We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cargo audit warns:
cargo audit
error: Vulnerable crates found! ID: RUSTSEC-2019-0011 Crate: memoffset Version: 0.2.1 Date: 2019-07-16 URL: https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490 Title: Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code Solution: upgrade to: >= 0.5.0 error: 1 vulnerability found!
However, this is an indirect dependency:
$ cargo tree -ip memoffset memoffset v0.2.1 └── crossbeam-epoch v0.7.1 ├── crossbeam v0.7.1 │ [dev-dependencies] │ └── hbbft v0.1.1 (/home/andreas/git/hbbft) │ └── hbbft_testing v0.1.0 (/home/andreas/git/hbbft/hbbft_testing) │ [dev-dependencies] │ └── hbbft v0.1.1 (/home/andreas/git/hbbft) (*) ├── crossbeam-deque v0.6.3 │ ├── rayon v1.1.0 │ │ └── reed-solomon-erasure v3.1.1 │ │ └── hbbft v0.1.1 (/home/andreas/git/hbbft) (*) │ └── rayon-core v1.5.0 │ └── rayon v1.1.0 (*) └── crossbeam-deque v0.7.1 └── crossbeam v0.7.1 (*)
Let's disable cargo audit in ci.sh for now, until we can fix this.
ci.sh
Hopefully we won't need to do anything, if crossbeam releases a minor version with the fix: crossbeam-rs/crossbeam#402
The text was updated successfully, but these errors were encountered:
Target
Successfully merging a pull request may close this issue.
cargo auditwarns:However, this is an indirect dependency:
Let's disable
cargo auditinci.shfor now, until we can fix this.Hopefully we won't need to do anything, if crossbeam releases a minor version with the fix: crossbeam-rs/crossbeam#402
The text was updated successfully, but these errors were encountered: