Dependabot Alerts regarding `testez`

[RyanChang25]

1. Data race in Iter and IterMut (Packages/_Index/evaera_promise@4.0.0/promise/modules/testez/Cargo.lock)

   
   In the affected version of this crate, {Iter, IterMut}::next used a weaker memory ordering when loading values than what was required, exposing a potential data race
   when iterating over a ThreadLocal's values.

Crates using Iter::next, or IterMut::next are affected by this issue.

2. Rust's regex crate vulnerable to regular expression denial of service `(Packages/_Index/evaera_promise@4.0.0/promise/modules/testez/Cargo.lock)`

The Rust Security Response WG was notified that the regex crate did not properly limit the complexity of the regular expressions (regex) it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes. No known vulnerability is present when parsing untrusted input with trusted regexes.

This issue has been assigned https://github.com/advisories/GHSA-m5pq-gvj9-9vr8. The severity of this vulnerability is "high" when the regex crate is used to parse untrusted regexes. Other uses of the regex crate are not affected by this vulnerability.

3. crossbeam-utils Race Condition vulnerability  `(Packages/_Index/evaera_promise@4.0.0/promise/modules/testez/Cargo.lock)`

The affected version of this crate incorrectly assumed that the alignment of {i,u}64 was always the same as Atomic{I,U}64.

However, the alignment of {i,u}64 on a 32-bit target can be smaller than Atomic{I,U}64.

This can cause the following problems:

• Unaligned memory accesses
• Data race

  
  Dependabot can automate a pull request to fix some of these issue, but I believe this issue will continue reoccur in other versions of the package. 

[jackTabsCode]

There are no current plans to enable dependabot for the repo, but let us know if there's specific packages you'd like us to upgrade to. Otherwise, I'm sorry if I misunderstood your message.