mirror of
https://gitlab.com/pulsechaincom/lighthouse-pulse.git
synced 2025-01-13 15:38:21 +00:00
924a1345b1
## Issue Addressed NA ## Proposed Changes As `cargo audit` astutely pointed out, the version of `zeroize_derive` were were using had a vulnerability: ``` Crate: zeroize_derive Version: 1.1.0 Title: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s Date: 2021-09-24 ID: RUSTSEC-2021-0115 URL: https://rustsec.org/advisories/RUSTSEC-2021-0115 Solution: Upgrade to >=1.2.0 ``` This PR updates `zeroize` and `zeroize_derive` to appease `cargo audit`. `tiny-bip39` was also updated to allow compile. ## Additional Info I don't believe this vulnerability actually affected the Lighthouse code-base directly. However, `tiny-bip39` may have been affected which may have resulted in some uncleaned memory in Lighthouse. Whilst this is not ideal, it's not a major issue. Zeroization is a nice-to-have since it only protects from sophisticated attacks or attackers that already have a high level of access already. |
||
---|---|---|
.. | ||
account_utils | ||
clap_utils | ||
compare_fields | ||
compare_fields_derive | ||
deposit_contract | ||
directory | ||
eth2 | ||
eth2_config | ||
eth2_interop_keypairs | ||
eth2_network_config | ||
eth2_wallet_manager | ||
fallback | ||
filesystem | ||
hashset_delay | ||
lighthouse_metrics | ||
lighthouse_version | ||
lockfile | ||
logging | ||
lru_cache | ||
malloc_utils | ||
monitoring_api | ||
sensitive_url | ||
slot_clock | ||
target_check | ||
task_executor | ||
test_random_derive | ||
validator_dir | ||
warp_utils | ||
README.md |
eth2
Common crates containing eth2-specific logic.