nix 0.19.1 on which this crate depends has a vulnerability and should be updated to the newer version

WLBF / single-instance

A rust library for single instance application.

MIT License

34 stars 8 forks source link

nix 0.19.1 on which this crate depends has a vulnerability and should be updated to the newer version #14

Closed susurri closed 2 years ago

susurri commented 2 years ago

cargo audit shows

Crate:         nix
Version:       0.19.1
Title:         Out-of-bounds write in nix::unistd::getgrouplist
Date:          2021-09-27
ID:            RUSTSEC-2021-0119
URL:           https://rustsec.org/advisories/RUSTSEC-2021-0119
Solution:      Upgrade to ^0.20.2 OR ^0.21.2 OR ^0.22.2 OR >=0.23.0

WLBF commented 2 years ago

fixed in v0.3.3