Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update rust crate openssl to v0.10.66 [security] #603

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update rust crate openssl to v0.10.66 [security] #603

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 22, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
openssl dependencies patch 0.10.63 -> 0.10.66

GitHub Vulnerability Alerts

GHSA-q445-7m23-qrmw

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.

Release Notes

sfackler/rust-openssl (openssl)

v0.10.66

Compare Source

What's Changed

Full Changelog: sfackler/rust-openssl@openssl-v0.10.65...openssl-v0.10.66

v0.10.65

Compare Source

What's Changed

New Contributors

Full Changelog: sfackler/rust-openssl@openssl-v0.10.64...openssl-v0.10.65

v0.10.64

Compare Source

What's Changed

Full Changelog: sfackler/rust-openssl@openssl-v0.10.63...openssl-v0.10.64

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions GitHub Actions
Copy link

🚨 Rust Panic Audit: 342 Potential Panic Points Detected 🚨

Crate: ``

📊 Total Usages: 240

  • 🔢 array_index usages: 32
  • 🎁 unwrap usages: 164
  • 🚨 panic usages: 7
  • 🔎 expect usages: 37

Crate: federation_query_planner

📊 Total Usages: 53

  • 🚨 panic usages: 3
  • 🔢 array_index usages: 10
  • 🎁 unwrap usages: 32
  • 🔎 expect usages: 8

Crate: common

📊 Total Usages: 11

  • 🔢 array_index usages: 1
  • 🎁 unwrap usages: 10

Crate: telemetry

📊 Total Usages: 9

  • 🎁 unwrap usages: 4
  • 🔢 array_index usages: 5

Crate: cloudflare_worker

📊 Total Usages: 8

  • 🔎 expect usages: 2
  • 🚨 panic usages: 1
  • 🎁 unwrap usages: 5

Crate: engine

📊 Total Usages: 7

  • 🔎 expect usages: 1
  • 🎁 unwrap usages: 6

Crate: tracing

📊 Total Usages: 6

  • 🎁 unwrap usages: 5
  • 🔎 expect usages: 1

Crate: conductor

📊 Total Usages: 5

  • 🚨 panic usages: 1
  • 🔎 expect usages: 3
  • 🎁 unwrap usages: 1

Crate: config

📊 Total Usages: 3

  • 🎁 unwrap usages: 2
  • 🚨 panic usages: 1

📌 Expected Annotations

Crate: engine

📊 Total Expected Usages: 2

expand details
  1. Reason: "if we are unable to construct the endpoints and attach them onto the gateway's http server, we have to exit"
  • Code: Err(e) => panic!("failed to construct endpoint: {:?}", e),
  • Location: ./libs/engine/src/gateway.rs:158
  1. Reason: "we can safely index here, it's inside a test with constant defined fixtures."
  • Code: ConductorGateway::execute(request, &gw.routes[0].route_data).await
  • Location: ./libs/engine/src/gateway.rs:190

Crate: common

📊 Total Expected Usages: 1

expand details
  1. Reason: "we're parsing a statically defined constant, we know it works ;)"
  • Code: .unwrap()
  • Location: ./libs/common/src/graphql.rs:31

Crate: ``

📊 Total Expected Usages: 22

expand details
  1. Reason: "if initiating an http client fails, then we have to exit."
  • Code: let client = wasm_polyfills::create_http_client().build().unwrap();
  • Location: ./plugins/jwt_auth/src/jwks_provider.rs:49
  1. Reason: "if the provided VRL code in the config file can't compile, we have to exit."
  • Code: panic!("failed to compile vrl program");
  • Location: ./plugins/vrl/src/plugin.rs:129
  1. Reason: "states is a non-user provided variable"
  • Code: .expect("can't merge states when states is an empty vector!")
  • Location: ./plugins/vrl/src/plugin.rs:146
  1. Reason: "we need to exit the process, if the logger can't be correctly set."
  • Code: let _guard = tracing::subscriber::set_default(subscriber);
  • Location: ./bin/conductor/src/lib.rs:37
  1. Reason: "we need to exit the process, if the provided configuration file is incorrect."
  • Code: panic!("Failed to initialize gateway: {:?}", e);
  • Location: ./bin/conductor/src/lib.rs:76
  1. Reason: "it panics only if the header name is not valid, and we know it is."
  • Code: .unwrap()
  • Location: ./bin/cloudflare_worker/src/http_tracing.rs:20
  1. Reason: "it panics only if the URL source is not valid, and it's already validated before."
  • Code: let url = req.url().unwrap();
  • Location: ./bin/cloudflare_worker/src/http_tracing.rs:23
  1. Reason: "it only panics if we are not running in a CF context, should be safe."
  • Code: let cf_info = req.cf().unwrap();
  • Location: ./bin/cloudflare_worker/src/http_tracing.rs:27
  1. Reason: "unwraps only in special cases where "data:text" is used."
  • Code: let http_host = url.host().unwrap().to_string();
  • Location: ./bin/cloudflare_worker/src/http_tracing.rs:36
  1. Reason: "if we are unable to construct the endpoints and attach them onto the gateway's http server, we have to exit"
  • Code: Err(e) => panic!("failed to construct endpoint: {:?}", e),
  • Location: ./libs/engine/src/gateway.rs:158
  1. Reason: "we can safely index here, it's inside a test with constant defined fixtures."
  • Code: ConductorGateway::execute(request, &gw.routes[0].route_data).await
  • Location: ./libs/engine/src/gateway.rs:190
  1. Reason: "statically defined regex pattern, we know it works ;)"
  • Code: .unwrap();
  • Location: ./libs/config/src/interpolate.rs:18
  1. Reason: "👇"
  • Code: let raw_contents = read_to_string(file_path)
  • Location: ./libs/config/src/lib.rs:815
  1. Reason: "👇"
  • Code: panic!("Failed to interpolate config file, please resolve the above errors");
  • Location: ./libs/config/src/lib.rs:847
  1. Reason: "👇"
  • Code: parse_config_from_json(&config_string).expect("Failed to parse JSON config file")
  • Location: ./libs/config/src/lib.rs:854
  1. Reason: "👇"
  • Code: parse_config_from_yaml(&config_string).expect("Failed to parse YAML config file")
  • Location: ./libs/config/src/lib.rs:858
  1. Reason: "👇"
  • Code: _ => panic!("Unsupported config file extension"),
  • Location: ./libs/config/src/lib.rs:875
  1. Reason: "👇"
  • Code: None => panic!("Config file has no extension"),
  • Location: ./libs/config/src/lib.rs:878
  1. Reason: "part of development docgen CLI"
  • Code: .expect("Failed to serialize json schema for config file!");
  • Location: ./libs/config/src/generate-json-schema.rs:50
  1. Reason: "part of development docgen CLI"
  • Code: .expect("Failed to write the json schema to the file system!");
  • Location: ./libs/config/src/generate-json-schema.rs:54
  1. Reason: "we need this"
  • Code: panic!("Exited process!")
  • Location: ./libs/napi/src/lib.rs:18
  1. Reason: "we're parsing a statically defined constant, we know it works ;)"
  • Code: .unwrap()
  • Location: ./libs/common/src/graphql.rs:31

Crate: cloudflare_worker

📊 Total Expected Usages: 4

expand details
  1. Reason: "it panics only if the header name is not valid, and we know it is."
  • Code: .unwrap()
  • Location: ./bin/cloudflare_worker/src/http_tracing.rs:20
  1. Reason: "it panics only if the URL source is not valid, and it's already validated before."
  • Code: let url = req.url().unwrap();
  • Location: ./bin/cloudflare_worker/src/http_tracing.rs:23
  1. Reason: "it only panics if we are not running in a CF context, should be safe."
  • Code: let cf_info = req.cf().unwrap();
  • Location: ./bin/cloudflare_worker/src/http_tracing.rs:27
  1. Reason: "unwraps only in special cases where "data:text" is used."
  • Code: let http_host = url.host().unwrap().to_string();
  • Location: ./bin/cloudflare_worker/src/http_tracing.rs:36

Crate: napi

📊 Total Expected Usages: 1

expand details
  1. Reason: "we need this"
  • Code: panic!("Exited process!")
  • Location: ./libs/napi/src/lib.rs:18

Crate: jwt_auth

📊 Total Expected Usages: 1

expand details
  1. Reason: "if initiating an http client fails, then we have to exit."
  • Code: let client = wasm_polyfills::create_http_client().build().unwrap();
  • Location: ./plugins/jwt_auth/src/jwks_provider.rs:49

Crate: config

📊 Total Expected Usages: 9

expand details
  1. Reason: "statically defined regex pattern, we know it works ;)"
  • Code: .unwrap();
  • Location: ./libs/config/src/interpolate.rs:18
  1. Reason: "👇"
  • Code: let raw_contents = read_to_string(file_path)
  • Location: ./libs/config/src/lib.rs:815
  1. Reason: "👇"
  • Code: panic!("Failed to interpolate config file, please resolve the above errors");
  • Location: ./libs/config/src/lib.rs:847
  1. Reason: "👇"
  • Code: parse_config_from_json(&config_string).expect("Failed to parse JSON config file")
  • Location: ./libs/config/src/lib.rs:854
  1. Reason: "👇"
  • Code: parse_config_from_yaml(&config_string).expect("Failed to parse YAML config file")
  • Location: ./libs/config/src/lib.rs:858
  1. Reason: "👇"
  • Code: _ => panic!("Unsupported config file extension"),
  • Location: ./libs/config/src/lib.rs:875
  1. Reason: "👇"
  • Code: None => panic!("Config file has no extension"),
  • Location: ./libs/config/src/lib.rs:878
  1. Reason: "part of development docgen CLI"
  • Code: .expect("Failed to serialize json schema for config file!");
  • Location: ./libs/config/src/generate-json-schema.rs:50
  1. Reason: "part of development docgen CLI"
  • Code: .expect("Failed to write the json schema to the file system!");
  • Location: ./libs/config/src/generate-json-schema.rs:54

Crate: vrl

📊 Total Expected Usages: 2

expand details
  1. Reason: "if the provided VRL code in the config file can't compile, we have to exit."
  • Code: panic!("failed to compile vrl program");
  • Location: ./plugins/vrl/src/plugin.rs:129
  1. Reason: "states is a non-user provided variable"
  • Code: .expect("can't merge states when states is an empty vector!")
  • Location: ./plugins/vrl/src/plugin.rs:146

Crate: conductor

📊 Total Expected Usages: 2

expand details
  1. Reason: "we need to exit the process, if the logger can't be correctly set."
  • Code: let _guard = tracing::subscriber::set_default(subscriber);
  • Location: ./bin/conductor/src/lib.rs:37
  1. Reason: "we need to exit the process, if the provided configuration file is incorrect."
  • Code: panic!("Failed to initialize gateway: {:?}", e);
  • Location: ./bin/conductor/src/lib.rs:76

@github-actions GitHub Actions
Copy link

🐋 This PR was built and pushed to the following Docker images:

Docker Bake metadata 
{
"conductor": {
  "buildx.build.provenance": {
    "buildType": "https://mobyproject.org/buildkit@v1",
    "materials": [
      {
        "uri": "pkg:docker/[email protected]?platform=linux%2Famd64",
        "digest": {
          "sha256": "a92ed51e0996d8e9de041ca05ce623d2c491444df6a535a566dabd5cb8336946"
        }
      },
      {
        "uri": "pkg:docker/[email protected]?platform=linux%2Famd64",
        "digest": {
          "sha256": "83101f6985c93e1e6501b3375de188ee3d2cbb89968bcc91611591f9f447bd42"
        }
      }
    ],
    "invocation": {
      "configSource": {
        "entryPoint": "Dockerfile"
      },
      "parameters": {
        "frontend": "dockerfile.v0",
        "args": {
          "label:org.opencontainers.image.authors": "The Guild <[email protected]>",
          "label:org.opencontainers.image.description": "Conductor is a robust GraphQL Gateway.",
          "label:org.opencontainers.image.docs": "https://the-guild.dev/graphql/gateway",
          "label:org.opencontainers.image.licenses": "MIT",
          "label:org.opencontainers.image.revision": "18004de405ffe2964ea55ba3248244ffc787e103",
          "label:org.opencontainers.image.source": "https://github.com/the-guild-org/conductor",
          "label:org.opencontainers.image.title": "Conductor",
          "label:org.opencontainers.image.url": "https://the-guild.dev/graphql/gateway",
          "label:org.opencontainers.image.vendor": "The Guild",
          "label:org.opencontainers.image.version": ""
        },
        "locals": [
          {
            "name": "context"
          },
          {
            "name": "dockerfile"
          }
        ]
      },
      "environment": {
        "platform": "linux/amd64"
      }
    }
  },
  "buildx.build.ref": "builder-72fa5405-52a3-48ef-88c6-aff0c0b81820/builder-72fa5405-52a3-48ef-88c6-aff0c0b818200/p8q6qz5alg6irz29t6d6gijfw",
  "containerimage.config.digest": "sha256:f8fb08d1442401d6a42d02cfcba4d9bd46f84a5566227ea9db28b2541a9739f7",
  "containerimage.descriptor": {
    "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
    "digest": "sha256:9b135d584bd02a3f72c5f5743b2bb7889a0678b8c41fc650e7e7975dce36b97b",
    "size": 902,
    "platform": {
      "architecture": "amd64",
      "os": "linux"
    }
  },
  "containerimage.digest": "sha256:9b135d584bd02a3f72c5f5743b2bb7889a0678b8c41fc650e7e7975dce36b97b",
  "image.name": "ghcr.io/the-guild-org/conductor/conductor:18004de405ffe2964ea55ba3248244ffc787e103"
}
}

@github-actions GitHub Actions
Copy link

✅ Benchmark Results

     data_received..................: 13 MB   221 kB/s
     data_sent......................: 22 MB   363 kB/s
     http_req_blocked...............: min=1.24µs   avg=3.21µs   med=2.42µs  max=1.71ms  p(95)=3.52µs   p(99)=5.77µs  
     http_req_connecting............: min=0s       avg=439ns    med=0s      max=1.68ms  p(95)=0s       p(99)=0s      
     http_req_duration..............: min=321.68µs avg=419.14µs med=390.2µs max=29.48ms p(95)=488.1µs  p(99)=595.18µs
       { expected_response:true }...: min=321.68µs avg=419.14µs med=390.2µs max=29.48ms p(95)=488.1µs  p(99)=595.18µs
     ✓ { scenario:rps_1000 }........: min=321.68µs avg=419.14µs med=390.2µs max=29.48ms p(95)=488.1µs  p(99)=595.18µs
     http_req_failed................: 0.00%   ✓ 0          ✗ 60001
     ✓ { scenario:rps_1000 }........: 0.00%   ✓ 0          ✗ 60001
     http_req_receiving.............: min=11.22µs  avg=27.8µs   med=26.73µs max=1.37ms  p(95)=37.6µs   p(99)=49.97µs 
     http_req_sending...............: min=6.85µs   avg=15.68µs  med=14.66µs max=1.62ms  p(95)=20.74µs  p(99)=31.83µs 
     http_req_tls_handshaking.......: min=0s       avg=0s       med=0s      max=0s      p(95)=0s       p(99)=0s      
     http_req_waiting...............: min=284.82µs avg=375.65µs med=347.8µs max=29.43ms p(95)=441.15µs p(99)=544.33µs
     http_reqs......................: 60001   999.996534/s
     ✓ { scenario:rps_1000 }........: 60001   999.996534/s
     iteration_duration.............: min=401.12µs avg=515.23µs med=483.9µs max=29.73ms p(95)=590.55µs p(99)=759.63µs
     iterations.....................: 60001   999.996534/s
     ✓ { scenario:rps_1000 }........: 60001   999.996534/s
     valid_graphql_response.........: 100.00% ✓ 60001      ✗ 0    
     ✓ { scenario:rps_1000 }........: 100.00% ✓ 60001      ✗ 0    
     valid_http_code................: 100.00% ✓ 60001      ✗ 0    
     ✓ { scenario:rps_1000 }........: 100.00% ✓ 60001      ✗ 0    
     vus............................: 1       min=0        max=2  
     vus_max........................: 200     min=200      max=200

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants