Summary: | dev-util/tree-sitter-cli: 'cargo audit' reports one or more bundled CRATES as vulnerable | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | abdelqaderali, matthew, mva, sarnex |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2022-08-06 15:34:11 UTC
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61e65e80375cb1aeee6ca3ac4689d8ac70e78e95 commit 61e65e80375cb1aeee6ca3ac4689d8ac70e78e95 Author: Vadim Misbakh-Soloviov <mva@gentoo.org> AuthorDate: 2023-04-11 16:01:34 +0000 Commit: Vadim Misbakh-Soloviov <mva@gentoo.org> CommitDate: 2023-04-13 23:13:45 +0000 dev-util/tree-sitter-cli: bump Closes: https://bugs.gentoo.org/864073 Signed-off-by: Vadim Misbakh-Soloviov <mva@gentoo.org> dev-util/tree-sitter-cli/Manifest | 104 ++++++++++++++ .../tree-sitter-cli/tree-sitter-cli-0.20.8.ebuild | 156 +++++++++++++++++++++ 2 files changed, 260 insertions(+) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 540 security advisories (from /root/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (135 crate dependencies) Crate: ansi_term Version: 0.12.1 Warning: unmaintained Title: ansi_term is Unmaintained Date: 2021-08-18 ID: RUSTSEC-2021-0139 URL: https://rustsec.org/advisories/RUSTSEC-2021-0139 Dependency tree: ansi_term 0.12.1 ├── tree-sitter-cli 0.20.8 ├── pretty_assertions 0.7.2 │ └── tree-sitter-cli 0.20.8 └── clap 2.34.0 └── tree-sitter-cli 0.20.8 Crate: difference Version: 2.0.0 Warning: unmaintained Title: difference is unmaintained Date: 2020-12-20 ID: RUSTSEC-2020-0095 URL: https://rustsec.org/advisories/RUSTSEC-2020-0095 Dependency tree: difference 2.0.0 └── tree-sitter-cli 0.20.8 warning: 2 allowed warnings found The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24c82233a82775202e8bc3698babae923c59e36a commit 24c82233a82775202e8bc3698babae923c59e36a Author: Vadim Misbakh-Soloviov <mva@gentoo.org> AuthorDate: 2023-04-14 10:13:41 +0000 Commit: Vadim Misbakh-Soloviov <mva@gentoo.org> CommitDate: 2023-04-14 10:13:41 +0000 dev-util/tree-sitter-cli: add 0.20.8 Closes: https://bugs.gentoo.org/864073 Signed-off-by: Vadim Misbakh-Soloviov <mva@gentoo.org> dev-util/tree-sitter-cli/Manifest | 104 ++++++++++++++ .../tree-sitter-cli/tree-sitter-cli-0.20.8.ebuild | 156 +++++++++++++++++++++ 2 files changed, 260 insertions(+) |