924a1345b1
## Issue Addressed NA ## Proposed Changes As `cargo audit` astutely pointed out, the version of `zeroize_derive` were were using had a vulnerability: ``` Crate: zeroize_derive Version: 1.1.0 Title: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s Date: 2021-09-24 ID: RUSTSEC-2021-0115 URL: https://rustsec.org/advisories/RUSTSEC-2021-0115 Solution: Upgrade to >=1.2.0 ``` This PR updates `zeroize` and `zeroize_derive` to appease `cargo audit`. `tiny-bip39` was also updated to allow compile. ## Additional Info I don't believe this vulnerability actually affected the Lighthouse code-base directly. However, `tiny-bip39` may have been affected which may have resulted in some uncleaned memory in Lighthouse. Whilst this is not ideal, it's not a major issue. Zeroization is a nice-to-have since it only protects from sophisticated attacks or attackers that already have a high level of access already.
29 lines
780 B
TOML
29 lines
780 B
TOML
[package]
|
|
name = "bls"
|
|
version = "0.2.0"
|
|
authors = ["Paul Hauner <paul@paulhauner.com>"]
|
|
edition = "2018"
|
|
|
|
[dependencies]
|
|
eth2_ssz = "0.4.0"
|
|
tree_hash = "0.4.0"
|
|
milagro_bls = { git = "https://github.com/sigp/milagro_bls", tag = "v1.4.2", optional = true }
|
|
rand = "0.7.3"
|
|
serde = "1.0.116"
|
|
serde_derive = "1.0.116"
|
|
eth2_serde_utils = "0.1.0"
|
|
hex = "0.4.2"
|
|
eth2_hashing = "0.2.0"
|
|
ethereum-types = "0.11.0"
|
|
arbitrary = { version = "0.4.6", features = ["derive"], optional = true }
|
|
zeroize = { version = "1.4.2", features = ["zeroize_derive"] }
|
|
blst = "0.3.3"
|
|
|
|
[features]
|
|
default = ["supranational"]
|
|
fake_crypto = []
|
|
milagro = ["milagro_bls"]
|
|
supranational = []
|
|
supranational-portable = ["supranational", "blst/portable"]
|
|
supranational-force-adx = ["supranational", "blst/force-adx"]
|