Wasmtime GitHub notifications bot (Aug 31 2022 at 21:14): Wasmtime GitHub notifications bot (Aug 31 2022 at 21:14):fitzgen commented on issue #4837:
cc @bholley
Wasmtime GitHub notifications bot (Aug 31 2022 at 21:22):fitzgen commented on issue #4837:
Good catch, thanks.
We don't use
peeking_take_whilein Wasmtime so we don't have an exemption for it to remove.I think maybe the reason that the
arbitraryexemptions aren't being remove is that I audited the latest version but we use an older version inCargo.lock?
Wasmtime GitHub notifications bot (Aug 31 2022 at 21:24):fitzgen commented on issue #4837:
I think maybe the reason that the
arbitraryexemptions aren't being remove is that I audited the latest version but we use an older version inCargo.lock?Yeah, I added audits for the earlier versions and the exemptions go away now.
Wasmtime GitHub notifications bot (Aug 31 2022 at 21:25):fitzgen commented on issue #4837:
Yep, done.
Wasmtime GitHub notifications bot (Aug 31 2022 at 21:27):bholley commented on issue #4837:
Thanks!
I think maybe the reason that the arbitrary exemptions aren't being remove is that I audited the latest version but we use an older version in Cargo.lock?
My general recommendation for this situation (which we've run into as well) is to add an audit both for the latest version as well as the older version in tree.
And yes this PR should cover the ones Firefox is using, though while you're at it you might consider some of the other crates you own that have download stats in the millions.
Last updated: Nov 22 2024 at 17:03 UTC