Closed
Bug 1988784
Opened 7 months ago
Closed 6 months ago
Vet app-services crates
Categories
(Firefox Build System :: General, enhancement, P2)
Firefox Build System
General
Tracking
(firefox145 fixed)
RESOLVED
FIXED
145 Branch
| Tracking | Status | |
|---|---|---|
| firefox145 | --- | fixed |
People
(Reporter: bdk, Assigned: bdk)
References
(Blocks 1 open bug)
Details
(Whiteboard: [fxsync-])
Attachments
(1 file, 1 obsolete file)
The mono-repo work has been making progress and that means the last ./mach vendor is close to working without the --force flag. However, to make it work we're going to need to vet a few more Rust crates used by app-services.
safe-to-deploy (dependencies we'll ship)
canonical_json: Used byremote_settingsfor signature checking
safe-to-run (dependencies we'll use for testing)
mockito: used to create mock HTTP servers for testingmockall: used to mock Rust traits for testing. This brings is several subdependencies:
fragile,predicates,predicates-code,predicates-tree,termtreeexpect-test: used to auto-create and update expected values for testing. Brings in the
dissimilarsubdependency.
|
||
Updated•7 months ago
|
|
Assignee | |
Comment 1•7 months ago
|
||
If we match our versions to google, we can use their audits and avoid having to vet them:
cargo update -p fragile --precise 2.0.0
cargo update -p predicates --precise 3.0.4
cargo update -p predicates-core --precise 1.0.6
cargo update -p predicates-tree --precise 1.0.9
|
|
Assignee | |
Comment 2•7 months ago
|
||
Pushed by bdeankawamura@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/800cf092f1ff
https://hg.mozilla.org/integration/autoland/rev/5ed4f1507b17
Vet app-services crates, r=supply-chain-reviewers
|
|
Assignee | |
Comment 4•7 months ago
|
||
I didn't think we'd need this one when I pushed out the first round of
these, but now I realize we do.
|
||
Comment 5•7 months ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 7 months ago
status-firefox145:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 145 Branch
|
|
Assignee | |
Comment 6•7 months ago
|
||
Re-opening because there's a second patch that also needs to be merged.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
||
Updated•7 months ago
|
|
|
Assignee | |
Comment 7•6 months ago
|
||
I'm going to mark this one fixed, the remaining audit is handled by https://bugzilla.mozilla.org/show_bug.cgi?id=1979358.
Status: REOPENED → RESOLVED
Closed: 7 months ago → 6 months ago
Resolution: --- → FIXED
|
||
Updated•6 months ago
|
|
||
Updated•6 months ago
|
Attachment #9513600 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•