You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently in MPC node and as of this near/mpc#671, we are disabling certain CVEs due to how they don't affect our side much. Here are a list of items to update in the future just in case this slips further into our main code.
RUSTSEC-2024-0344: Caused by near-cli-rs and workspaces, so nothing to worry about since it's only a part of testing for now.
Currently in MPC node and as of this near/mpc#671, we are disabling certain CVEs due to how they don't affect our side much. Here are a list of items to update in the future just in case this slips further into our main code.
Crate: curve25519-dalek Version: 3.2.0 Title: Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub` Date: 2024-06-18 ID: RUSTSEC-2024-0344 URL: https://rustsec.org/advisories/RUSTSEC-2024-0344 Solution: Upgrade to >=4.1.3 Dependency tree: curve25519-dalek 3.2.0 └── ed25519-dalek 1.0.1 ├── slip10 0.4.3 │ └── near-cli-rs 0.7.8 │ └── cargo-near 0.5.2 │ └── near-workspaces 0.10.0 │ └── mpc-contract 0.2.0 │ └── mpc-recovery-node 0.2.0 └── near-cli-rs 0.7.8zerovec-derive 0.10.2 └── zerovec 0.10.2 ├── tinystr 0.7.6 │ ├── icu_provider 1.5.0 │ │ ├── icu_properties 1.5.0 │ │ │ ├── idna 1.0.0 │ │ │ │ └── url 2.5.1 │ │ │ │ ├── yup-oauth2 9.0.0 │ │ │ │ │ └── google-apis-common 6.0.4 │ │ │ │ │ ├── google-secretmanager1 5.0.4+20240223 │ │ │ │ │ │ └── mpc-recovery-node 0.2.0 │ │ │ │ │ │ └── integration-tests-chain-signatures 0.1.0 │ │ │ │ │ └── google-datastore1 5.0.4+20240226 │ │ │ │ │ └── mpc-recovery-node 0.2.0 │ │ │ │ ├── web3-async-native-tls 0.4.0 │ │ │ │ │ └── web3 0.19.0 │ │ │ │ │ └── integration-tests-chain-signatures 0.1.0 │ │ │ │ ├── web3 0.19.0 │ │ │ │ ├── ureq 2.9.7 │ │ │ │ │ └── binary-install 0.2.0 │ │ │ │ │ └── near-sandbox-utils 0.9.0 │ │ │ │ │ └── near-workspaces 0.10.0 │ │ │ │ │ └── integration-tests-chain-signatures 0.1.0 │ │ │ │ ├── reqwest 0.12.5 │ │ │ │ │ ├── near-jsonrpc-client 0.10.1 │ │ │ │ │ │ ├── near-fetch 0.5.0 │ │ │ │ │ │ │ ├── mpc-recovery-node 0.2.0 │ │ │ │ │ │ │ └── integration-tests-chain-signatures 0.1.0 │ │ │ │ │ │ └── integration-tests-chain-signatures 0.1.0 │ │ │ │ │ └── near-jsonrpc-client 0.10.0 │ │ │ │ │ └── near-workspaces 0.10.0 │ │ │ │ ├── reqwest 0.11.27 │ │ │ │ │ ├── web3 0.19.0 │ │ │ │ │ ├── near-workspaces 0.10.0 │ │ │ │ │ ├── near-jsonrpc-client 0.8.0 │ │ │ │ │ │ ├── near-socialdb-client 0.2.2 │ │ │ │ │ │ │ └── near-cli-rs 0.7.8 │ │ │ │ │ │ │ └── cargo-near 0.5.2 │ │ │ │ │ │ │ └── near-workspaces 0.10.0 │ │ │ │ │ │ └── near-cli-rs 0.7.8 │ │ │ │ │ ├── near-cli-rs 0.7.8 │ │ │ │ │ ├── mpc-recovery-node 0.2.0 │ │ │ │ │ └── integration-tests-chain-signatures 0.1.0 │ │ │ │ ├── near-workspaces 0.10.0 │ │ │ │ ├── near-socialdb-client 0.2.2 │ │ │ │ ├── near-cli-rs 0.7.8 │ │ │ │ ├── mpc-recovery-node 0.2.0 │ │ │ │ ├── google-apis-common 6.0.4 │ │ │ │ ├── bollard 0.13.0 │ │ │ │ │ ├── testcontainers 0.15.0 │ │ │ │ │ │ └── integration-tests-chain-signatures 0.1.0 │ │ │ │ │ └── integration-tests-chain-signatures 0.1.0 │ │ │ │ ├── aws-sdk-s3 1.36.0 │ │ │ │ │ ├── near-lake-framework 0.8.0-beta.3 │ │ │ │ │ │ ├── mpc-recovery-node 0.2.0 │ │ │ │ │ │ └── integration-tests-chain-signatures 0.1.0 │ │ │ │ │ └── mpc-recovery-node 0.2.0 │ │ │ │ └── aws-config 1.5.1 │ │ │ │ ├── near-lake-framework 0.8.0-beta.3 │ │ │ │ └── mpc-recovery-node 0.2.0 │ │ │ └── icu_normalizer 1.5.0 │ │ │ └── idna 1.0.0 │ │ ├── icu_normalizer 1.5.0 │ │ └── icu_locid_transform 1.5.0 │ │ └── icu_properties 1.5.0 │ ├── icu_properties 1.5.0 │ ├── icu_locid_transform 1.5.0 │ └── icu_locid 1.5.0 │ ├── icu_provider 1.5.0 │ └── icu_locid_transform 1.5.0 ├── icu_provider 1.5.0 ├── icu_properties 1.5.0 ├── icu_normalizer 1.5.0 ├── icu_locid_transform 1.5.0 ├── icu_locid 1.5.0 └── icu_collections 1.5.0 ├── icu_properties 1.5.0 └── icu_normalizer 1.5.0The text was updated successfully, but these errors were encountered: