Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CWE-820 9.8/10 #4925

Closed
Coronon opened this issue Aug 13, 2022 · 2 comments
Closed

CWE-820 9.8/10 #4925

Coronon opened this issue Aug 13, 2022 · 2 comments
Labels
status: upstream This issue is blocked by upstream dependencies and we need to wait or contribute upstream fixes type: bug

Comments

@Coronon
Copy link

Coronon commented Aug 13, 2022

Describe the bug

The upstream crate winrt-notification uses the crate windows in version 0.24.0.

GitHub dependabot alerts everyone that uses Tauri of a critical vulnerability in that windows version:

Delegate functions are missing Send bound

Reproduction

n.a.

Expected behavior

n.a.

Platform and versions

Windows (but GitHub will always report as long as tauri is included in Cargo.toml)

Stack trace

n.a.

Additional context

n.a.
@Coronon Coronon added status: needs triage This issue needs to triage, applied to new issues type: bug labels Aug 13, 2022
@lucasfernog
Copy link
Member

We're considering forking winrt-notification to mitigate this. Let's see if the notify-rust maintainer accepts it hoodie/notify-rust#148

@FabianLars FabianLars added status: upstream This issue is blocked by upstream dependencies and we need to wait or contribute upstream fixes and removed status: needs triage This issue needs to triage, applied to new issues labels Aug 13, 2022
@amrbashir
Copy link
Member

amrbashir commented Sep 30, 2022
edited
Loading

this has been fixed in the last couple of releases of notify-rust

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: upstream This issue is blocked by upstream dependencies and we need to wait or contribute upstream fixes type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lucasfernog @FabianLars @Coronon @amrbashir