Closed Dylan-DPC closed 1 year ago
Thanks!
Due to how cargo resolves dependencies, "0.3" and "0.3.17" are treated the same. I think ">= 0.3.17" should do the trick.
Well, Cargo does ^
by default, which means in the first case it could potentially install any version that's >= 0.3.0
whereäs in the second case, it will do ^0.3.17
which means >= 0.3.17
which is what you want to ensure it doesn't pull any of the versions with the vulnerability.
I didn't know that, thanks!
Updates dependency to the patch version of 0.3.17
Advisory