Rust Security warning about spin

Keats / jsonwebtoken

JWT lib in rust

MIT License

1.69k stars 271 forks source link

Rust Security warning about spin #114

Closed dessalines closed 4 years ago

dessalines commented 4 years ago

I got this error when running cargo audit on my project.

Spin looks like its abandoned, but there are alternatives. https://rustsec.org/advisories/RUSTSEC-2019-0031.html

Keats commented 4 years ago

Ring is working on removing that dependency, nothing I can do about it. I'm not sure why an unmaintained crate would be a security vulnerability if no one found any issues though...

Keats commented 4 years ago

Ring related issue: https://github.com/briansmith/ring/issues/921

Keats commented 4 years ago

Closing as it seems like it will be fixed upstream and should be passed through automatically.