Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (82 crate dependencies) Crate: beef Version: 0.4.4 Title: beef::Cow lacks a Sync bound on its Send trait allowing for data races Date: 2020-10-28 ID: RUSTSEC-2020-0122 URL: https://rustsec.org/advisories/RUSTSEC-2020-0122 Solution: Upgrade to >=0.5.0 Dependency tree: beef 0.4.4 Crate: chrono Version: 0.4.19 Title: Potential segfault in `localtime_r` invocations Date: 2020-11-10 ID: RUSTSEC-2020-0159 URL: https://rustsec.org/advisories/RUSTSEC-2020-0159 Solution: Upgrade to >=0.4.20 Dependency tree: chrono 0.4.19 Crate: crossbeam-deque Version: 0.7.3 Title: Data race in crossbeam-deque Date: 2021-07-30 ID: RUSTSEC-2021-0093 URL: https://rustsec.org/advisories/RUSTSEC-2021-0093 Solution: Upgrade to >=0.7.4, <0.8.0 OR >=0.8.1 Dependency tree: crossbeam-deque 0.7.3 Crate: regex Version: 1.4.1 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.4.1 Crate: thread_local Version: 1.0.1 Title: Data race in `Iter` and `IterMut` Date: 2022-01-23 ID: RUSTSEC-2022-0006 URL: https://rustsec.org/advisories/RUSTSEC-2022-0006 Solution: Upgrade to >=1.1.4 Dependency tree: thread_local 1.0.1 Crate: time Version: 0.1.44 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.44 Crate: term Version: 0.6.1 Warning: unmaintained Title: term is looking for a new maintainer Date: 2018-11-19 ID: RUSTSEC-2018-0015 URL: https://rustsec.org/advisories/RUSTSEC-2018-0015 Dependency tree: term 0.6.1 error: 6 vulnerabilities found! warning: 1 allowed warning found
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=acc699738b23e09aa5fcf13e686ef55c55109456 commit acc699738b23e09aa5fcf13e686ef55c55109456 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-01-14 14:45:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-01-14 14:45:29 +0000 app-misc/skim: add 0.10.4 Closes: https://bugs.gentoo.org/864022 Closes: https://bugs.gentoo.org/910423 Signed-off-by: Sam James <sam@gentoo.org> app-misc/skim/Manifest | 90 ++++++++++++++++++++++++ app-misc/skim/skim-0.10.4.ebuild | 148 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 238 insertions(+)