Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (261 crate dependencies) Crate: chrono Version: 0.4.19 Title: Potential segfault in `localtime_r` invocations Date: 2020-11-10 ID: RUSTSEC-2020-0159 URL: https://rustsec.org/advisories/RUSTSEC-2020-0159 Solution: Upgrade to >=0.4.20 Dependency tree: chrono 0.4.19 Crate: crossbeam-deque Version: 0.8.0 Title: Data race in crossbeam-deque Date: 2021-07-30 ID: RUSTSEC-2021-0093 URL: https://rustsec.org/advisories/RUSTSEC-2021-0093 Solution: Upgrade to >=0.7.4, <0.8.0 OR >=0.8.1 Dependency tree: crossbeam-deque 0.8.0 Crate: hyper Version: 0.14.5 Title: Lenient `hyper` header parsing of `Content-Length` could allow request smuggling Date: 2021-07-07 ID: RUSTSEC-2021-0078 URL: https://rustsec.org/advisories/RUSTSEC-2021-0078 Solution: Upgrade to >=0.14.10 Dependency tree: hyper 0.14.5 Crate: hyper Version: 0.14.5 Title: Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss Date: 2021-07-07 ID: RUSTSEC-2021-0079 URL: https://rustsec.org/advisories/RUSTSEC-2021-0079 Solution: Upgrade to >=0.14.10 Crate: openssl-src Version: 111.15.0 Title: SM2 Decryption Buffer Overflow Date: 2021-08-24 ID: RUSTSEC-2021-0097 URL: https://rustsec.org/advisories/RUSTSEC-2021-0097 Solution: Upgrade to >=111.16 Dependency tree: openssl-src 111.15.0 Crate: openssl-src Version: 111.15.0 Title: Read buffer overruns processing ASN.1 strings Date: 2021-08-24 ID: RUSTSEC-2021-0098 URL: https://rustsec.org/advisories/RUSTSEC-2021-0098 Solution: Upgrade to >=111.16 Crate: openssl-src Version: 111.15.0 Title: Infinite loop in `BN_mod_sqrt()` reachable when parsing certificates Date: 2022-03-15 ID: RUSTSEC-2022-0014 URL: https://rustsec.org/advisories/RUSTSEC-2022-0014 Solution: Upgrade to >=111.18, <300.0 OR >=300.0.5 Crate: openssl-src Version: 111.15.0 Title: AES OCB fails to encrypt some bytes Date: 2022-07-05 ID: RUSTSEC-2022-0032 URL: https://rustsec.org/advisories/RUSTSEC-2022-0032 Solution: Upgrade to >=111.22, <300.0 OR >=300.0.9 Crate: regex Version: 1.4.5 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.4.5 Crate: sys-info Version: 0.6.1 Title: Double free when calling `sys_info::disk_info` from multiple threads Date: 2020-05-31 ID: RUSTSEC-2020-0100 URL: https://rustsec.org/advisories/RUSTSEC-2020-0100 Solution: Upgrade to >=0.8.0 Dependency tree: sys-info 0.6.1 Crate: tar Version: 0.4.33 Title: Links in archive can create arbitrary directories Date: 2021-07-19 ID: RUSTSEC-2021-0080 URL: https://rustsec.org/advisories/RUSTSEC-2021-0080 Solution: Upgrade to >=0.4.36 Dependency tree: tar 0.4.33 Crate: time Version: 0.1.43 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.43 Crate: tokio Version: 1.4.0 Title: Task dropped in wrong thread when aborting `LocalSet` task Date: 2021-07-07 ID: RUSTSEC-2021-0072 URL: https://rustsec.org/advisories/RUSTSEC-2021-0072 Solution: Upgrade to >=1.5.1, <1.6.0 OR >=1.6.3, <1.7.0 OR >=1.7.2, <1.8.0 OR >=1.8.1 Dependency tree: tokio 1.4.0 Crate: tokio Version: 1.4.0 Title: Data race when sending and receiving after closing a `oneshot` channel Date: 2021-11-16 ID: RUSTSEC-2021-0124 URL: https://rustsec.org/advisories/RUSTSEC-2021-0124 Solution: Upgrade to >=1.8.4, <1.9.0 OR >=1.13.1 Crate: zeroize_derive Version: 1.0.1 Title: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s Date: 2021-09-24 ID: RUSTSEC-2021-0115 URL: https://rustsec.org/advisories/RUSTSEC-2021-0115 Solution: Upgrade to >=1.1.1 Dependency tree: zeroize_derive 1.0.1 Crate: aes-soft Version: 0.5.0 Warning: unmaintained Title: `aes-soft` has been merged into the `aes` crate Date: 2021-04-29 ID: RUSTSEC-2021-0060 URL: https://rustsec.org/advisories/RUSTSEC-2021-0060 Dependency tree: aes-soft 0.5.0 Crate: aesni Version: 0.8.0 Warning: unmaintained Title: `aesni` has been merged into the `aes` crate Date: 2021-04-29 ID: RUSTSEC-2021-0059 URL: https://rustsec.org/advisories/RUSTSEC-2021-0059 Dependency tree: aesni 0.8.0 Crate: block-cipher Version: 0.8.0 Warning: unmaintained Title: crate has been renamed to `cipher` Date: 2020-10-15 ID: RUSTSEC-2020-0057 URL: https://rustsec.org/advisories/RUSTSEC-2020-0057 Dependency tree: block-cipher 0.8.0 Crate: cpuid-bool Version: 0.1.2 Warning: unmaintained Title: `cpuid-bool` has been renamed to `cpufeatures` Date: 2021-05-06 ID: RUSTSEC-2021-0064 URL: https://rustsec.org/advisories/RUSTSEC-2021-0064 Dependency tree: cpuid-bool 0.1.2 Crate: stream-cipher Version: 0.7.1 Warning: unmaintained Title: crate has been renamed to `cipher` Date: 2020-10-15 ID: RUSTSEC-2020-0058 URL: https://rustsec.org/advisories/RUSTSEC-2020-0058 Dependency tree: stream-cipher 0.7.1 Crate: term Version: 0.5.1 Warning: unmaintained Title: term is looking for a new maintainer Date: 2018-11-19 ID: RUSTSEC-2018-0015 URL: https://rustsec.org/advisories/RUSTSEC-2018-0015 Dependency tree: term 0.5.1 error: 15 vulnerabilities found! warning: 6 allowed warnings found
