Resolve today's new cargo-audit errors (!1772) · Merge requests · The Tor Project / Core / Arti

Nick Mathewson requested to merge nickm/arti:audit-updates into main Nov 28, 2023

To resolve the openssl error (https://rustsec.org/advisories/RUSTSEC-2023-0072) we just upgrade to a more recent openssl.

To resolve the rsa error, we add an exception to our cargo-audit script: Our use of the rsa crate is safe because we don't do any private-key rsa operations. (There is not yet a fixed constant-time version of the rsa crate.)

Edited Nov 28, 2023 by Nick Mathewson

Resolve today's new cargo-audit errors

Merge request reports