New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release a new rodio version to patch vulnerable package #517

Closed

ameknite opened this issue Oct 17, 2023 · 0 comments · Fixed by #518

ameknite commented Oct 17, 2023

In #504 was fixed but the version in crates.io still contains the vulnerability.

est31 mentioned this issue

Release 0.17.2 #518

Merged

est31 closed this as completed in #518

ameknite mentioned this issue

check for all-features with cargo-deny bevyengine/bevy#10544

Merged

github-merge-queue bot pushed a commit to bevyengine/bevy that referenced this issue


          check for all-features with cargo-deny (#10544)

56d8a0e

# Objective

Fix #9880

## Solution

- Add all-features flag 
- Allow "MPL-2.0" license for the
[Symphonia](https://github.com/pdeljanov/Symphonia) crates
- Update dependencies unmaintained or with vulnerabilities:
RustAudio/rodio#517 ,
LiquidityC/slice_ring_buffer#7

rdrpenguin04 pushed a commit to rdrpenguin04/bevy that referenced this issue


          check for all-features with cargo-deny (bevyengine#10544)

bbe4e91

# Objective

Fix bevyengine#9880

## Solution

- Add all-features flag 
- Allow "MPL-2.0" license for the
[Symphonia](https://github.com/pdeljanov/Symphonia) crates
- Update dependencies unmaintained or with vulnerabilities:
RustAudio/rodio#517 ,
LiquidityC/slice_ring_buffer#7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment