weggli icon indicating copy to clipboard operation
weggli copied to clipboard

Published 20 hours ago verified publisher icon googleprojectzero

Update vulnerable dependencies

Open MatthewGentoo opened this issue 2 years ago • 1 comments

Update dependencies identified by cargo-audit as potentially vulnerable.

I don't think any of these impact weggli in any meaningful way, but I think it's nice to keep tools like cargo-audit happy so that if a genuine vulnerability shows up, it won't be hidden behind the noise of other irrelevant packages.

I've tested these updates by running the unit tests and then by running weggli itself - I haven't tested the Python bindings.

chrono: https://rustsec.org/advisories/RUSTSEC-2020-0159 nix: https://rustsec.org/advisories/RUSTSEC-2021-0119 regex: https://rustsec.org/advisories/RUSTSEC-2022-0013 time: https://rustsec.org/advisories/RUSTSEC-2020-0071

MatthewGentoo avatar Aug 12 '22 18:08 MatthewGentoo

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

google-cla[bot] avatar Aug 12 '22 18:08 google-cla[bot]

Superseded by #67

ZetaTwo avatar Sep 23 '22 11:09 ZetaTwo

Thanks for the PR @MatthewGentoo and sorry for not merging it earlier. I'll close this now as #67 already updated the vulnerable deps.

felixwilhelm avatar Sep 23 '22 13:09 felixwilhelm