Skip to content

Update tokio version to the latest to avoid tokio versions with security bugs #2790

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 13, 2023
Merged

Update tokio version to the latest to avoid tokio versions with security bugs #2790

merged 1 commit into from
Dec 13, 2023

Conversation

@yellowred
Copy link
Contributor

@yellowred yellowred commented Dec 13, 2023

This commit will set tokio version requirement to >=1.35.0, <2.0.0 to avoid versions with security issues. Version 1.35.0 is already normally installed when cargo update is executed. This PR is just makes it an error to install a version lower than that.

@yellowred
Update tokio version to the latest to avoid tokio versions with secur…
348db3b 
…ity bugs.

This commit will set tokio version requirement to >=1.35.0, <2.0.0 to avoid versions with security issues (https://rustsec.org/packages/tokio.html).
@codecov-commenter
Copy link

codecov-commenter commented Dec 13, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (9856fb6) 88.64% compared to head (348db3b) 88.59%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2790      +/-   ##
==========================================
- Coverage   88.64%   88.59%   -0.05%     
==========================================
  Files         115      115              
  Lines       91894    91894              
  Branches    91894    91894              
==========================================
- Hits        81458    81416      -42     
- Misses       7953     7985      +32     
- Partials     2483     2493      +10

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

TheBlueMatt
TheBlueMatt approved these changes Dec 13, 2023
View reviewed changes
Copy link
Collaborator

@TheBlueMatt TheBlueMatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, though worth noting none of the security issues in Tokio thus far have impacted our usage of it (and until we bumped the MSRV we relied on a previous version of it to meet MSRV).

@TheBlueMatt TheBlueMatt merged commit 304224e into lightningdevkit:main Dec 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TheBlueMatt TheBlueMatt TheBlueMatt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@yellowred @codecov-commenter @TheBlueMatt