Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (411 crate dependencies) Crate: openssl-src Version: 111.16.0 Title: Infinite loop in `BN_mod_sqrt()` reachable when parsing certificates Date: 2022-03-15 ID: RUSTSEC-2022-0014 URL: https://rustsec.org/advisories/RUSTSEC-2022-0014 Solution: Upgrade to >=111.18, <300.0 OR >=300.0.5 Dependency tree: openssl-src 111.16.0 Crate: openssl-src Version: 111.16.0 Title: AES OCB fails to encrypt some bytes Date: 2022-07-05 ID: RUSTSEC-2022-0032 URL: https://rustsec.org/advisories/RUSTSEC-2022-0032 Solution: Upgrade to >=111.22, <300.0 OR >=300.0.9 Crate: openssl-src Version: 111.17.0 Title: Infinite loop in `BN_mod_sqrt()` reachable when parsing certificates Date: 2022-03-15 ID: RUSTSEC-2022-0014 URL: https://rustsec.org/advisories/RUSTSEC-2022-0014 Solution: Upgrade to >=111.18, <300.0 OR >=300.0.5 Dependency tree: openssl-src 111.17.0 Crate: openssl-src Version: 111.17.0 Title: AES OCB fails to encrypt some bytes Date: 2022-07-05 ID: RUSTSEC-2022-0032 URL: https://rustsec.org/advisories/RUSTSEC-2022-0032 Solution: Upgrade to >=111.22, <300.0 OR >=300.0.9 Crate: openssl-src Version: 111.18.0 Title: AES OCB fails to encrypt some bytes Date: 2022-07-05 ID: RUSTSEC-2022-0032 URL: https://rustsec.org/advisories/RUSTSEC-2022-0032 Solution: Upgrade to >=111.22, <300.0 OR >=300.0.9 Dependency tree: openssl-src 111.18.0 Crate: openssl-src Version: 111.21.0 Title: AES OCB fails to encrypt some bytes Date: 2022-07-05 ID: RUSTSEC-2022-0032 URL: https://rustsec.org/advisories/RUSTSEC-2022-0032 Solution: Upgrade to >=111.22, <300.0 OR >=300.0.9 Dependency tree: openssl-src 111.21.0 Crate: regex Version: 1.3.5 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.3.5 Crate: regex Version: 1.5.4 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.5.4 Crate: sized-chunks Version: 0.5.3 Title: Multiple soundness issues in Chunk and InlineArray Date: 2020-09-06 ID: RUSTSEC-2020-0041 URL: https://rustsec.org/advisories/RUSTSEC-2020-0041 Solution: Upgrade to >=0.6.3 Dependency tree: sized-chunks 0.5.3 Crate: smallvec Version: 1.2.0 Title: Buffer overflow in SmallVec::insert_many Date: 2021-01-08 ID: RUSTSEC-2021-0003 URL: https://rustsec.org/advisories/RUSTSEC-2021-0003 Solution: Upgrade to >=0.6.14, <1.0.0 OR >=1.6.1 Dependency tree: smallvec 1.2.0 Crate: tar Version: 0.4.26 Title: Links in archive can create arbitrary directories Date: 2021-07-19 ID: RUSTSEC-2021-0080 URL: https://rustsec.org/advisories/RUSTSEC-2021-0080 Solution: Upgrade to >=0.4.36 Dependency tree: tar 0.4.26 Crate: thread_local Version: 1.0.1 Title: Data race in `Iter` and `IterMut` Date: 2022-01-23 ID: RUSTSEC-2022-0006 URL: https://rustsec.org/advisories/RUSTSEC-2022-0006 Solution: Upgrade to >=1.1.4 Dependency tree: thread_local 1.0.1 Crate: thread_local Version: 1.1.3 Title: Data race in `Iter` and `IterMut` Date: 2022-01-23 ID: RUSTSEC-2022-0006 URL: https://rustsec.org/advisories/RUSTSEC-2022-0006 Solution: Upgrade to >=1.1.4 Dependency tree: thread_local 1.1.3 error: 13 vulnerabilities found!
0.9.14 is completely clean now.
Thanks! All done then.
