-
Hello from @RustSec! :wave:
We have a long standing issue (https://github.com/rustsec/rustsec/issues/21) to use call graph analysis for false positive elimination.
Right now our advisories somet…
-
The post-run phase of `rust-cache` takes a long time on our CI in https://github.com/rustsec/rustsec, but only on Windows.
Here's a sample log that shows MacOS cache completing in 38 seconds: http…
-
The [`getset`](https://crates.io/crates/getset) is consuming the [`proc-macro-error`](https://crates.io/crates/proc-macro-error) dependency.
The [`RUSTSEC-2024-0370`](https://rustsec.org/advisories…
-
## Description
Dependabot complains on a vulnerability in `rsa`, a recursive dependency of SeaORM. This is a link to the issue: https://rustsec.org/advisories/RUSTSEC-2023-0071.html
Vulnerabilit…
-
# Problem
The `cargo audit` tool shows vulnerabilities and warnings.
**2023-06-17 Update:** As dependencies and audit reports evolve, I've updated the content here for commit d2f105efe9e4a9aa3cb…
-
> Multiple soundness issues
| Details | |
| ------------------- | ---------------------------------------------- |
| Status | …
-
### Describe the bug
https://lib.rs/crates/zenoh-shm depends on https://lib.rs/crates/lockfree which is unmaintained and also unsound (using std::mem::uninitialized). I have tried reaching out to the…
-
> proc-macro-error is unmaintained
| Details | |
| ------------------- | ---------------------------------------------- |
| Status …
-
sqlx 0.8 has fixed [RUSTSEC-2024-0363.](https://rustsec.org/advisories/RUSTSEC-2024-0363.html)
I see two ways to support it:
* drop sqlx 0.7 support and implement support for sqlx 0.8
* add an …
-
See [RUSTSEC-2021-0153](https://osv.dev/vulnerability/RUSTSEC-2021-0153).
Also see [here](https://github.com/lifthrasiir/rust-encoding/issues/127) for the resp. issue in the `encoding` repo.
TLD…