search

rust-random / getrandom

A small cross-platform library for retrieving random data from (operating) system source
Apache License 2.0
264 stars 166 forks source link

Crate libc 0.2.154 is yanked #456

Closed acgetchell closed 4 weeks ago

acgetchell commented 4 weeks ago

This was flagged in actions-rust-lang/audit@v1.

josephlr commented 4 weeks ago

Duplicate of #423

josephlr commented 4 weeks ago

Note, a later version of libc has been released, so is there an issue here?

acgetchell commented 4 weeks ago

uuid v1.8.0 uses this crate, so presumably once they update this will be resolved.

josephlr commented 4 weeks ago

@acgetchell you should be able to use the correct version of libc without any crates needing to do anything, as 0.2.155 is compatible with 0.2.154

acgetchell commented 4 weeks ago

Ah, thanks. I'm not a direct consumer, though. Unless there's something I haven't understood from the Cargo book, I didn't see a way to specify libc 0.2.155 directly other than mucking around with Cargo.lock, which seems to be disfavored.

josephlr commented 4 weeks ago

@acgetchell if the problematic Cargo.lock file is in your project, you can either delete and regenerate it or call cargo update to bump your dependencies. This page explains how all that works: https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html