fermyon
Address `cargo audit` issues
#3320 addressed some of the issues raised by cargo audit: the ones that do not require code changes. The remainder will require one or more of the following:
- upgrading to newer, API-breaking dependency versions, where available, and fixing any compilation issues
- submitting upstream patches to dependencies which are maintained but have
cargo auditissues - finding replacements for any no-longer-maintained dependencies
The output of cargo audit is quite verbose (even with the -q option), so I won't paste it here. To see the full list, run cargo install cargo-audit --locked --features=fix && cargo audit at the root of the Spin repo. The main culprit as of this writing is watchexec (used by spin-watch) , which transitively depends on versions of gix-* crates with various vulnerabilities. Outside of that, the remaining issues are due to transitive deps with no known vulnerabilities but which are no longer maintained (but might be maintained under a different crate name in some cases).
