cargo audit failures due to jsonwebtoken 7.2.0
Closed this issue · 0 comments
brayniac commented
Running cargo audit shows the following issues:
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 404 security advisories (from /home/brian/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (145 crate dependencies)
Crate: chrono
Version: 0.4.19
Title: Potential segfault in `localtime_r` invocations
Date: 2020-11-10
ID: RUSTSEC-2020-0159
URL: https://rustsec.org/advisories/RUSTSEC-2020-0159
Solution: No safe upgrade is available!
Dependency tree:
chrono 0.4.19
└── simple_asn1 0.4.1
└── jsonwebtoken 7.2.0
└── momento 0.1.0
Crate: time
Version: 0.1.43
Title: Potential segfault in the time crate
Date: 2020-11-18
ID: RUSTSEC-2020-0071
URL: https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution: Upgrade to >=0.2.23
Dependency tree:
time 0.1.43
└── chrono 0.4.19
└── simple_asn1 0.4.1
└── jsonwebtoken 7.2.0
└── momento 0.1.0
error: 2 vulnerabilities found!