Skip to content

Commit eba5535

Browse files
jonathanpwangjonathanpwang
authored
ci: address cargo-audit for ruint (#2335)
Updated `ruint` from revm dependencies to 1.17.1 Updated `aws-sdk-s3` to address cargo audit warnings. The guest library `ruint` patch cannot be updated until a future release, so we add an ignore for now.
1 parent a1bce3e commit eba5535

File tree

4 files changed

+75
-106
lines changed

4 files changed

+75
-106
lines changed

.cargo/audit.toml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,11 @@
11
[advisories]
2+
ignore = [
23
# an older version of tracing-subscriber 0.2.25 is used in ark-bn254 but it is an optional dependency that is not included in the crate graph even with all features enabled
34
# unfortunately cargo audit includes optional dependencies from Cargo.lock even if they are not in the crate graph
4-
ignore = ["RUSTSEC-2025-0055"]
5+
"RUSTSEC-2025-0055",
6+
# all host ruint dependencies have been updated to >=1.17.1.
7+
# the guest library ruint patch is currently pinned to 1.14 and will be updated in a future release.
8+
# - the advisory concerns undefined behavior (UB) which may trigger memory corruption in a previously marked safe function `reciprocal_mg10`. The upstream fix is to change the safe function to `unsafe`.
9+
# - the advisory does not affect correctness of existing code.
10+
"RUSTSEC-2025-0137"
11+
]

.github/workflows/extension-tests.cuda.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ on:
1818
machine_type:
1919
description: "Runner machine type (e.g. test-gpu-nvidia/cpu=8+32)"
2020
required: false
21-
default: test-gpu-nvidia/family=g6+g5+g6e
21+
default: test-gpu-nvidia/family=g6+g6e
2222

2323
concurrency:
2424
group: ${{ github.workflow_ref }}-extension-tests-cuda-${{ github.event.pull_request.number || github.sha }}
@@ -37,7 +37,7 @@ jobs:
3737
- "rv32im native"
3838
- "keccak256 sha256 bigint algebra ecc pairing"
3939
runs-on:
40-
- runs-on=${{ github.run_id }}-extension-tests-cuda-${{ github.run_attempt }}-${{ strategy.job-index }}/runner=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.machine_type || 'test-gpu-nvidia/family=g6+g5+g6e' }}
40+
- runs-on=${{ github.run_id }}-extension-tests-cuda-${{ github.run_attempt }}-${{ strategy.job-index }}/runner=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.machine_type || 'test-gpu-nvidia/family=g6+g6e' }}
4141

4242
steps:
4343
- uses: runs-on/action@v2

0 commit comments

Comments
 (0)