mirror of
https://github.com/nushell/nushell.git
synced 2024-11-21 16:03:19 +01:00
Bump our Rust version to stable (#12471)
This was prompted by CVE-2024-24576 - https://nvd.nist.gov/vuln/detail/CVE-2024-24576 - https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html - https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/ Affected is launching commands on Windows with arbitrary arguments, which is the case for Nushell's external invocation on Windows Rust has fixed this quoting vulnerability in 1.77.2 (latest stable at time of commit) We will thus use this version for our builds and recommend all our packaging/distribution maintainers to use this version of Rust when building Nushell.
This commit is contained in:
parent
39156930f5
commit
3a39e3df22
@ -10,7 +10,7 @@ homepage = "https://www.nushell.sh"
|
||||
license = "MIT"
|
||||
name = "nu"
|
||||
repository = "https://github.com/nushell/nushell"
|
||||
rust-version = "1.75.0"
|
||||
rust-version = "1.77.2"
|
||||
version = "0.92.2"
|
||||
|
||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
@ -16,4 +16,4 @@ profile = "default"
|
||||
# use in nushell, we may opt to use the bleeding edge stable version of rust.
|
||||
# I believe rust is on a 6 week release cycle and nushell is on a 4 week release cycle.
|
||||
# So, every two nushell releases, this version number should be bumped by one.
|
||||
channel = "1.75.0"
|
||||
channel = "1.77.2"
|
||||
|
Loading…
Reference in New Issue
Block a user