mimblewimble/grin

Rust-yaml dependency must be updated

Open

#2.175 aberto em 18 de dez. de 2018

Ver no GitHub
 (4 comments) (0 reactions) (0 assignees)Rust (991 forks)batch import
good first issuetask

Métricas do repositório

Stars
 (4.876 stars)
Métricas de merge de PR
 (Mesclagem média 6d 11h) (25 fundiu PRs em 30d)

Description

Currently we use 0.4.2 (used by serde) and 0.3.5 (used by clap). Cargo audit is unhappy:

$cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 17 security advisories (from /home/ubuntu/.cargo/advisory-db)
    Scanning Cargo.lock for vulnerabilities (311 crate dependencies)
error: Vulnerable crates found!

ID:      RUSTSEC-2018-0006
Crate:   yaml-rust
Version: 0.3.5
Date:    2018-09-17
URL:     https://github.com/chyh1990/yaml-rust/pull/109
Title:   Uncontrolled recursion leads to abort in deserialization
Solution: upgrade to: >= 0.4.1

error: 1 vulnerability found!

I sent a PR against clap, opening this issue to track the update https://github.com/clap-rs/clap/pull/1396

Guia do colaborador