deps.rs
deps.rs copied to clipboard
Yanked version ignored too much
Related to: https://github.com/rust-disk-partition-management/gptman/pull/82#discussion_r873071638
We noticed that yanked dependencies do not seem to be reported at all. They're not necessarily vulnerabilities but they should be reported at least as outdated.
This can be observed in commit https://github.com/rust-disk-partition-management/gptman/commit/d7ca717f0a749e82dd9cad5f8c69efb1c6cb169c
It is important to note that:
-
crossbeam-utils
is not a direct dependency of the project - it's only pulled for the binary of this crate and not the library
Possibly related to #109