rust-xdr icon indicating copy to clipboard operation
rust-xdr copied to clipboard
verified publisher icon jsgf

rust-xdr v0.4.4 has a vulnerability due to sub-dependency regex v0.2.11

Open thakurmi opened this issue 11 months ago • 1 comments

Context rust-xdr v0.4.4 has a dependency env_logger v0.4.3 which in turn has a sub-dependency regex v0.2.11. However, regex v0.2.11 has a high sev vulnerability linked here. We use rust-xdr v0.4.4 in our package and this is creating security issues for our build. We tried updating rust-xdr but it seems like v0.4.4 is the latest version.

Desired Solution Update rust-xdr to use a newer version of env_logger or regex such that regex has a version higher than 1.5.5.

thakurmi avatar Jan 27 '25 14:01 thakurmi

PR #43

anthotse avatar Jan 28 '25 21:01 anthotse