Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo audit failed #561

Closed
BohuTANG opened this issue Jul 18, 2021 · 0 comments · Fixed by #560
Closed

cargo audit failed #561

BohuTANG opened this issue Jul 18, 2021 · 0 comments · Fixed by #560
Labels
bug

Comments

@BohuTANG
Copy link

Describe the bug

error: 3 vulnerabilities found!
warning: 2 allowed warnings found

bohu@thinkpad:~/github/rustwork/arrow-rs$ git branch
* master
bohu@thinkpad:~/github/rustwork/arrow-rs$ git log -1
commit f873d77bc77847b95921374aa66ba1d38e9cebf8 (HEAD -> master, origin/master, origin/HEAD)

bohu@thinkpad:~/github/rustwork/arrow-rs$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 317 security advisories (from /home/bohu/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (215 crate dependencies)
Crate:         flatbuffers
Version:       0.8.4
Title:         `read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks
Date:          2020-04-11
ID:            RUSTSEC-2020-0009
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0009
Solution:      Upgrade to >=2.0.0
Dependency tree: 
flatbuffers 0.8.4
└── arrow 4.0.0-SNAPSHOT
    ├── parquet 4.0.0-SNAPSHOT
    │   ├── parquet_derive_test 4.0.0-SNAPSHOT
    │   └── parquet_derive 4.0.0-SNAPSHOT
    │       └── parquet_derive_test 4.0.0-SNAPSHOT
    ├── arrow-integration-testing 4.0.0-SNAPSHOT
    └── arrow-flight 4.0.0-SNAPSHOT
        └── arrow-integration-testing 4.0.0-SNAPSHOT

Crate:         prost-types
Version:       0.7.0
Title:         Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic
Date:          2021-07-08
ID:            RUSTSEC-2021-0073
URL:           https://rustsec.org/advisories/RUSTSEC-2021-0073
Solution:      Upgrade to >=0.8.0
Dependency tree: 
prost-types 0.7.0
└── prost-build 0.7.0
    └── tonic-build 0.4.2
        └── arrow-flight 4.0.0-SNAPSHOT
            └── arrow-integration-testing 4.0.0-SNAPSHOT

Crate:         tokio
Version:       1.5.0
Title:         Task dropped in wrong thread when aborting `LocalSet` task
Date:          2021-07-07
ID:            RUSTSEC-2021-0072
URL:           https://rustsec.org/advisories/RUSTSEC-2021-0072
Solution:      Upgrade to >=1.5.1, <1.6.0 OR >=1.6.3, <1.7.0 OR >=1.7.2, <1.8.0 OR >=1.8.1
Dependency tree: 
tokio 1.5.0
├── tower 0.4.6
│   └── tonic 0.4.2
│       ├── arrow-integration-testing 4.0.0-SNAPSHOT
│       └── arrow-flight 4.0.0-SNAPSHOT
│           └── arrow-integration-testing 4.0.0-SNAPSHOT
├── tonic 0.4.2
├── tokio-util 0.6.6
│   ├── tower 0.4.6
│   ├── tonic 0.4.2
│   └── h2 0.3.2
│       ├── tonic 0.4.2
│       └── hyper 0.14.5
│           └── tonic 0.4.2
├── tokio-stream 0.1.5
│   ├── tower 0.4.6
│   └── tonic 0.4.2
├── hyper 0.14.5
├── h2 0.3.2
├── arrow-integration-testing 4.0.0-SNAPSHOT
└── arrow-flight 4.0.0-SNAPSHOT

Crate:         term
Version:       0.5.2
Warning:       unmaintained
Title:         term is looking for a new maintainer
Date:          2018-11-19
ID:            RUSTSEC-2018-0015
URL:           https://rustsec.org/advisories/RUSTSEC-2018-0015
Dependency tree: 
term 0.5.2
└── prettytable-rs 0.8.0
    └── arrow 4.0.0-SNAPSHOT
        ├── parquet 4.0.0-SNAPSHOT
        │   ├── parquet_derive_test 4.0.0-SNAPSHOT
        │   └── parquet_derive 4.0.0-SNAPSHOT
        │       └── parquet_derive_test 4.0.0-SNAPSHOT
        ├── arrow-integration-testing 4.0.0-SNAPSHOT
        └── arrow-flight 4.0.0-SNAPSHOT
            └── arrow-integration-testing 4.0.0-SNAPSHOT

Crate:         crossbeam-epoch
Version:       0.9.3
Warning:       yanked
Dependency tree: 
crossbeam-epoch 0.9.3
└── crossbeam-deque 0.8.0
    ├── rayon-core 1.9.0
    │   └── rayon 1.5.0
    │       └── criterion 0.3.4
    │           ├── parquet 4.0.0-SNAPSHOT
    │           │   ├── parquet_derive_test 4.0.0-SNAPSHOT
    │           │   └── parquet_derive 4.0.0-SNAPSHOT
    │           │       └── parquet_derive_test 4.0.0-SNAPSHOT
    │           └── arrow 4.0.0-SNAPSHOT
    │               ├── parquet 4.0.0-SNAPSHOT
    │               ├── arrow-integration-testing 4.0.0-SNAPSHOT
    │               └── arrow-flight 4.0.0-SNAPSHOT
    │                   └── arrow-integration-testing 4.0.0-SNAPSHOT
    └── rayon 1.5.0

error: 3 vulnerabilities found!
warning: 2 allowed warnings found
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump prost and tonic
1 participant
@BohuTANG