Open baraknaveh opened 1 month ago
Dependabot complains on a vulnerability in rsa, a recursive dependency of SeaORM. This is a link to the issue: https://rustsec.org/advisories/RUSTSEC-2023-0071.html
rsa
Vulnerability location:
├── sea-orm v0.12.15 │ ├── sea-query-binder v0.5.0 │ │ ├── sqlx v0.7.4 │ │ │ ├── sqlx-mysql v0.7.4 │ │ │ │ ├── rsa v0.9.6 <-- Vulnerable
Run GitHub dependabot on the codebase.
No vulnerabilities
https://rustsec.org/advisories/RUSTSEC-2023-0071.html
Always
🤷♂️
v0.12.15
Workarounds 🤷♂️
Workarounds
I believe, it should be possible to patch rsa to a compatible version with a security fix or patch sqlx-mysql to a compatible version that replaces rsa with another crate (if it's even possible?). Consider linking these versions, if they exist.
sqlx-mysql
Description
Dependabot complains on a vulnerability in
rsa
, a recursive dependency of SeaORM. This is a link to the issue: https://rustsec.org/advisories/RUSTSEC-2023-0071.htmlVulnerability location:
Steps to Reproduce
Run GitHub dependabot on the codebase.
Expected Behavior
No vulnerabilities
Actual Behavior
https://rustsec.org/advisories/RUSTSEC-2023-0071.html
Reproduces How Often
Always
Workarounds
🤷♂️
Reproducible Example
Versions
v0.12.15