924a1345b1
## Issue Addressed NA ## Proposed Changes As `cargo audit` astutely pointed out, the version of `zeroize_derive` were were using had a vulnerability: ``` Crate: zeroize_derive Version: 1.1.0 Title: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s Date: 2021-09-24 ID: RUSTSEC-2021-0115 URL: https://rustsec.org/advisories/RUSTSEC-2021-0115 Solution: Upgrade to >=1.2.0 ``` This PR updates `zeroize` and `zeroize_derive` to appease `cargo audit`. `tiny-bip39` was also updated to allow compile. ## Additional Info I don't believe this vulnerability actually affected the Lighthouse code-base directly. However, `tiny-bip39` may have been affected which may have resulted in some uncleaned memory in Lighthouse. Whilst this is not ideal, it's not a major issue. Zeroization is a nice-to-have since it only protects from sophisticated attacks or attackers that already have a high level of access already.
24 lines
772 B
TOML
24 lines
772 B
TOML
[package]
|
|
name = "account_utils"
|
|
version = "0.1.0"
|
|
authors = ["Paul Hauner <paul@paulhauner.com>"]
|
|
edition = "2018"
|
|
|
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
|
|
|
[dependencies]
|
|
rand = "0.7.3"
|
|
eth2_wallet = { path = "../../crypto/eth2_wallet" }
|
|
eth2_keystore = { path = "../../crypto/eth2_keystore" }
|
|
filesystem = { path = "../filesystem" }
|
|
zeroize = { version = "1.4.2", features = ["zeroize_derive"] }
|
|
serde = "1.0.116"
|
|
serde_derive = "1.0.116"
|
|
serde_yaml = "0.8.13"
|
|
slog = { version = "2.5.2", features = ["max_level_trace", "release_max_level_trace"] }
|
|
types = { path = "../../consensus/types" }
|
|
validator_dir = { path = "../validator_dir" }
|
|
regex = "1.3.9"
|
|
rpassword = "5.0.0"
|
|
directory = { path = "../directory" }
|