search

weggli-rs / weggli

weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
Apache License 2.0
2.32k stars 127 forks source link

Update vulnerable dependencies #63

Closed MatthewGentoo closed 1 year ago

MatthewGentoo commented 2 years ago

Update dependencies identified by cargo-audit as potentially vulnerable.

I don't think any of these impact weggli in any meaningful way, but I think it's nice to keep tools like cargo-audit happy so that if a genuine vulnerability shows up, it won't be hidden behind the noise of other irrelevant packages.

I've tested these updates by running the unit tests and then by running weggli itself - I haven't tested the Python bindings.

chrono: https://rustsec.org/advisories/RUSTSEC-2020-0159 nix: https://rustsec.org/advisories/RUSTSEC-2021-0119 regex: https://rustsec.org/advisories/RUSTSEC-2022-0013 time: https://rustsec.org/advisories/RUSTSEC-2020-0071

google-cla[bot] commented 2 years ago

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

ZetaTwo commented 1 year ago

Superseded by #67

felixwilhelm commented 1 year ago

Thanks for the PR @MatthewGentoo and sorry for not merging it earlier. I'll close this now as #67 already updated the vulnerable deps.