-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CWE-820 9.8/10 #4925
Labels
status: upstream
This issue is blocked by upstream dependencies and we need to wait or contribute upstream fixes
type: bug
Comments
Coronon
added
status: needs triage
This issue needs to triage, applied to new issues
type: bug
labels
Aug 13, 2022
We're considering forking winrt-notification to mitigate this. Let's see if the notify-rust maintainer accepts it hoodie/notify-rust#148 |
FabianLars
added
status: upstream
This issue is blocked by upstream dependencies and we need to wait or contribute upstream fixes
and removed
status: needs triage
This issue needs to triage, applied to new issues
labels
Aug 13, 2022
this has been fixed in the last couple of releases of notify-rust |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
status: upstream
This issue is blocked by upstream dependencies and we need to wait or contribute upstream fixes
type: bug
Describe the bug
The upstream crate
winrt-notification
uses the cratewindows
in version0.24.0
.GitHub dependabot alerts everyone that uses Tauri of a critical vulnerability in that windows version:
Delegate functions are missing
Send
boundReproduction
n.a.
Expected behavior
n.a.
Platform and versions
Windows (but GitHub will always report as long as
tauri
is included inCargo.toml
)Stack trace
Additional context
n.a.
The text was updated successfully, but these errors were encountered: