$ cargo audit
Crate: regex
Version: 0.1.80
Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date: 2022-03-08
ID: RUSTSEC-2022-0013
URL: https://rustsec.org/advisories/RUSTSEC-2022-0013
Solution: Upgrade to >=1.5.5
Dependency tree:
regex 0.1.80
└── semver-parser 0.6.2
└── sixel 0.3.2
└── viuer 0.6.1
Crate: thread_local
Version: 0.2.7
Title: Data race in `Iter` and `IterMut`
Date: 2022-01-23
ID: RUSTSEC-2022-0006
URL: https://rustsec.org/advisories/RUSTSEC-2022-0006
Solution: Upgrade to >=1.1.4
Dependency tree:
thread_local 0.2.7
└── regex 0.1.80
└── semver-parser 0.6.2
└── sixel 0.3.2
└── viuer 0.6.1
Both of these crates are reverse dependencies of the sixel crate which is outdated and unmaintained.
I looked at the codebase of sixel and realized these dependencies are not needed and removing them would fix these security issues. While I'm at it, I decided to maintain a fork of sixel since the maintainer is not that active on GitHub + they disabled issues on the repository.
That's why I created orhun/sixel-rs and I will be submitting a PR to switch to this crate. See the changelog here.
Currently,
viuer
suffers from the following security advisories:Both of these crates are reverse dependencies of the sixel crate which is outdated and unmaintained.
I looked at the codebase of
sixel
and realized these dependencies are not needed and removing them would fix these security issues. While I'm at it, I decided to maintain a fork ofsixel
since the maintainer is not that active on GitHub + they disabled issues on the repository.That's why I created orhun/sixel-rs and I will be submitting a PR to switch to this crate. See the changelog here.