ID: RUSTSEC-2024-0370
Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0370
proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.
ID: RUSTSEC-2024-0367
Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0367gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scope
d configuration is found. In rare cases, this causes a less trusted repository to be treated as more trusted, or leaks sensitive information from one repository to another, such as sending credentials to another
repository's remote.
Solution
RUSTSEC-2024-0370: This is used by alloy so we need to wait for them to deal with it. Added to ignored advisories
RUSTSEC-2024-0367: Bump gix-path via cargo update -p gix-path
Motivation
ID: RUSTSEC-2024-0370 Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0370 proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.
ID: RUSTSEC-2024-0367 Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0367
gix-pathexecutesgitto find the path of a configuration file that belongs to thegitinstallation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scope d configuration is found. In rare cases, this causes a less trusted repository to be treated as more trusted, or leaks sensitive information from one repository to another, such as sending credentials to another repository's remote.Solution
gix-pathviacargo update -p gix-path