Upgrade regex package versions to >=1.5.5 (security vulnerabilities)

[John15321]

Im not sure if that is the right place but when I run cargo audit on the duckscript repo I get this error:

https://github.com/sagiegurari/duckscript

$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 416 security advisories (from /Users/john/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (124 crate dependencies)
Crate:     regex
Version:   0.1.80
Title:     Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date:      2022-03-08
ID:        RUSTSEC-2022-0013
URL:       https://rustsec.org/advisories/RUSTSEC-2022-0013
Solution:  Upgrade to >=1.5.5
Dependency tree:
regex 0.1.80
└── ftp 3.0.1
    └── duckscriptsdk 0.8.12
        └── duckscript_cli 0.8.12

Crate:     thread_local
Version:   0.2.7
Title:     Data race in `Iter` and `IterMut`
Date:      2022-01-23
ID:        RUSTSEC-2022-0006
URL:       https://rustsec.org/advisories/RUSTSEC-2022-0006
Solution:  Upgrade to >=1.1.4
Dependency tree:
thread_local 0.2.7
└── regex 0.1.80
    └── ftp 3.0.1
        └── duckscriptsdk 0.8.12
            └── duckscript_cli 0.8.12

error: 2 vulnerabilities found!

So I'm not sure if that's the rust-ftp that has an old regex version or duckscript if its duckscript I will move my issue there.

[sagiegurari]

@John15321 thanks for this. actually duckscript doesn't use regex package directly and you are reading the tree wrong (i agree it is confusing). duckscript_cli is using duckscriptsdk which uses ftp which uses regex 0.1.8 I don't even have regex has one of the direct dependencies of duckscript.