rust: bump time to 0.3.47 in pkg/installer (fix CVE-2026-25727) and update rustc to 1.93.1#5744
Open
eriknordmark wants to merge 2 commits intolf-edge:masterfrom
Open
rust: bump time to 0.3.47 in pkg/installer (fix CVE-2026-25727) and update rustc to 1.93.1#5744eriknordmark wants to merge 2 commits intolf-edge:masterfrom
eriknordmark wants to merge 2 commits intolf-edge:masterfrom
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #5744 +/- ##
==========================================
+ Coverage 19.52% 26.56% +7.03%
==========================================
Files 19 24 +5
Lines 3021 4213 +1192
==========================================
+ Hits 590 1119 +529
- Misses 2310 2872 +562
- Partials 121 222 +101 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
eriknordmark
changed the title
Upgrades time 0.3.36 -> 0.3.47 to fix CVE-2026-25727 (stack exhaustion via malicious RFC 2822 input). Also bumps companion crates: time-core 0.1.2 -> 0.1.8, time-macros 0.2.18 -> 0.2.27, deranged 0.3.11 -> 0.5.8, num-conv 0.1.0 -> 0.2.1, serde 1.0.207 -> 1.0.228, syn 2.0.74 -> 2.0.87. time 0.3.47 requires rustc 1.88.0, so also bumps the build image in pkg/installer/Dockerfile from lfedge/eve-rust:1.85.1-2 to lfedge/eve-rust:1.93.1. Signed-off-by: eriknordmark <erik@zededa.com> Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…itor Updates pkg/vector/Dockerfile and pkg/monitor/Dockerfile to use lfedge/eve-rust:1.93.1 (from 1.85.1-2), consistent with the bump already made to pkg/installer/Dockerfile. Also bumps vector from v0.47.0 to v0.50.0 to fix elided_named_lifetimes lint errors introduced in Rust 1.93, and suppresses dead_code lint which fires on EncodingConfig when building with a limited feature set. Signed-off-by: eriknordmark <erik@zededa.com> Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Open
7 tasks
| @@ -53,7 +53,8 @@ ENV RUSTFLAGS="\ | |||
| -C opt-level=z \ | |||
| -C lto=fat \ | |||
| -C embed-bitcode=yes \ | |||
| -C codegen-units=1" | |||
| -C codegen-units=1 \ | |||
| -A dead_code" | |||
Contributor
There was a problem hiding this comment.
this change is not necessary if you upgrade vector to version 0.54.0 and it only takes a small amount of more disk space
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Upgrades time 0.3.36 -> 0.3.47 to fix CVE-2026-25727 (stack exhaustion via malicious RFC 2822 input). Also bumps companion crates: time-core 0.1.2 -> 0.1.8, time-macros 0.2.18 -> 0.2.27, deranged 0.3.11 -> 0.5.8, num-conv 0.1.0 -> 0.2.1, serde 1.0.207 -> 1.0.228, syn 2.0.74 -> 2.0.87.
time 0.3.47 requires rustc 1.88.0, so also bumps the build image in
pkg/installer/Dockerfile from lfedge/eve-rust:1.85.1-2 to
lfedge/eve-rust:1.93.1.
Updates pkg/vector/Dockerfile and pkg/monitor/Dockerfile to use
lfedge/eve-rust:1.93.1 (from 1.85.1-2), consistent with the bump
already made to pkg/installer/Dockerfile. Also bumps vector from
v0.47.0 to v0.50.0 to fix elided_named_lifetimes lint errors
introduced in Rust 1.93, and suppresses dead_code lint which fires
on EncodingConfig when building with a limited feature set.
How to test and validate this PR
Verify that the TUI is working as expected.
Changelog notes
None
PR Backports
Checklist
I've provided a proper description
I've added the proper documentation
I've tested my PR on amd64 device
I've tested my PR on arm64 device
I've written the test verification instructions
I've set the proper labels to this PR
I've checked the boxes above, or I've provided a good reason why I didn't
check them.
Please, check the boxes above after submitting the PR in interactive mode.