search

SergioBenitez / state

A Rust library for safe and effortless global and thread-local state management.
Other
209 stars 13 forks source link

Update loom dependency to 0.5 #13

Closed ryadom closed 3 years ago

ryadom commented 3 years ago 
> cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 305 security advisories (from /Users/ryadom/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (233 crate dependencies)
Crate:         generator
Version:       0.6.25
Title:         Generators can cause data races if non-Send types are used in their generator functions
Date:          2020-11-16
ID:            RUSTSEC-2020-0151
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0151
Solution:      Upgrade to >=0.7.0
Dependency tree:
generator 0.6.25
└── loom 0.3.6
    └── state 0.4.2
        ├── rocket_http 0.5.0-dev
        │   ├── rocket_codegen 0.5.0-dev
        │   └── rocket 0.5.0-dev
        └── rocket 0.5.0-dev
SergioBenitez commented 3 years ago

Note that this is not a security concern in the slightest because loom is only a dependency when state is compiled with cfg(loom), which no state dependent should do. In any case, I'll update the library now.