chris-zen
commented
1 year ago Hi @snowroll, I really appreciate you reporting the vulnerability. After realising of the risks for workflows I went paranoid and decided to fix this myself and take the chance to update and simplify the workflows. I'm sorry that I couldn't merge your MR, but I will mention your contribution in the next release.
Fix a vulnerability, which arises from the usage of the cache plugin, Swatinem/rust-cache@v1, in CI configuration files.
The plugin caches the directory ~/.cargo containing cargo's login credentials. We have already notified the author of the cache plugin, and the vulnerability has been addressed in the latest version.