add country isocode validation to the atoma p2p service #101
Security advisories found
6 unmaintained, 2 unsound
Details
Warnings
RUSTSEC-2024-0375
attyis unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | atty |
| Version | 0.2.14 |
| URL | softprops/atty#57 |
| Date | 2024-09-25 |
The maintainer of atty has published an official notice that the crate is no longer
under development, and that users should instead rely on the functionality in the standard library's IsTerminal trait.
Alternative(s)
- std::io::IsTerminal - Stable since Rust 1.70.0 and the recommended replacement per the
attymaintainer. - is-terminal - Standalone crate supporting Rust older than 1.70.0
RUSTSEC-2024-0388
derivativeis unmaintained; consider using an alternative
| Details | |
|---|---|
| Status | unmaintained |
| Package | derivative |
| Version | 2.2.0 |
| URL | mcarton/rust-derivative#117 |
| Date | 2024-06-26 |
The derivative crate is no longer maintained.
Consider using any alternative, for instance:
RUSTSEC-2020-0095
difference is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | difference |
| Version | 2.0.0 |
| URL | johannhof/difference.rs#45 |
| Date | 2020-12-20 |
The author of the difference crate is unresponsive.
Maintained alternatives:
RUSTSEC-2024-0370
proc-macro-error is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | proc-macro-error |
| Version | 1.0.4 |
| URL | https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20 |
| Date | 2024-09-01 |
proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.
proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.
Possible Alternative(s)
RUSTSEC-2023-0040
userscrate is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | users |
| Version | 0.11.0 |
| URL | ogham/rust-users#54 |
| Date | 2023-06-01 |
The users crate hasn't seen any action since 2020-10-08. The developer seems MIA since.
Recommended alternatives
RUSTSEC-2024-0320
yaml-rust is unmaintained.
| Details | |
|---|---|
| Status | unmaintained |
| Package | yaml-rust |
| Version | 0.4.5 |
| URL | rustsec/advisory-db#1921 |
| Date | 2024-03-20 |
The maintainer seems unreachable.
Many issues and pull requests have been submitted over the years
without any response.
Alternatives
Consider switching to the actively maintained yaml-rust2 fork of the original project:
RUSTSEC-2021-0145
Potential unaligned read
| Details | |
|---|---|
| Status | unsound |
| Package | atty |
| Version | 0.2.14 |
| URL | softprops/atty#50 |
| Date | 2021-07-04 |
On windows, atty dereferences a potentially unaligned pointer.
In practice however, the pointer won't be unaligned unless a custom global allocator is used.
In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment.
atty is Unmaintained
A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.
Last release of atty was almost 3 years ago.
Possible Alternative(s)
The below list has not been vetted in any way and may or may not contain alternatives;
- std::io::IsTerminal - Stable since Rust 1.70.0
- is-terminal - Standalone crate supporting Rust older than 1.70.0
RUSTSEC-2023-0059
Unaligned read of
*const *const c_charpointer
| Details | |
|---|---|
| Status | unsound |
| Package | users |
| Version | 0.11.0 |
| URL | ogham/rust-users#55 |
| Date | 2023-09-10 |
Affected versions dereference a potentially unaligned pointer. The pointer is
commonly unaligned in practice, resulting in undefined behavior.
In some build modes, this is observable as a panic followed by abort. In other
build modes the UB may manifest in some other way, including the possibility of
working correctly in some architectures.
The crate is not currently maintained, so a patched version is not available.