utoipa icon indicating copy to clipboard operation
utoipa copied to clipboard
verified publisher icon juhaku

Package paste contains a vulnerability (unmaintained)

Open kyalha opened this issue 1 year ago • 1 comments

When searching for vulnerabilities within my project using utoipa-axum, we have this vulnerability. Can it be interesting to use a different package ?

Here's the warning:

Scanning Cargo.lock for vulnerabilities (454 crate dependencies) Crate: paste Version: 1.0.15 Warning: unmaintained Title: paste - no longer maintained Date: 2024-10-07 ID: RUSTSEC-2024-0436 URL: https://rustsec.org/advisories/RUSTSEC-2024-0436 Dependency tree: paste 1.0.15 └── utoipa-axum 0.2.0 └── backoffice 0.0.3 error: 1 denied warning found! make: *** [audit] Error 1

kyalha avatar Mar 10 '25 11:03 kyalha

Once https://github.com/rust-lang/rust/issues/124225 hits stable paste can be migrated away, but paste does not have vulnerabilities.

lu-zero avatar Apr 02 '25 12:04 lu-zero