While looking at #66 I found out there are now 3 crates marked as vulnerable by cargo-audit in click. These are untrusted, serde_yaml and yaml-rust (dependency of serde_yaml).
This PR updates serde_yaml to the latest version.
untrusted is going to be a bit harder to update as it's a dependency of hyper and hyper-rustls.
nicklan
commented
5 years ago
While looking at #66 I found out there are now 3 crates marked as vulnerable by
cargo-auditin click. These areuntrusted,serde_yamlandyaml-rust(dependency ofserde_yaml).This PR updates
serde_yamlto the latest version.untrustedis going to be a bit harder to update as it's a dependency ofhyperandhyper-rustls.