Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Could we get a release with a bumped version of nix? #91

Open
ClementTsang opened this issue Oct 11, 2021 · 2 comments
Open

Could we get a release with a bumped version of nix? #91

ClementTsang opened this issue Oct 11, 2021 · 2 comments

Comments

@ClementTsang
Copy link

ClementTsang commented Oct 11, 2021
edited
Loading

One of the dependencies, nix 0.19, has a security vulnerability and 0.19 does not have a patch with the fix, with only versions 0.20 and greater having patches to fix the vuln.

Would be great if we could get a dependency version bump + release to address this. I tried updating nix to 0.22 and it seems to work fine (0.23 uses a newer version of bitflags which might problems for others).

Let me know if I can help in any way, thanks!
This was referenced Oct 14, 2021
Closed
Open
@rtzoeller
Copy link

Note that nix 0.24.1 is now out. The 0.24 release splits nix into features, so I'd recommend updating to that and enabling just the features you need to improve compile times (setting default-features = false along the way).

@ClementTsang
Copy link
Author

Anyone coming across this issue may want to consider migrating to https://crates.io/crates/starship-battery instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rtzoeller @ClementTsang