advisory-db
advisory-db copied to clipboard
rustsec
Security advisory database for Rust crates published through crates.io
_3,232,716 downloads, ~8k a day_ Last release was over three years ago It is using the old version of itoa: https://github.com/rustsec/advisory-db/issues/1404 Ralf was helpful to ping earlier: https://github.com/bcmyers/num-format/issues/29 Maintenance status...
Came across while investigating this: https://github.com/rustsec/advisory-db/issues/1394 https://github.com/paritytech/parity-common/issues/364 Both Github repository and crates.io readme contains a big warning: https://github.com/paritytech/parity-common/tree/master/parity-util-mem https://crates.io/crates/parity-util-mem @dvdplm would it be helpful to put out an `informational =...
The [hpack](https://crates.io/crates/hpack) crate is unmaintained. The author, mlalic, has not responded to issues and PRs (including important bug fix) since its release 7 years ago. I am unable to contact...
While trying to resolve RUSTSEC-2024-0020, we found some conflicting information (https://github.com/ardaku/whoami/issues/97#issuecomment-1978981489): * https://github.com/rustsec/advisory-db/blob/main/CONTRIBUTING.md#optional-steps recommends yanking affected crate versions. * However, https://doc.rust-lang.org/cargo/commands/cargo-yank.html#when-to-yank says to not yank for security issues, and instead...
https://github.com/mengsuenyan/rcrypto/issues/1 https://asan.saethlin.dev/ub?crate=rcrypto&version=0.2.0 Crate has no dependents: https://crates.io/crates/rcrypto/reverse_dependencies Check in after a few months to see if there's any response. Probably needs an unmaintained advisory since it mentions cryptography
The `conrod` crate is explicitly unmaintained. Core functionality was transferred to `conrod_core` and backend functionality split across a number of separate crates such as `conrod_wgpu` around December 2018. The entire...
I think it's probably necessary to admit that loopdev is now unmaintained, see: * https://github.com/mdaffin/loopdev/issues/65 * https://github.com/mdaffin/loopdev/issues/62 There is now a cloned crate available on crates.io[1][2][3], which may succeed the...
`Cargo.lock`: ```toml # This file is automatically @generated by Cargo. # It is not intended for manual editing. version = 3 [[package]] name = "heap-vec" version = "0.1.0" source =...
