syncstorage-rs icon indicating copy to clipboard operation
syncstorage-rs copied to clipboard
verified publisher icon mozilla-services

Resolve Cargo Audit Rust Vulns

Open data-sync-user opened this issue 3 months ago • 0 comments

There are a handful of security vulnerabilities reporting from cargo audit and they should be resolved.

Audit logs below:

Crate:     ansi_term
Version:   0.12.1
Warning:   unmaintained
Title:     ansi_term is Unmaintained
Date:      2021-08-18
ID:        RUSTSEC-2021-0139
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0139
Dependency tree:
ansi_term 0.12.1
└── clap 2.34.0
    └── bindgen 0.59.2
        └── grpcio-sys 0.13.0+1.56.2-patched
            └── grpcio 0.13.0
                ├── syncstorage-spanner 0.20.1
                │   └── syncstorage-db 0.20.1
                │       └── syncserver 0.20.1
                └── google-cloud-rust-raw 0.16.1
                    └── syncstorage-spanner 0.20.1

Crate:     atty
Version:   0.2.14
Warning:   unmaintained
Title:     `atty` is unmaintained
Date:      2024-09-25
ID:        RUSTSEC-2024-0375
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0375
Dependency tree:
atty 0.2.14
├── env_logger 0.9.3
│   └── bindgen 0.59.2
│       └── grpcio-sys 0.13.0+1.56.2-patched
│           └── grpcio 0.13.0
│               ├── syncstorage-spanner 0.20.1
│               │   └── syncstorage-db 0.20.1
│               │       └── syncserver 0.20.1
│               └── google-cloud-rust-raw 0.16.1
│                   └── syncstorage-spanner 0.20.1
└── clap 2.34.0
    └── bindgen 0.59.2

Crate:     yaml-rust
Version:   0.4.5
Warning:   unmaintained
Title:     yaml-rust is unmaintained.
Date:      2024-03-20
ID:        RUSTSEC-2024-0320
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0320
Dependency tree:
yaml-rust 0.4.5
└── config 0.11.0
    └── syncserver-settings 0.20.1
        ├── tokenserver-db 0.20.1
        │   └── syncserver 0.20.1
        ├── syncstorage-mysql 0.20.1
        │   └── syncstorage-db 0.20.1
        │       └── syncserver 0.20.1
        ├── syncstorage-db 0.20.1
        └── syncserver 0.20.1

Crate:     atty
Version:   0.2.14
Warning:   unsound
Title:     Potential unaligned read
Date:      2021-07-04
ID:        RUSTSEC-2021-0145
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0145

Crate:     lexical-core
Version:   0.7.6
Warning:   unsound
Title:     Multiple soundness issues
Date:      2023-09-03
ID:        RUSTSEC-2023-0086
URL:       https://rustsec.org/advisories/RUSTSEC-2023-0086
Dependency tree:
lexical-core 0.7.6
└── nom 5.1.3
    └── config 0.11.0
        └── syncserver-settings 0.20.1
            ├── tokenserver-db 0.20.1
            │   └── syncserver 0.20.1
            ├── syncstorage-mysql 0.20.1
            │   └── syncstorage-db 0.20.1
            │       └── syncserver 0.20.1
            ├── syncstorage-db 0.20.1
            └── syncserver 0.20.1

warning: 5 warnings found

┆Issue is synchronized with this Jira Task

data-sync-user avatar Sep 03 '25 15:09 data-sync-user