks
@bors
Copy link
Contributor

bors bot commented Aug 23, 2021

Build succeeded:

@bors bors bot merged commit 603a811 into nervosnetwork:develop Aug 23, 2021
@doitian doitian mentioned this pull request Sep 3, 2021
Closed
@mohanson mohanson deleted the bump_ckb_vm branch November 19, 2021 04:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@quake quake quake approved these changes

@doitian doitian doitian approved these changes

@zhangsoledad zhangsoledad Awaiting requested review from zhangsoledad

@chanhsu001 chanhsu001 Awaiting requested review from chanhsu001

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mohanson @driftluo @doitian @quake