xml-schema-derive currently calls out reqwest="0.10" as a dependency, which indirectly brings in hyper 0.13.10 and tokio 0.2.25. These indirect dependencies have some known security advisories published by RustSec:
I can't vouch for how exploitable these are in practice (I'm personally not using the http feature to fetch a xsd resource), but at the very least we won't be scaring away users with 2+ pages of output from cargo audit 😄
xml-schema-derive currently calls out reqwest="0.10" as a dependency, which indirectly brings in hyper 0.13.10 and tokio 0.2.25. These indirect dependencies have some known security advisories published by RustSec:
I can't vouch for how exploitable these are in practice (I'm personally not using the http feature to fetch a xsd resource), but at the very least we won't be scaring away users with 2+ pages of output from
cargo audit😄