-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
smallvec/parking_lot vulnerability #60
Comments
Thanks for filing the issue! I think we can bump the transitive dependency manually, I'll investigate. |
Awesome! Thanks for looking into it :) |
The above PR should straighten out the deps such that a non-vulnerable version of smallvec gets used. If you have the time @FintanH, could you test with a git dependency? Otherwise, I'll time out and release v0.3.2 on the weekend. |
Looks good on our side :) |
Released! Thanks for checking! |
Hey 👋
There was a vulnerability in
smallvec
:insert_many()
servo/rust-smallvec#252I came across this while using
cargo deny
on our projectradicle-link
and there was a transitive dep fromgovernor
toparking_lot
.I created a pull-request for the
parking_lot
repo Amanieu/parking_lot#276 and I wanted to track an issue here for updating this project with the fixed version too.Hope that works for you, and let me know if I can do anything to help ✌️
The text was updated successfully, but these errors were encountered: