Dear maintainer(s), 'cargo audit' reports one or more bundled CRATES as vulnerable. To reproduce please install dev-util/cargo-audit and run: cargo audit --file Cargo.lock where Cargo.lock is generated during the build of this package. For simplicity, I'm attaching here the content of 'cargo audit' here: Loaded 433 security advisories (from /tmp/advisory-db) Scanning Cargo.lock for vulnerabilities (161 crate dependencies) Crate: cranelift-codegen Version: 0.44.0 Title: Memory access due to code generation flaw in Cranelift module Date: 2021-05-21 ID: RUSTSEC-2021-0067 URL: https://rustsec.org/advisories/RUSTSEC-2021-0067 Solution: Upgrade to >=0.73.1 Dependency tree: cranelift-codegen 0.44.0 Crate: crossbeam-deque Version: 0.7.2 Title: Data race in crossbeam-deque Date: 2021-07-30 ID: RUSTSEC-2021-0093 URL: https://rustsec.org/advisories/RUSTSEC-2021-0093 Solution: Upgrade to >=0.7.4, <0.8.0 OR >=0.8.1 Dependency tree: crossbeam-deque 0.7.2 Crate: generic-array Version: 0.12.3 Title: arr! macro erases lifetimes Date: 2020-04-09 ID: RUSTSEC-2020-0146 URL: https://rustsec.org/advisories/RUSTSEC-2020-0146 Solution: Upgrade to >=0.8.4, <0.9.0 OR >=0.9.1, <0.10.0 OR >=0.10.1, <0.11.0 OR >=0.11.2, <0.12.0 OR >=0.12.4, <0.13.0 OR >=0.13.3 Dependency tree: generic-array 0.12.3 Crate: owning_ref Version: 0.4.0 Title: Multiple soundness issues in `owning_ref` Date: 2022-01-26 ID: RUSTSEC-2022-0040 URL: https://rustsec.org/advisories/RUSTSEC-2022-0040 Solution: No fixed upgrade is available! Dependency tree: owning_ref 0.4.0 Crate: raw-cpuid Version: 6.1.0 Title: Soundness issues in `raw-cpuid` Date: 2021-01-20 ID: RUSTSEC-2021-0013 URL: https://rustsec.org/advisories/RUSTSEC-2021-0013 Solution: Upgrade to >=9.0.0 Dependency tree: raw-cpuid 6.1.0 Crate: raw-cpuid Version: 6.1.0 Title: Optional `Deserialize` implementations lacking validation Date: 2021-01-20 ID: RUSTSEC-2021-0089 URL: https://rustsec.org/advisories/RUSTSEC-2021-0089 Solution: Upgrade to >=9.1.1 Crate: regex Version: 1.3.1 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.3.1 Crate: smallvec Version: 0.6.13 Title: Buffer overflow in SmallVec::insert_many Date: 2021-01-08 ID: RUSTSEC-2021-0003 URL: https://rustsec.org/advisories/RUSTSEC-2021-0003 Solution: Upgrade to >=0.6.14, <1.0.0 OR >=1.6.1 Dependency tree: smallvec 0.6.13 Crate: thread_local Version: 0.3.6 Title: Data race in `Iter` and `IterMut` Date: 2022-01-23 ID: RUSTSEC-2022-0006 URL: https://rustsec.org/advisories/RUSTSEC-2022-0006 Solution: Upgrade to >=1.1.4 Dependency tree: thread_local 0.3.6 Crate: time Version: 0.1.42 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.42 Crate: failure Version: 0.1.6 Warning: unmaintained Title: failure is officially deprecated/unmaintained Date: 2020-05-02 ID: RUSTSEC-2020-0036 URL: https://rustsec.org/advisories/RUSTSEC-2020-0036 Dependency tree: failure 0.1.6 Crate: memmap Version: 0.7.0 Warning: unmaintained Title: memmap is unmaintained Date: 2020-12-02 ID: RUSTSEC-2020-0077 URL: https://rustsec.org/advisories/RUSTSEC-2020-0077 Dependency tree: memmap 0.7.0 Crate: cargo_toml Version: 0.6.4 Warning: yanked Dependency tree: cargo_toml 0.6.4 Crate: crossbeam-deque Version: 0.7.2 Warning: yanked Crate: wabt Version: 0.9.2 Warning: yanked Dependency tree: wabt 0.9.2 error: 10 vulnerabilities found! warning: 5 allowed warnings found
