search

gz / rust-perfcnt

Rust library to program hardware performance counter.
https://docs.rs/crate/perfcnt/
MIT License
51 stars 21 forks source link

Cargo audit fail #30

Open ppershing opened 3 months ago

ppershing commented 3 months ago 
Crate:     remove_dir_all
Version:   0.5.3
Title:     Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)
Date:      2023-02-24
ID:        RUSTSEC-2023-0018
URL:       https://rustsec.org/advisories/RUSTSEC-2023-0018
Solution:  Upgrade to >=0.8.0
Dependency tree:
remove_dir_all 0.5.3
└── tempdir 0.3.7
    └── mmap 0.1.1
        └── perfcnt 0.8.0

Note that mmap itself is unmaintained (https://github.com/rustsec/advisory-db/pull/1979) so the problem won't fix itself with the newer version of dependency. An alternative might be memmap2 crate but I am not 100% sure whether the API covers perfcnt needs.

gz commented 3 months ago

Thanks this should be easy to replace, I'll have a look!