Audit finding: https://rustsec.org/advisories/RUSTSEC-2023-0081 #36616
Comments
|
Can be addressed with this patch, which also applies to our 0.3.1 version. |
24 tasks
|
I'd prefer not to patch this, can we ignore this and wait for a bump to lol_html? This is only used by speedreader |
|
I don't think it's urgent. The main issue is being insensitive to any security issues found in the unmaintained library between ignoring the warning and actually bumping lol_html. |
rillian
added a commit
to brave/audit-config
that referenced
this issue
Mar 7, 2024
This crate is unmaintained. Ignore the warning until lol_html (our only path to the dependency) publishes an update removing it. Resolves brave/brave-browser#36616
|
Audit failed on nightly/v1.65.66 due to https://rustsec.org/advisories/RUSTSEC-2023-0081. |
|
Audit failed on beta/v1.64.98 due to https://rustsec.org/advisories/RUSTSEC-2023-0081. |
|
Audit failed on release/v1.63.171 due to https://rustsec.org/advisories/RUSTSEC-2023-0081. |
diracdeltas
pushed a commit
to brave/audit-config
that referenced
this issue
Mar 8, 2024
This crate is unmaintained. Ignore the warning until lol_html (our only path to the dependency) publishes an update removing it. Resolves brave/brave-browser#36616
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Greetings human!
Bad news. Audit failed on nightly/v1.65.65 due to https://rustsec.org/advisories/RUSTSEC-2023-0081.
The text was updated successfully, but these errors were encountered: