audit fix
Closed this issue · 3 comments
xxchan commented
❯ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 485 security advisories (from /Users/xxchan/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (200 crate dependencies)
Crate: time
Version: 0.1.45
Title: Potential segfault in the time crate
Date: 2020-11-18
ID: RUSTSEC-2020-0071
URL: https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution: Upgrade to >=0.2.23
Dependency tree:
time 0.1.45
└── chrono 0.4.23
├── sqllogictest-bin 0.11.1
├── quick-junit 0.2.0
│ └── sqllogictest-bin 0.11.1
├── postgres-types 0.2.4
│ ├── tokio-postgres 0.7.7
│ │ ├── sqllogictest-bin 0.11.1
│ │ ├── rust_decimal 1.27.0
│ │ │ └── sqllogictest-bin 0.11.1
│ │ └── postgres 0.19.4
│ │ └── rust_decimal 1.27.0
│ ├── sqllogictest-bin 0.11.1
│ └── pg_interval 0.4.2
│ └── sqllogictest-bin 0.11.1
└── pg_interval 0.4.2
Crate: difference
Version: 2.0.0
Warning: unmaintained
Title: difference is unmaintained
Date: 2020-12-20
ID: RUSTSEC-2020-0095
URL: https://rustsec.org/advisories/RUSTSEC-2020-0095
Dependency tree:
difference 2.0.0
├── sqllogictest-bin 0.11.1
└── sqllogictest 0.11.1
├── validator 0.1.0
├── tests 0.1.0
├── test_dir_escape 0.1.0
├── sqllogictest-bin 0.11.1
├── rowsort 0.1.0
├── include 0.1.0
├── file_level_sort_mode 0.1.0
├── condition 0.1.0
└── basic 0.1.0
error: 1 vulnerability found!
warning: 1 allowed warning found
skyzh commented
Unmaintained 😭😭😭 we can fork and maintain our own version if necessary :)
skyzh commented
It's only 881 LoCs, pretty easy to maintain I guess.