Skip to content

Commit fbb4589

Browse files
encalyptoencalypto
authored
Update various dependencies (#5659)
* Bump `async-graphql` from 7.0.6 to 7.0.11 This additionally bumps the `async-graphql-axum` crate, missed by Dependabot. Patches [`CVE-2024-47614`](https://nvd.nist.gov/vuln/detail/CVE-2024-47614): async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10. * Bump `diesel` from 2.2.1 to 2.2.4 Fixes [`RUSTSEC-2024-0365`](https://rustsec.org/advisories/RUSTSEC-2024-0365): Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts * Bump `object_store` from 0.10.1 to 0.11.0 Fixes [`RUSTSEC-2024-0358`](https://rustsec.org/advisories/RUSTSEC-2024-0358): Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files * Bump `openssl` from 0.10.64 to 0.10.66 Fixes [`RUSTSEC-2024-0357`](https://rustsec.org/advisories/RUSTSEC-2024-0357): `MemBio::get_buf` has undefined behavior with empty buffers * Bump `quinn-proto` from 0.11.3 to 0.11.8 Fixes [`RUSTSEC-2024-0373`](https://rustsec.org/advisories/RUSTSEC-2024-0373): `Endpoint::retry()` calls can lead to panicking
1 parent 90e949d commit fbb4589

File tree

3 files changed

+53
-81
lines changed

3 files changed

+53
-81
lines changed

Cargo.lock

Lines changed: 49 additions & 77 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,13 +27,13 @@ license = "MIT OR Apache-2.0"
2727

2828
[workspace.dependencies]
2929
anyhow = "1.0"
30-
async-graphql = { version = "7.0.6", features = ["chrono", "uuid"] }
31-
async-graphql-axum = "7.0.6"
30+
async-graphql = { version = "7.0.11", features = ["chrono", "uuid"] }
31+
async-graphql-axum = "7.0.11"
3232
axum = "0.7.5"
3333
chrono = "0.4.38"
3434
clap = { version = "4.5.4", features = ["derive", "env"] }
3535
derivative = "2.2.0"
36-
diesel = { version = "2.1.3", features = ["postgres", "serde_json", "numeric", "r2d2", "chrono", "uuid"] }
36+
diesel = { version = "2.2.4", features = ["postgres", "serde_json", "numeric", "r2d2", "chrono", "uuid"] }
3737
diesel-derive-enum = { version = "2.1.0", features = ["postgres"] }
3838
diesel-dynamic-schema = "0.2.1"
3939
diesel_derives = "2.1.4"

graph/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ web3 = { git = "https://github.com/graphprotocol/rust-web3", branch = "graph-pat
9595
] }
9696
serde_plain = "1.0.2"
9797
csv = "1.3.0"
98-
object_store = { version = "0.10.1", features = ["gcp"] }
98+
object_store = { version = "0.11.0", features = ["gcp"] }
9999

100100
[dev-dependencies]
101101
clap.workspace = true

0 commit comments

Comments
 (0)