mimblewimble/grin

Rust-yaml dependency must be updated

Open

#2175 aperta il 18 dic 2018

Vedi su GitHub
 (4 commenti) (0 reazioni) (0 assegnatari)Rust (991 fork)batch import
good first issuetask

Metriche repository

Star
 (4876 star)
Metriche merge PR
 (Merge medio 6g 11h) (25 PR mergiate in 30 g)

Descrizione

Currently we use 0.4.2 (used by serde) and 0.3.5 (used by clap). Cargo audit is unhappy:

$cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 17 security advisories (from /home/ubuntu/.cargo/advisory-db)
    Scanning Cargo.lock for vulnerabilities (311 crate dependencies)
error: Vulnerable crates found!

ID:      RUSTSEC-2018-0006
Crate:   yaml-rust
Version: 0.3.5
Date:    2018-09-17
URL:     https://github.com/chyh1990/yaml-rust/pull/109
Title:   Uncontrolled recursion leads to abort in deserialization
Solution: upgrade to: >= 0.4.1

error: 1 vulnerability found!

I sent a PR against clap, opening this issue to track the update https://github.com/clap-rs/clap/pull/1396

Guida contributor