Open
Description
Please be aware that cargo audit
will warn if other rust projects vendor Parser since the dependency paste is no longer maintained (RUSTSEC-2024-0436).
[eslerm@ares Parser]$ cargo audit
Updating crates.io index
Locking 120 packages to latest compatible versions
Adding itertools v0.11.0 (available: v0.14.0)
Adding lalrpop v0.20.2 (available: v0.22.2)
Adding lalrpop-util v0.20.2 (available: v0.22.2)
Adding lexical-parse-float v0.8.5 (available: v1.0.5)
Adding malachite-bigint v0.2.3 (available: v0.6.1)
Adding phf v0.11.3 (available: v0.12.1)
Adding phf_codegen v0.11.3 (available: v0.12.1)
Adding rand v0.8.5 (available: v0.9.1)
Adding rustc-hash v1.1.0 (available: v2.1.1)
Adding unicode_names2 v1.3.0 (available: v2.0.0)
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 787 security advisories (from /home/eslerm/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (126 crate dependencies)
Crate: paste
Version: 1.0.15
Warning: unmaintained
Title: paste - no longer maintained
Date: 2024-10-07
ID: RUSTSEC-2024-0436
URL: https://rustsec.org/advisories/RUSTSEC-2024-0436
Dependency tree:
paste 1.0.15
└── malachite-bigint 0.2.3
├── rustpython-parser 0.4.0
├── rustpython-format 0.4.0
└── rustpython-ast 0.4.0
└── rustpython-parser 0.4.0
warning: 1 allowed warning found
[eslerm@ares RustPython]$ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 787 security advisories (from /home/eslerm/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (383 crate dependencies)
Crate: paste
Version: 1.0.15
Warning: unmaintained
Title: paste - no longer maintained
Date: 2024-10-07
ID: RUSTSEC-2024-0436
URL: https://rustsec.org/advisories/RUSTSEC-2024-0436
Dependency tree:
paste 1.0.15
├── rustpython-vm 0.4.0
│ ├── rustpython_wasm 0.4.0
│ ├── rustpython-stdlib 0.4.0
│ │ ├── rustpython_wasm 0.4.0
│ │ └── rustpython 0.4.0
│ └── rustpython 0.4.0
├── rustpython-stdlib 0.4.0
└── malachite-bigint 0.6.0
├── rustpython-vm 0.4.0
├── rustpython-stdlib 0.4.0
├── rustpython-compiler-core 0.4.0
│ ├── rustpython-vm 0.4.0
│ ├── rustpython-pylib 0.4.0
│ │ ├── rustpython_wasm 0.4.0
│ │ └── rustpython 0.4.0
│ ├── rustpython-jit 0.4.0
│ │ └── rustpython-vm 0.4.0
│ ├── rustpython-derive-impl 0.4.0
│ │ └── rustpython-derive 0.4.0
│ │ ├── rustpython-vm 0.4.0
│ │ ├── rustpython-stdlib 0.4.0
│ │ ├── rustpython-pylib 0.4.0
│ │ └── rustpython-jit 0.4.0
│ ├── rustpython-compiler 0.4.0
│ │ ├── rustpython-vm 0.4.0
│ │ ├── rustpython-derive 0.4.0
│ │ └── rustpython 0.4.0
│ └── rustpython-codegen 0.4.0
│ ├── rustpython-vm 0.4.0
│ └── rustpython-compiler 0.4.0
├── rustpython-common 0.4.0
│ ├── rustpython_wasm 0.4.0
│ ├── rustpython-vm 0.4.0
│ └── rustpython-stdlib 0.4.0
└── rustpython-codegen 0.4.0
warning: 1 allowed warning found
Metadata
Metadata
Assignees
Labels
No labels