mirror of
https://gitlab.com/pulsechaincom/lighthouse-pulse.git
synced 2024-12-22 19:50:37 +00:00
924a1345b1
## Issue Addressed NA ## Proposed Changes As `cargo audit` astutely pointed out, the version of `zeroize_derive` were were using had a vulnerability: ``` Crate: zeroize_derive Version: 1.1.0 Title: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s Date: 2021-09-24 ID: RUSTSEC-2021-0115 URL: https://rustsec.org/advisories/RUSTSEC-2021-0115 Solution: Upgrade to >=1.2.0 ``` This PR updates `zeroize` and `zeroize_derive` to appease `cargo audit`. `tiny-bip39` was also updated to allow compile. ## Additional Info I don't believe this vulnerability actually affected the Lighthouse code-base directly. However, `tiny-bip39` may have been affected which may have resulted in some uncleaned memory in Lighthouse. Whilst this is not ideal, it's not a major issue. Zeroization is a nice-to-have since it only protects from sophisticated attacks or attackers that already have a high level of access already. |
||
---|---|---|
.. | ||
src | ||
tests | ||
Cargo.toml |