search

aschampion / schemer

A database schema migration library with DAG dependencies
Apache License 2.0
6 stars 4 forks source link

Security vulnerability RUSTSEC-2022-0090 by upgrading `rusqlite` dependency. #19

Closed nathan-at-least closed 1 year ago

nathan-at-least commented 1 year ago

I used cargo audit to detect a security vulnerability which can be mitigated by upgrading the dependency version.

$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 540 security advisories (from /home/user/.cargo/advisory-db)
    Updating crates.io index
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (108 crate dependencies)
Crate:     libsqlite3-sys
Version:   0.22.2
Title:     `libsqlite3-sys` via C SQLite CVE-2022-35737
Date:      2022-08-03
ID:        RUSTSEC-2022-0090
URL:       https://rustsec.org/advisories/RUSTSEC-2022-0090
Solution:  Upgrade to >=0.25.1
Dependency tree:
libsqlite3-sys 0.22.2
└── rusqlite 0.25.4
    └── schemer-rusqlite 0.2.1

error: 1 vulnerability found!