$ cargo audit
Crate: regex
Version: 0.1.80
Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date: 2022-03-08
ID: RUSTSEC-2022-0013
URL: https://rustsec.org/advisories/RUSTSEC-2022-0013
Solution: Upgrade to >=1.5.5
Dependency tree:
regex 0.1.80
└── semver-parser 0.6.2
└── sixel 0.3.2
└── viuer 0.6.1
Crate: thread_local
Version: 0.2.7
Title: Data race in `Iter` and `IterMut`
Date: 2022-01-23
ID: RUSTSEC-2022-0006
URL: https://rustsec.org/advisories/RUSTSEC-2022-0006
Solution: Upgrade to >=1.1.4
Dependency tree:
thread_local 0.2.7
└── regex 0.1.80
└── semver-parser 0.6.2
└── sixel 0.3.2
└── viuer 0.6.1
Both of these crates are reverse dependencies of the sixel crate which is outdated and unmaintained.
I looked at the codebase of sixel and realized these dependencies are not needed and removing them would fix these security issues. While I'm at it, I decided to maintain a fork of sixel since the maintainer is not that active on GitHub + they disabled issues on the repository.
That's why I created orhun/sixel-rs and I will be submitting a PR to switch to this crate. See the changelog here.
Currently,
viuersuffers from the following security advisories:Both of these crates are reverse dependencies of the sixel crate which is outdated and unmaintained.
I looked at the codebase of
sixeland realized these dependencies are not needed and removing them would fix these security issues. While I'm at it, I decided to maintain a fork ofsixelsince the maintainer is not that active on GitHub + they disabled issues on the repository.That's why I created orhun/sixel-rs and I will be submitting a PR to switch to this crate. See the changelog here.