Closed Pi-Cla closed 3 months ago
Is there a reason this is of concern? What is in our lockfile does not affect those who use clap. I generally like to keep Cargo.toml
in sync with Cargo.lock
as we aren't verifying the minimum bounds of our version requirements and I tend to keep version requirements low to avoid churn. Blanket upgrades run counter to these.
Point taken
It seems that all of the errors are coming from various transitive dependencies in older versions of nushell (which clap_complete_nushell depends on)
Some noteworthy ones include RUSTSEC-2024-0019 and RUSTSEC-2023-0044
See cargo-audit-clap.txt for the full list