Merge pull request #52 from nanobowers/macro_density #7
Security advisories found
1 advisory(ies), 2 unmaintained
Details
Vulnerabilities
RUSTSEC-2021-0073
Conversion from
prost_types::TimestamptoSystemTimecan cause an overflow and panic
| Details | |
|---|---|
| Package | prost-types |
| Version | 0.6.1 |
| URL | tokio-rs/prost#438 |
| Date | 2021-07-08 |
| Patched versions | >=0.8.0 |
Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a Timestamp to SystemTime.
It is recommended to upgrade to prost-types v0.8 and switch the usage of From<Timestamp> for SystemTime to TryFrom<Timestamp> for SystemTime.
See #438 for more information.
Warnings
RUSTSEC-2024-0370
proc-macro-error is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | proc-macro-error |
| Version | 1.0.4 |
| URL | https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20 |
| Date | 2024-09-01 |
proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.
proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.
Possible Alternative(s)
RUSTSEC-2024-0320
yaml-rust is unmaintained.
| Details | |
|---|---|
| Status | unmaintained |
| Package | yaml-rust |
| Version | 0.4.5 |
| URL | rustsec/advisory-db#1921 |
| Date | 2024-03-20 |
The maintainer seems unreachable.
Many issues and pull requests have been submitted over the years
without any response.
Alternatives
Consider switching to the actively maintained yaml-rust2 fork of the original project: