Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (171 crate dependencies) Crate: chrono Version: 0.4.19 Title: Potential segfault in `localtime_r` invocations Date: 2020-11-10 ID: RUSTSEC-2020-0159 URL: https://rustsec.org/advisories/RUSTSEC-2020-0159 Solution: Upgrade to >=0.4.20 Dependency tree: chrono 0.4.19 Crate: time Version: 0.1.44 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.44 Crate: term_size Version: 0.3.2 Warning: unmaintained Title: `term_size` is unmaintained; use `terminal_size` instead Date: 2020-11-03 ID: RUSTSEC-2020-0163 URL: https://rustsec.org/advisories/RUSTSEC-2020-0163 Dependency tree: term_size 0.3.2 error: 2 vulnerabilities found! warning: 1 allowed warning found
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16fa78999cddab9096c7d61945ed7c459c500735 commit 16fa78999cddab9096c7d61945ed7c459c500735 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-09-01 03:05:33 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-09-01 03:05:33 +0000 dev-util/git-delta: add 0.18.1 Move to using bundled libgit2. I don't like it either but keeping the system one downgraded is painful. Closes: https://bugs.gentoo.org/828561 Closes: https://bugs.gentoo.org/864064 Closes: https://bugs.gentoo.org/937988 Signed-off-by: Sam James <sam@gentoo.org> dev-util/git-delta/Manifest | 34 ++++ dev-util/git-delta/git-delta-0.18.1.ebuild | 268 +++++++++++++++++++++++++++++ 2 files changed, 302 insertions(+)
