upgrade tonic

Question

upgrade tonic

Opened this issue 8 months ago · 3 comments

we need to upgrade tonic 0.6 as it uses webapki 21.0
https://github.com/tari-project/tari/security/dependabot/258

Answer 1 · 2024-01-15T20:42:42.000Z

This appears to be addressed by #6067. Running cargo tree indicates that webpki v0.22.4 is used, which is outside the affected version range.

Answer 2 · 2024-01-15T21:23:06.000Z

This is not completely done as we are still behind on the latest releases.
This is partially fixed, and not that high an issue anymore as the webpki security issue is upgraded

Answer 3 · 2024-01-15T21:40:13.000Z

Is this a separate issue? I took this to be specific to the webpki vulnerability.