Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (29 crate dependencies) Crate: regex Version: 1.3.1 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.3.1 Crate: thread_local Version: 0.3.6 Title: Data race in `Iter` and `IterMut` Date: 2022-01-23 ID: RUSTSEC-2022-0006 URL: https://rustsec.org/advisories/RUSTSEC-2022-0006 Solution: Upgrade to >=1.1.4 Dependency tree: thread_local 0.3.6 error: 2 vulnerabilities found!
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca0744b9b54a4cc0c07f61f1e993221b8fc50cc6 commit ca0744b9b54a4cc0c07f61f1e993221b8fc50cc6 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2024-06-07 12:28:06 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2024-06-07 12:28:06 +0000 app-text/fblog: Bump to 4.10.0, drop old 1.4.1, EAPI 8 Closes: https://bugs.gentoo.org/864037 Signed-off-by: James Le Cuirot <chewi@gentoo.org> app-text/fblog/Manifest | 145 +++++++++++++++++++++++++++------- app-text/fblog/fblog-1.4.1.ebuild | 55 ------------- app-text/fblog/fblog-4.10.0.ebuild | 156 +++++++++++++++++++++++++++++++++++++ 3 files changed, 273 insertions(+), 83 deletions(-)
