good first issuetask
Métricas do repositório
- Stars
- (4.876 stars)
- Métricas de merge de PR
- (Mesclagem média 6d 11h) (25 fundiu PRs em 30d)
Description
Currently we use 0.4.2 (used by serde) and 0.3.5 (used by clap). Cargo audit is unhappy:
$cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 17 security advisories (from /home/ubuntu/.cargo/advisory-db)
Scanning Cargo.lock for vulnerabilities (311 crate dependencies)
error: Vulnerable crates found!
ID: RUSTSEC-2018-0006
Crate: yaml-rust
Version: 0.3.5
Date: 2018-09-17
URL: https://github.com/chyh1990/yaml-rust/pull/109
Title: Uncontrolled recursion leads to abort in deserialization
Solution: upgrade to: >= 0.4.1
error: 1 vulnerability found!
I sent a PR against clap, opening this issue to track the update https://github.com/clap-rs/clap/pull/1396