mirror of
https://github.com/zed-industries/zed.git
synced 2024-09-19 18:41:56 +03:00
Code at the speed of thought – Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.
01284c261c
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | dev-dependencies |
patch | `0.8.0` -> `0.8.1` |
| [sqlx](https://togithub.com/launchbadge/sqlx) | dependencies | patch |
`0.8.0` -> `0.8.1` |
### GitHub Vulnerability Alerts
####
[GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our
attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
>
<http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length
prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary
protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be
problematic,
for example:
<
|
||
---|---|---|
.cargo | ||
.cloudflare | ||
.config | ||
.github | ||
.zed | ||
assets | ||
crates | ||
docs | ||
extensions | ||
legal | ||
nix | ||
script | ||
tooling/xtask | ||
.dockerignore | ||
.git-blame-ignore-revs | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
Cargo.lock | ||
Cargo.toml | ||
CODE_OF_CONDUCT.md | ||
compose.yml | ||
CONTRIBUTING.md | ||
debug.plist | ||
default.nix | ||
docker-compose.sql | ||
Dockerfile | ||
flake.lock | ||
flake.nix | ||
LICENSE-AGPL | ||
LICENSE-APACHE | ||
LICENSE-GPL | ||
livekit.yaml | ||
Procfile | ||
Procfile.postgrest | ||
README.md | ||
renovate.json | ||
rust-toolchain.toml | ||
shell.nix | ||
typos.toml |
Zed
Welcome to Zed, a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.
Installation
On macOS and Linux you can download Zed directly or install Zed via your local package manager.
Other platforms are not yet available:
- Windows (tracking issue)
- Web (tracking issue)
Developing Zed
- Building Zed for macOS
- Building Zed for Linux
- Building Zed for Windows
- Running Collaboration Locally
Contributing
See CONTRIBUTING.md for ways you can contribute to Zed.
Also... we're hiring! Check out our jobs page for open roles.
Licensing
License information for third party dependencies must be correctly provided for CI to pass.
We use cargo-about
to automatically comply with open source licenses. If CI is failing, check the following:
- Is it showing a
no license specified
error for a crate you've created? If so, addpublish = false
under[package]
in your crate's Cargo.toml. - Is the error
failed to satisfy license requirements
for a dependency? If so, first determine what license the project has and whether this system is sufficient to comply with this license's requirements. If you're unsure, ask a lawyer. Once you've verified that this system is acceptable add the license's SPDX identifier to theaccepted
array inscript/licenses/zed-licenses.toml
. - Is
cargo-about
unable to find the license for a dependency? If so, add a clarification field at the end ofscript/licenses/zed-licenses.toml
, as specified in the cargo-about book.