Using cargo-goggles I discovered that libmimalloc-sys has differences between the version on crates.io and the version in the repo at the tag v0.1.35:
extended.rs differs (more code in repo)
c_src differs significantly (different version of bundled mimalloc!)
Declared version in Cargo.toml differs
The changes don't seem malicious (and I would assume this is an honest mistake with placing the tag at the wrong commit), but they are somewhat concerning given the recent xz backdoor. I would like an explanation of what is going on here.
octavonce
commented
5 months ago
Using cargo-goggles I discovered that libmimalloc-sys has differences between the version on crates.io and the version in the repo at the tag v0.1.35:
The changes don't seem malicious (and I would assume this is an honest mistake with placing the tag at the wrong commit), but they are somewhat concerning given the recent xz backdoor. I would like an explanation of what is going on here.