Merge pull request #45 from DavidAguilo/main #219
GitHub Actions / Security audit
failed
Jun 18, 2024 in 0s
Security advisories found
1 advisory(ies), 1 unmaintained
Details
Vulnerabilities
RUSTSEC-2021-0073
Conversion from
prost_types::TimestamptoSystemTimecan cause an overflow and panic
| Details | |
|---|---|
| Package | prost-types |
| Version | 0.6.1 |
| URL | tokio-rs/prost#438 |
| Date | 2021-07-08 |
| Patched versions | >=0.8.0 |
Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a Timestamp to SystemTime.
It is recommended to upgrade to prost-types v0.8 and switch the usage of From<Timestamp> for SystemTime to TryFrom<Timestamp> for SystemTime.
See #438 for more information.
Warnings
RUSTSEC-2024-0320
yaml-rust is unmaintained.
| Details | |
|---|---|
| Status | unmaintained |
| Package | yaml-rust |
| Version | 0.4.5 |
| URL | rustsec/advisory-db#1921 |
| Date | 2024-03-20 |
The maintainer seems unreachable.
Many issues and pull requests have been submitted over the years
without any response.
Alternatives
Consider switching to the actively maintained yaml-rust2 fork of the original project:
Loading