Cargo audit flags smallvec, recommends update to >=6.3 #95
Comments
|
Well technically just specifying the version as "0.6" should be enough for Cargo to pick up the latest version, which includes the fix. |
|
Hmm, wonder why cargo audit is flagging it then :-( |
|
I guess it does it because 0.6 can technically resolve to 0.6.1 or so, which is vulnerable. That's a bit overly pedantic though maybe. |
|
Agreed, are you opposed to changing it to 0.6.3? |
|
I will accept a PR for it if anyone wants to write one. |
|
Thanks for the attention, looks like Cargo audit is not flagging this instance and is instead flagging another project. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
error: Vulnerable crates found!
ID: RUSTSEC-2018-0003
Crate: smallvec
Version: 0.2.1
Date: 2018-07-19
URL: servo/rust-smallvec#96
Title: Possible double free during unwinding in SmallVec::insert_many
Solution: upgrade to: >= 0.6.3 OR ^0.3.4 OR ^0.4.5 OR ^0.5.1
parking_lot/core/Cargo.toml
Line 12 in c3ae283
The text was updated successfully, but these errors were encountered: