chore: bump tokio from 1.40.0 to 1.41.0 (#5000) #5481
GitHub Actions / Security audit
succeeded
Nov 4, 2024 in 1s
Security advisories found
1 unmaintained, 1 unsound, 3 other
Details
Warnings
RUSTSEC-2024-0370
proc-macro-error is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | proc-macro-error |
| Version | 1.0.4 |
| URL | https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20 |
| Date | 2024-09-01 |
proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.
proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.
Possible Alternative(s)
RUSTSEC-2023-0086
Multiple soundness issues
| Details | |
|---|---|
| Status | unsound |
| Package | lexical-core |
| Version | 0.8.5 |
| Date | 2023-09-03 |
RUSTSEC-2024-0377 contains multiple soundness issues:
- Bytes::read() allows creating instances of types with invalid bit patterns
- BytesIter::read() advances iterators out of bounds
- The
BytesItertrait has safety invariants but is public and not markedunsafe write_float()callsMaybeUninit::assume_init()on uninitialized data, which is is not allowed by the Rust abstract machineradix()callsMaybeUninit::assume_init()on uninitialized data, which is is not allowed by the Rust abstract machine
Version 1.0 fixes these issues, removes the vast majority of unsafe code, and also fixes some correctness issues.
Crate bytes is yanked
No extra details provided.
Crate clang-sys is yanked
No extra details provided.
Crate hashbrown is yanked
No extra details provided.
Loading