rust-ftp
rust-ftp copied to clipboard
Published
20 hours ago •
mattnenterprise
mattnenterprise
Upgrade `regex` package versions to `>=1.5.5` (security vulnerabilities)
Im not sure if that is the right place but when I run cargo audit on the duckscript repo I get this error:
https://github.com/sagiegurari/duckscript
$ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 416 security advisories (from /Users/john/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (124 crate dependencies)
Crate: regex
Version: 0.1.80
Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date: 2022-03-08
ID: RUSTSEC-2022-0013
URL: https://rustsec.org/advisories/RUSTSEC-2022-0013
Solution: Upgrade to >=1.5.5
Dependency tree:
regex 0.1.80
└── ftp 3.0.1
└── duckscriptsdk 0.8.12
└── duckscript_cli 0.8.12
Crate: thread_local
Version: 0.2.7
Title: Data race in `Iter` and `IterMut`
Date: 2022-01-23
ID: RUSTSEC-2022-0006
URL: https://rustsec.org/advisories/RUSTSEC-2022-0006
Solution: Upgrade to >=1.1.4
Dependency tree:
thread_local 0.2.7
└── regex 0.1.80
└── ftp 3.0.1
└── duckscriptsdk 0.8.12
└── duckscript_cli 0.8.12
error: 2 vulnerabilities found!
So I'm not sure if that's the rust-ftp that has an old regex version or duckscript if its duckscript I will move my issue there.
