mimblewimble/grin

Rust-yaml dependency must be updated

Open

#2 175 ouverte le 18 déc. 2018

Voir sur GitHub
 (4 commentaires) (0 réactions) (0 assignés)Rust (991 forks)batch import
good first issuetask

Métriques du dépôt

Stars
 (4 876 stars)
Métriques de merge PR
 (Merge moyen 6j 11h) (25 PRs mergées en 30 j)

Description

Currently we use 0.4.2 (used by serde) and 0.3.5 (used by clap). Cargo audit is unhappy:

$cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 17 security advisories (from /home/ubuntu/.cargo/advisory-db)
    Scanning Cargo.lock for vulnerabilities (311 crate dependencies)
error: Vulnerable crates found!

ID:      RUSTSEC-2018-0006
Crate:   yaml-rust
Version: 0.3.5
Date:    2018-09-17
URL:     https://github.com/chyh1990/yaml-rust/pull/109
Title:   Uncontrolled recursion leads to abort in deserialization
Solution: upgrade to: >= 0.4.1

error: 1 vulnerability found!

I sent a PR against clap, opening this issue to track the update https://github.com/clap-rs/clap/pull/1396

Guide contributeur