Open niczy opened 2 years ago
Run "cargo audit" gives following errors:
Crate: brotli-sys Version: 0.3.2 Title: Integer overflow in the bundled Brotli C library Date: 2021-12-20 ID: RUSTSEC-2021-0131 URL: https://rustsec.org/advisories/RUSTSEC-2021-0131 Solution: No safe upgrade is available! Dependency tree: brotli-sys 0.3.2 └── brotli2 0.3.2 └── actix-http 3.0.0-beta.10 └── actix-web 4.0.0-beta.9 └── keyhouse 0.1.0
Crate: chrono Version: 0.4.19 Title: Potential segfault in localtime_r invocations Date: 2020-11-10 ID: RUSTSEC-2020-0159 URL: https://rustsec.org/advisories/RUSTSEC-2020-0159 Solution: No safe upgrade is available! Dependency tree: chrono 0.4.19 ├── x509-parser 0.9.2 │ └── spire-workload 1.1.4 │ └── keyhouse 0.1.0 ├── simple_asn1 0.4.1 │ └── jsonwebtoken 7.2.0 │ └── spire-workload 1.1.4 ├── sentry-types 0.23.0 │ └── sentry-core 0.23.0 │ ├── sentry-panic 0.23.0 │ │ └── sentry 0.23.0 │ │ └── keyhouse 0.1.0 │ ├── sentry-contexts 0.23.0 │ │ └── sentry 0.23.0 │ ├── sentry-backtrace 0.23.0 │ │ ├── sentry-panic 0.23.0 │ │ └── sentry 0.23.0 │ └── sentry 0.23.0 └── sentry-core 0.23.0
localtime_r
Crate: time Version: 0.1.43 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.43
Crate: net2 Version: 0.2.37 Warning: unmaintained Title: net2 crate has been deprecated; use socket2 instead Date: 2020-05-01 ID: RUSTSEC-2020-0016 URL: https://rustsec.org/advisories/RUSTSEC-2020-0016 Dependency tree: net2 0.2.37 ├── miow 0.2.2 └── mio 0.6.23
net2
socket2
Crate: stdweb Version: 0.4.20 Warning: unmaintained Title: stdweb is unmaintained Date: 2020-05-04 ID: RUSTSEC-2020-0056 URL: https://rustsec.org/advisories/RUSTSEC-2020-0056 Dependency tree: stdweb 0.4.20 └── time 0.2.27
Crate: sha2 Version: 0.9.8 Warning: yanked Dependency tree: sha2 0.9.8 └── keyhouse 0.1.0
Run "cargo audit" gives following errors:
Crate: brotli-sys Version: 0.3.2 Title: Integer overflow in the bundled Brotli C library Date: 2021-12-20 ID: RUSTSEC-2021-0131 URL: https://rustsec.org/advisories/RUSTSEC-2021-0131 Solution: No safe upgrade is available! Dependency tree: brotli-sys 0.3.2 └── brotli2 0.3.2 └── actix-http 3.0.0-beta.10 └── actix-web 4.0.0-beta.9 └── keyhouse 0.1.0
Crate: chrono Version: 0.4.19 Title: Potential segfault in
localtime_r
invocations Date: 2020-11-10 ID: RUSTSEC-2020-0159 URL: https://rustsec.org/advisories/RUSTSEC-2020-0159 Solution: No safe upgrade is available! Dependency tree: chrono 0.4.19 ├── x509-parser 0.9.2 │ └── spire-workload 1.1.4 │ └── keyhouse 0.1.0 ├── simple_asn1 0.4.1 │ └── jsonwebtoken 7.2.0 │ └── spire-workload 1.1.4 ├── sentry-types 0.23.0 │ └── sentry-core 0.23.0 │ ├── sentry-panic 0.23.0 │ │ └── sentry 0.23.0 │ │ └── keyhouse 0.1.0 │ ├── sentry-contexts 0.23.0 │ │ └── sentry 0.23.0 │ ├── sentry-backtrace 0.23.0 │ │ ├── sentry-panic 0.23.0 │ │ └── sentry 0.23.0 │ └── sentry 0.23.0 └── sentry-core 0.23.0Crate: time Version: 0.1.43 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.43
Crate: net2 Version: 0.2.37 Warning: unmaintained Title:
net2
crate has been deprecated; usesocket2
instead Date: 2020-05-01 ID: RUSTSEC-2020-0016 URL: https://rustsec.org/advisories/RUSTSEC-2020-0016 Dependency tree: net2 0.2.37 ├── miow 0.2.2 └── mio 0.6.23Crate: stdweb Version: 0.4.20 Warning: unmaintained Title: stdweb is unmaintained Date: 2020-05-04 ID: RUSTSEC-2020-0056 URL: https://rustsec.org/advisories/RUSTSEC-2020-0056 Dependency tree: stdweb 0.4.20 └── time 0.2.27
Crate: sha2 Version: 0.9.8 Warning: yanked Dependency tree: sha2 0.9.8 └── keyhouse 0.1.0