Closed renovate[bot] closed 9 months ago
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --package lru@0.6.6 --precise 0.7.1
error: package ID specification `lru@0.6.6` did not match any packages
Did you mean one of these?
lru@0.7.8
This PR contains the following updates:
0.6
->0.7
GitHub Vulnerability Alerts
CVE-2021-45720
Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop(), will remove and free the value, and but it's still possible to access the reference of value which is already dropped causing use after free.
GHSA-qqmc-hwqp-8g2w
Lru crate has use after free vulnerability.
Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop(), will remove and free the value, and but it's still possible to access the reference of value which is already dropped causing use after free.
Release Notes
jeromefroe/lru-rs (lru)
### [`v0.7.1`](https://togithub.com/jeromefroe/lru-rs/blob/HEAD/CHANGELOG.md#v071---2021-12-18) [Compare Source](https://togithub.com/jeromefroe/lru-rs/compare/0.7.0...0.7.1) - Fix lifetime of iterators. ### [`v0.7.0`](https://togithub.com/jeromefroe/lru-rs/blob/HEAD/CHANGELOG.md#v070---2021-09-14) [Compare Source](https://togithub.com/jeromefroe/lru-rs/compare/0.6.6...0.7.0) - Explicitly implement Borrow for String and Vec types for non-nightly.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.