Fix security vulnerability from url package dependency on idna by updating url package version#3877
Closed
ugo96 wants to merge 1 commit into
Closed
Fix security vulnerability from url package dependency on idna by updating url package version#3877ugo96 wants to merge 1 commit into
ugo96 wants to merge 1 commit into
Conversation
Collaborator
|
This got automatically closed by accident because |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Does your PR solve an issue?
Updates dependency on url package which has a transitive dependency on idna package where the vulnerability exists.
More details about this vulnerability are available in this link
Is this a breaking change?
Change is breaking for MSRV < 1.86.0, this change may be released as part of sqlx-0.9.0
The updated url package dependency requires 1.86.0
Follow up from
https://github.com/launchbadge/sqlx/pull/3876where I did not follow best practices and overwrote multiple commits.Not wanting to take credits for work that was not mine, I've re-raised this PR.