Update dependencies to use nix >= 0.23 due to vulnerability

Question

Update dependencies to use nix >= 0.23 due to vulnerability

eldruin opened this issue 4 years ago · 3 comments

eldruin commented 4 years ago

See: https://rustsec.org/advisories/RUSTSEC-2021-0119.html

rust-embedded/rust-i2cdev#69
rust-embedded/rust-spidev#37
rust-embedded/gpio-cdev#67
rust-embedded/rust-sysfs-gpio#72
milkey-mouse/openpty#7 (dev-dependency, optional)
TODO: linux-embedded-hal

Answer 1 · 2021-11-22T19:21:53.000Z

all lgtm, though i can't see that the particular security issue has any impact in our crates.

Answer 2 · 2021-11-22T22:16:17.000Z

Thanks! Indeed it does not seem so. However, anything that depends on it starts getting flagged by cargo-audit.
Since it is the first time this comes up, I figured we might as well update.

Answer 3 · 2021-11-23T17:10:55.000Z

Thanks for picking this one up and running with it @eldruin