search

rsocket / rsocket-rust

RSocket Rust Implementation using Tokio
Apache License 2.0
199 stars 20 forks source link

Bump `dashmap` to latest version #57

Closed adoerr closed 2 years ago

adoerr commented 2 years ago

Bump dashmap to latest version

Motivation:

There is RUSTSEC-2022-0002 Unsoundness in dashmap references. This advisory is relevant for version 5.0.0 of dashmap

Since we are still using version 4.0.2 we are not affected. However, if a GitHub repository with rsocket as a dependency has automated security advisories enabled, a false positive security issue will be crated. The alarm is a false positive because GitHub does not realize, that version 4.0.2 is not affected.

In order so resolve this GitHub security advisory, I have bumped dashmap to the latest version.

Modifications:

adoerr commented 2 years ago

@jjeffcaii should be a quick one to review