cargo audit alert for smallvec 1.6.0 #274
Comments
|
1.6.1 is semvee compatible with 1.6.0, so you only need to do |
|
Thanks, I tried but it did not work out. FYI, I am using cargo vendor. |
|
I came across this as well. Here are the relevant links:
Would it be acceptable to have a PR with |
|
Sure. |
Merged
|
Awesome :) I took the initiative and submitted it 👍 |
FintanH
added a commit
to radicle-dev/radicle-link
that referenced
this issue
Jan 27, 2021
We force the smallvec dependency to be 1.6.1 due to the vulnerability outlined in the issue here Amanieu/parking_lot#274. We depend on governor which in turn depends on parking_lot. Signed-off-by: Fintan Halpenny <[email protected]>
FintanH
added a commit
to radicle-dev/radicle-link
that referenced
this issue
Jan 28, 2021
We force the smallvec dependency to be >=1.6.1 due to the vulnerability outlined in the issue here Amanieu/parking_lot#274. We depend on governor which in turn depends on parking_lot. Also updating the field db-url to db-urls, and outputting the version of cargo deny for inspection sake. Signed-off-by: Fintan Halpenny <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, would you please check cargo audit. I receive a message regarding one of parking_lot_core deps. and it would be nice to put the cargo audit in your build pipeline.
The text was updated successfully, but these errors were encountered: