Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cargo audit shows vulnerability and warnings because of dependencies on some outdated crates #1191

Closed
susurri opened this issue Jan 11, 2022 · 1 comment · Fixed by #1195
Closed
Labels
bug Something isn't working
Milestone

Comments

@susurri
Copy link

susurri commented Jan 11, 2022

cargo init --bin
cat Cargo.toml

[package]
name = "test-iced"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
iced = "0.3"

cargo build && cargo audit

Crate:         nix
Version:       0.18.0
Title:         Out-of-bounds write in nix::unistd::getgrouplist
Date:          2021-09-27
ID:            RUSTSEC-2021-0119
URL:           https://rustsec.org/advisories/RUSTSEC-2021-0119
Solution:      Upgrade to ^0.20.2 OR ^0.21.2 OR ^0.22.2 OR >=0.23.0
Dependency tree: 
nix 0.18.0

Crate:         net2
Version:       0.2.37
Warning:       unmaintained
Title:         `net2` crate has been deprecated; use `socket2` instead
Date:          2020-05-01
ID:            RUSTSEC-2020-0016
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0016
Dependency tree: 
net2 0.2.37
├── miow 0.2.2
│   └── mio 0.6.23
│       ├── winit 0.24.0
│       │   └── iced_winit 0.3.0
│       │       └── iced 0.3.0
│       │           └── test-iced 0.1.0
│       └── mio-extras 2.0.6
│           └── winit 0.24.0
└── mio 0.6.23

Crate:         spirv_headers
Version:       1.5.0
Warning:       unmaintained
Title:         spirv_headers is unmaintained, use spirv instead
Date:          2021-08-16
ID:            RUSTSEC-2021-0096
URL:           https://rustsec.org/advisories/RUSTSEC-2021-0096
Dependency tree: 
spirv_headers 1.5.0
└── naga 0.3.2
    ├── wgpu-core 0.7.1
    │   └── wgpu 0.7.1
    │       ├── wgpu_glyph 0.11.0
    │       │   └── iced_wgpu 0.4.0
    │       │       └── iced 0.3.0
    │       │           └── test-iced 0.1.0
    │       └── iced_wgpu 0.4.0
    ├── wgpu 0.7.1
    ├── gfx-hal 0.7.0
    │   ├── wgpu-core 0.7.1
    │   ├── gfx-backend-vulkan 0.7.0
    │   │   └── wgpu-core 0.7.1
    │   ├── gfx-backend-metal 0.7.0
    │   │   └── wgpu-core 0.7.1
    │   ├── gfx-backend-gl 0.7.1
    │   │   └── wgpu-core 0.7.1
    │   ├── gfx-backend-empty 0.7.0
    │   │   └── wgpu-core 0.7.1
    │   ├── gfx-backend-dx12 0.7.1
    │   │   └── wgpu-core 0.7.1
    │   ├── gfx-backend-dx11 0.7.0
    │   │   └── wgpu-core 0.7.1
    │   └── gfx-auxil 0.8.0
    │       ├── gfx-backend-metal 0.7.0
    │       ├── gfx-backend-gl 0.7.1
    │       ├── gfx-backend-dx12 0.7.1
    │       └── gfx-backend-dx11 0.7.0
    ├── gfx-backend-vulkan 0.7.0
    ├── gfx-backend-metal 0.7.0
    └── gfx-backend-gl 0.7.1

error: 1 vulnerability found!
warning: 2 allowed warnings found
@hecrj
Copy link
Member

hecrj commented Jan 13, 2022

I have just opened #1195, which should address all of these! Let me know.

@hecrj hecrj added the bug Something isn't working label Jan 13, 2022
@hecrj hecrj added this to the 0.4.0 milestone Jan 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants