Skip to content

cargo audit paste #137

Open
Open
@eslerm

Description

@eslerm

Please be aware that cargo audit will warn if other rust projects vendor Parser since the dependency paste is no longer maintained (RUSTSEC-2024-0436).

[eslerm@ares Parser]$ cargo audit 
    Updating crates.io index
     Locking 120 packages to latest compatible versions
      Adding itertools v0.11.0 (available: v0.14.0)
      Adding lalrpop v0.20.2 (available: v0.22.2)
      Adding lalrpop-util v0.20.2 (available: v0.22.2)
      Adding lexical-parse-float v0.8.5 (available: v1.0.5)
      Adding malachite-bigint v0.2.3 (available: v0.6.1)
      Adding phf v0.11.3 (available: v0.12.1)
      Adding phf_codegen v0.11.3 (available: v0.12.1)
      Adding rand v0.8.5 (available: v0.9.1)
      Adding rustc-hash v1.1.0 (available: v2.1.1)
      Adding unicode_names2 v1.3.0 (available: v2.0.0)
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 787 security advisories (from /home/eslerm/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (126 crate dependencies)
Crate:     paste
Version:   1.0.15
Warning:   unmaintained
Title:     paste - no longer maintained
Date:      2024-10-07
ID:        RUSTSEC-2024-0436
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0436
Dependency tree:
paste 1.0.15
└── malachite-bigint 0.2.3
    ├── rustpython-parser 0.4.0
    ├── rustpython-format 0.4.0
    └── rustpython-ast 0.4.0
        └── rustpython-parser 0.4.0

warning: 1 allowed warning found
[eslerm@ares RustPython]$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 787 security advisories (from /home/eslerm/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (383 crate dependencies)
Crate:     paste
Version:   1.0.15
Warning:   unmaintained
Title:     paste - no longer maintained
Date:      2024-10-07
ID:        RUSTSEC-2024-0436
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0436
Dependency tree:
paste 1.0.15
├── rustpython-vm 0.4.0
│   ├── rustpython_wasm 0.4.0
│   ├── rustpython-stdlib 0.4.0
│   │   ├── rustpython_wasm 0.4.0
│   │   └── rustpython 0.4.0
│   └── rustpython 0.4.0
├── rustpython-stdlib 0.4.0
└── malachite-bigint 0.6.0
    ├── rustpython-vm 0.4.0
    ├── rustpython-stdlib 0.4.0
    ├── rustpython-compiler-core 0.4.0
    │   ├── rustpython-vm 0.4.0
    │   ├── rustpython-pylib 0.4.0
    │   │   ├── rustpython_wasm 0.4.0
    │   │   └── rustpython 0.4.0
    │   ├── rustpython-jit 0.4.0
    │   │   └── rustpython-vm 0.4.0
    │   ├── rustpython-derive-impl 0.4.0
    │   │   └── rustpython-derive 0.4.0
    │   │       ├── rustpython-vm 0.4.0
    │   │       ├── rustpython-stdlib 0.4.0
    │   │       ├── rustpython-pylib 0.4.0
    │   │       └── rustpython-jit 0.4.0
    │   ├── rustpython-compiler 0.4.0
    │   │   ├── rustpython-vm 0.4.0
    │   │   ├── rustpython-derive 0.4.0
    │   │   └── rustpython 0.4.0
    │   └── rustpython-codegen 0.4.0
    │       ├── rustpython-vm 0.4.0
    │       └── rustpython-compiler 0.4.0
    ├── rustpython-common 0.4.0
    │   ├── rustpython_wasm 0.4.0
    │   ├── rustpython-vm 0.4.0
    │   └── rustpython-stdlib 0.4.0
    └── rustpython-codegen 0.4.0

warning: 1 allowed warning found

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions