pinkforest(she/her)
pinkforest(she/her)
**Just a wild idea** Would there be an interest of community _"hardened"_ or _"moderated"_ crates.io [registeries] reflector source that essentially filters to cargo automatically by-community-input on crates that are available...
- https://github.com/rustsec/advisory-db/pull/1361 - https://github.com/rustsec/advisory-db/issues/1360 - https://github.com/dalek-cryptography/ed25519-dalek/issues/192 - https://github.com/dalek-cryptography/ed25519-dalek/issues/209 - https://github.com/dalek-cryptography/ed25519-dalek/pull/205
Hi @jedisct1 The crate README.md says there is Formal verification - Re: https://github.com/The-DevX-Initiative/RCIG_Coordination_Repo/blob/main/Awesome_Rust_Cryptography.md I'm sending a PR there - do we have a link to the formal verification report we...
Hi @Matthias247 I just wonder if this crate should be used ? Last release was a year ago and there is few unsound issues I am not sure what the...
**Describe the bug** axum-core here: https://github.com/rustsec/advisory-db/pull/1417#discussion_r967847287 has the below pattern: ``` 0.2.7 (and anything below) is vulnerable 0.2.8 (and anything until 0.3.0.rc.1) is not vulnerable 0.3.0-rc.1 is vulnerable 0.3.0-rc.2 (and...
https://github.com/3Hren/msgpack-rust/issues/305 https://gist.github.com/Lucretiel/5deaf285f06a85056aa76276abf9bd77 @Lucretiel would you mind contributing a PR on `informational = "unsound"` advisory on this ? Do we know what release these Raw deprecations ended up into ?
Release about 3 years ago - 1,132,172 downloads - ~ 600 a day I see a new project today is getting hyper v0.10.16 - [RUSTSEC-2021-0078](https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2021-0078.md) and [RUSTSEC-2021-0079](https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2021-0079.md) affected Interesting issues...
## Background Cargo has new CVEs: https://blog.rust-lang.org/2022/09/14/cargo-cves.html - [CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113) - [GHSA-rfj2-q3h3-hm5j](https://github.com/advisories/GHSA-rfj2-q3h3-hm5j) - [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114) - [GHSA-2hvr-h6gw-qrxp](https://github.com/advisories/GHSA-2hvr-h6gw-qrxp) - https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7 - https://github.com/rust-lang/cargo/commit/d87d57dbbda61754f4fab0f329a7ac520e062c46 There was a fix here: https://github.com/rust-lang/cargo/pull/11088 that targeted beta five days...
Fixes #1405 Mind reviewing this avisory @LovecraftianHorror @RalfJung Would be nice to know if there are maintained fork(s) or alternative implementation(s) around to perhaps list Cheers https://github.com/bcmyers/num-format/issues/21, https://github.com/bcmyers/num-format/issues/27, https://github.com/bcmyers/num-format/issues/29
_3,232,716 downloads, ~8k a day_ Last release was over three years ago It is using the old version of itoa: https://github.com/rustsec/advisory-db/issues/1404 Ralf was helpful to ping earlier: https://github.com/bcmyers/num-format/issues/29 Maintenance status...