Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (206 crate dependencies) Crate: beef Version: 0.4.4 Title: beef::Cow lacks a Sync bound on its Send trait allowing for data races Date: 2020-10-28 ID: RUSTSEC-2020-0122 URL: https://rustsec.org/advisories/RUSTSEC-2020-0122 Solution: Upgrade to >=0.5.0 Dependency tree: beef 0.4.4 Crate: nix Version: 0.19.1 Title: Out-of-bounds write in nix::unistd::getgrouplist Date: 2021-09-27 ID: RUSTSEC-2021-0119 URL: https://rustsec.org/advisories/RUSTSEC-2021-0119 Solution: Upgrade to ^0.20.2 OR ^0.21.2 OR ^0.22.2 OR >=0.23.0 Dependency tree: nix 0.19.1 error: 2 vulnerabilities found!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d07da4e65b17efb452ead410648d806316d42240 commit d07da4e65b17efb452ead410648d806316d42240 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-08-06 17:36:45 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-08-06 17:37:31 +0000 dev-lang/starlark-rust: drop 0.7.0 Bug: https://bugs.gentoo.org/864043 Signed-off-by: Zac Medico <zmedico@gentoo.org> dev-lang/starlark-rust/Manifest | 43 ----- dev-lang/starlark-rust/starlark-rust-0.7.0.ebuild | 181 ---------------------- 2 files changed, 224 deletions(-)
