sausagee/libra

RUSTSEC in dependencies in branch gha-test-1

Closed this issue · 0 comments

github-actions commented

Found RUSTSEC in dependencies in job

    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (479 crate dependencies)
Crate:         actix-codec
Version:       0.4.0-beta.1
Title:         Use-after-free in Framed due to lack of pinning
Date:          2020-01-30
ID:            RUSTSEC-2020-0049
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0049
Solution:      Upgrade to >=0.3.0-beta.1
Dependency tree:
actix-codec 0.4.0-beta.1
├── actix-web 4.0.0-beta.5
│   ├── aos 0.1.0
│   │   └── analytics 0.1.0
│   ├── analytics 0.1.0
│   └── actix-cors 0.6.0-beta.1
│       ├── aos 0.1.0
│       └── analytics 0.1.0
├── actix-tls 3.0.0-beta.5
│   └── actix-http 3.0.0-beta.5
│       └── actix-web 4.0.0-beta.5
└── actix-http 3.0.0-beta.5

Crate:         actix-http
Version:       3.0.0-beta.5
Title:         Use-after-free in BodyStream due to lack of pinning
Date:          2020-01-24
ID:            RUSTSEC-2020-0048
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0048
Solution:      Upgrade to >=2.0.0-alpha.1
Dependency tree:
actix-http 3.0.0-beta.5
└── actix-web 4.0.0-beta.5
    ├── aos 0.1.0
    │   └── analytics 0.1.0
    ├── analytics 0.1.0
    └── actix-cors 0.6.0-beta.1
        ├── aos 0.1.0
        └── analytics 0.1.0

Crate:         actix-web
Version:       4.0.0-beta.5
Title:         Multiple memory safety issues
Date:          2018-06-08
ID:            RUSTSEC-2018-0019
URL:           https://rustsec.org/advisories/RUSTSEC-2018-0019
Solution:      Upgrade to >=0.7.15
Dependency tree:
actix-web 4.0.0-beta.5
├── aos 0.1.0
│   └── analytics 0.1.0
├── analytics 0.1.0
└── actix-cors 0.6.0-beta.1
    ├── aos 0.1.0
    └── analytics 0.1.0

Crate:         diesel
Version:       1.4.5
Title:         Fix a use-after-free bug in diesels Sqlite backend
Date:          2021-03-05
ID:            RUSTSEC-2021-0037
URL:           https://rustsec.org/advisories/RUSTSEC-2021-0037
Solution:      Upgrade to >=1.4.6
Dependency tree:
diesel 1.4.5
├── migrations_internals 1.4.1
│   ├── migrations_macros 1.4.2
│   │   └── diesel_migrations 1.4.0
│   │       ├── aos 0.1.0
│   │       │   └── analytics 0.1.0
│   │       └── analytics 0.1.0
│   └── diesel_migrations 1.4.0
├── aos 0.1.0
└── analytics 0.1.0

Crate:         generic-array
Version:       0.12.3
Title:         arr! macro erases lifetimes
Date:          2020-04-09
ID:            RUSTSEC-2020-0146
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0146
Solution:      Upgrade to >=0.8.4, <0.9.0 OR >=0.9.1, <0.10.0 OR >=0.10.1, <0.11.0 OR >=0.11.2, <0.12.0 OR >=0.12.4, <0.13.0 OR >=0.13.3
Dependency tree:
generic-array 0.12.3

Crate:         difference
Version:       2.0.0
Warning:       unmaintained
Title:         difference is unmaintained
Date:          2020-12-20
ID:            RUSTSEC-2020-0095
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0095
Dependency tree:
difference 2.0.0
└── move-lang 0.0.1
    ├── move-prover 0.1.0
    │   └── move-stdlib 0.1.0
    │       └── aos 0.1.0
    │           └── analytics 0.1.0
    └── move-model 0.1.0
        ├── move-prover 0.1.0
        ├── errmapgen 0.1.0
        │   └── move-prover 0.1.0
        ├── docgen 0.1.0
        │   ├── move-stdlib 0.1.0
        │   └── move-prover 0.1.0
        ├── bytecode 0.1.0
        │   ├── move-prover 0.1.0
        │   ├── docgen 0.1.0
        │   ├── boogie-backend-v2 0.1.0
        │   │   ├── move-prover 0.1.0
        │   │   └── boogie-backend 0.1.0
        │   │       └── move-prover 0.1.0
        │   └── boogie-backend 0.1.0
        ├── boogie-backend-v2 0.1.0
        ├── boogie-backend 0.1.0
        └── abigen 0.1.0
            └── move-prover 0.1.0

Crate:         dirs
Version:       1.0.5
Warning:       unmaintained
Title:         dirs is unmaintained, use dirs-next instead
Date:          2020-10-16
ID:            RUSTSEC-2020-0053
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0053
Dependency tree:
dirs 1.0.5
└── term 0.5.2
    └── prettytable-rs 0.8.0
        └── aos 0.1.0
            └── analytics 0.1.0

Crate:         stdweb
Version:       0.4.20
Warning:       unmaintained
Title:         stdweb is unmaintained
Date:          2020-05-04
ID:            RUSTSEC-2020-0056
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0056
Dependency tree:
stdweb 0.4.20
└── time 0.2.23

Crate:         term
Version:       0.5.2
Warning:       unmaintained
Title:         term is looking for a new maintainer
Date:          2018-11-19
ID:            RUSTSEC-2018-0015
URL:           https://rustsec.org/advisories/RUSTSEC-2018-0015
Dependency tree:
term 0.5.2
└── prettytable-rs 0.8.0
    └── aos 0.1.0
        └── analytics 0.1.0

Crate:         nb-connect
Version:       1.0.2
Warning:       yanked
Dependency tree:
nb-connect 1.0.2
└── async-io 1.3.1
    ├── async-std 1.9.0
    │   ├── scheduler 0.1.0
    │   │   └── aos 0.1.0
    │   │       └── analytics 0.1.0
    │   ├── aos 0.1.0
    │   └── analytics 0.1.0
    └── async-global-executor 2.0.2
        └── async-std 1.9.0

warning: 5 allowed warnings found