Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (106 crate dependencies) Crate: chrono Version: 0.4.19 Title: Potential segfault in `localtime_r` invocations Date: 2020-11-10 ID: RUSTSEC-2020-0159 URL: https://rustsec.org/advisories/RUSTSEC-2020-0159 Solution: Upgrade to >=0.4.20 Dependency tree: chrono 0.4.19 Crate: regex Version: 1.4.3 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.4.3 Crate: thread_local Version: 1.1.3 Title: Data race in `Iter` and `IterMut` Date: 2022-01-23 ID: RUSTSEC-2022-0006 URL: https://rustsec.org/advisories/RUSTSEC-2022-0006 Solution: Upgrade to >=1.1.4 Dependency tree: thread_local 1.1.3 Crate: time Version: 0.1.43 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.43 Crate: difference Version: 2.0.0 Warning: unmaintained Title: difference is unmaintained Date: 2020-12-20 ID: RUSTSEC-2020-0095 URL: https://rustsec.org/advisories/RUSTSEC-2020-0095 Dependency tree: difference 2.0.0 error: 4 vulnerabilities found! warning: 1 allowed warning found
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61e65e80375cb1aeee6ca3ac4689d8ac70e78e95 commit 61e65e80375cb1aeee6ca3ac4689d8ac70e78e95 Author: Vadim Misbakh-Soloviov <mva@gentoo.org> AuthorDate: 2023-04-11 16:01:34 +0000 Commit: Vadim Misbakh-Soloviov <mva@gentoo.org> CommitDate: 2023-04-13 23:13:45 +0000 dev-util/tree-sitter-cli: bump Closes: https://bugs.gentoo.org/864073 Signed-off-by: Vadim Misbakh-Soloviov <mva@gentoo.org> dev-util/tree-sitter-cli/Manifest | 104 ++++++++++++++ .../tree-sitter-cli/tree-sitter-cli-0.20.8.ebuild | 156 +++++++++++++++++++++ 2 files changed, 260 insertions(+)
Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 540 security advisories (from /root/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (135 crate dependencies) Crate: ansi_term Version: 0.12.1 Warning: unmaintained Title: ansi_term is Unmaintained Date: 2021-08-18 ID: RUSTSEC-2021-0139 URL: https://rustsec.org/advisories/RUSTSEC-2021-0139 Dependency tree: ansi_term 0.12.1 ├── tree-sitter-cli 0.20.8 ├── pretty_assertions 0.7.2 │ └── tree-sitter-cli 0.20.8 └── clap 2.34.0 └── tree-sitter-cli 0.20.8 Crate: difference Version: 2.0.0 Warning: unmaintained Title: difference is unmaintained Date: 2020-12-20 ID: RUSTSEC-2020-0095 URL: https://rustsec.org/advisories/RUSTSEC-2020-0095 Dependency tree: difference 2.0.0 └── tree-sitter-cli 0.20.8 warning: 2 allowed warnings found
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24c82233a82775202e8bc3698babae923c59e36a commit 24c82233a82775202e8bc3698babae923c59e36a Author: Vadim Misbakh-Soloviov <mva@gentoo.org> AuthorDate: 2023-04-14 10:13:41 +0000 Commit: Vadim Misbakh-Soloviov <mva@gentoo.org> CommitDate: 2023-04-14 10:13:41 +0000 dev-util/tree-sitter-cli: add 0.20.8 Closes: https://bugs.gentoo.org/864073 Signed-off-by: Vadim Misbakh-Soloviov <mva@gentoo.org> dev-util/tree-sitter-cli/Manifest | 104 ++++++++++++++ .../tree-sitter-cli/tree-sitter-cli-0.20.8.ebuild | 156 +++++++++++++++++++++ 2 files changed, 260 insertions(+)