You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@arrow.apache.org by GitBox <gi...@apache.org> on 2021/07/18 02:28:37 UTC
[GitHub] [arrow-rs] BohuTANG opened a new issue #561: cargo audit failed
BohuTANG opened a new issue #561:
URL: https://github.com/apache/arrow-rs/issues/561
**Describe the bug**
**error: 3 vulnerabilities found!
warning: 2 allowed warnings found**
```
bohu@thinkpad:~/github/rustwork/arrow-rs$ git branch
* master
bohu@thinkpad:~/github/rustwork/arrow-rs$ git log -1
commit f873d77bc77847b95921374aa66ba1d38e9cebf8 (HEAD -> master, origin/master, origin/HEAD)
bohu@thinkpad:~/github/rustwork/arrow-rs$ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 317 security advisories (from /home/bohu/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (215 crate dependencies)
Crate: flatbuffers
Version: 0.8.4
Title: `read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks
Date: 2020-04-11
ID: RUSTSEC-2020-0009
URL: https://rustsec.org/advisories/RUSTSEC-2020-0009
Solution: Upgrade to >=2.0.0
Dependency tree:
flatbuffers 0.8.4
└── arrow 4.0.0-SNAPSHOT
├── parquet 4.0.0-SNAPSHOT
│ ├── parquet_derive_test 4.0.0-SNAPSHOT
│ └── parquet_derive 4.0.0-SNAPSHOT
│ └── parquet_derive_test 4.0.0-SNAPSHOT
├── arrow-integration-testing 4.0.0-SNAPSHOT
└── arrow-flight 4.0.0-SNAPSHOT
└── arrow-integration-testing 4.0.0-SNAPSHOT
Crate: prost-types
Version: 0.7.0
Title: Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic
Date: 2021-07-08
ID: RUSTSEC-2021-0073
URL: https://rustsec.org/advisories/RUSTSEC-2021-0073
Solution: Upgrade to >=0.8.0
Dependency tree:
prost-types 0.7.0
└── prost-build 0.7.0
└── tonic-build 0.4.2
└── arrow-flight 4.0.0-SNAPSHOT
└── arrow-integration-testing 4.0.0-SNAPSHOT
Crate: tokio
Version: 1.5.0
Title: Task dropped in wrong thread when aborting `LocalSet` task
Date: 2021-07-07
ID: RUSTSEC-2021-0072
URL: https://rustsec.org/advisories/RUSTSEC-2021-0072
Solution: Upgrade to >=1.5.1, <1.6.0 OR >=1.6.3, <1.7.0 OR >=1.7.2, <1.8.0 OR >=1.8.1
Dependency tree:
tokio 1.5.0
├── tower 0.4.6
│ └── tonic 0.4.2
│ ├── arrow-integration-testing 4.0.0-SNAPSHOT
│ └── arrow-flight 4.0.0-SNAPSHOT
│ └── arrow-integration-testing 4.0.0-SNAPSHOT
├── tonic 0.4.2
├── tokio-util 0.6.6
│ ├── tower 0.4.6
│ ├── tonic 0.4.2
│ └── h2 0.3.2
│ ├── tonic 0.4.2
│ └── hyper 0.14.5
│ └── tonic 0.4.2
├── tokio-stream 0.1.5
│ ├── tower 0.4.6
│ └── tonic 0.4.2
├── hyper 0.14.5
├── h2 0.3.2
├── arrow-integration-testing 4.0.0-SNAPSHOT
└── arrow-flight 4.0.0-SNAPSHOT
Crate: term
Version: 0.5.2
Warning: unmaintained
Title: term is looking for a new maintainer
Date: 2018-11-19
ID: RUSTSEC-2018-0015
URL: https://rustsec.org/advisories/RUSTSEC-2018-0015
Dependency tree:
term 0.5.2
└── prettytable-rs 0.8.0
└── arrow 4.0.0-SNAPSHOT
├── parquet 4.0.0-SNAPSHOT
│ ├── parquet_derive_test 4.0.0-SNAPSHOT
│ └── parquet_derive 4.0.0-SNAPSHOT
│ └── parquet_derive_test 4.0.0-SNAPSHOT
├── arrow-integration-testing 4.0.0-SNAPSHOT
└── arrow-flight 4.0.0-SNAPSHOT
└── arrow-integration-testing 4.0.0-SNAPSHOT
Crate: crossbeam-epoch
Version: 0.9.3
Warning: yanked
Dependency tree:
crossbeam-epoch 0.9.3
└── crossbeam-deque 0.8.0
├── rayon-core 1.9.0
│ └── rayon 1.5.0
│ └── criterion 0.3.4
│ ├── parquet 4.0.0-SNAPSHOT
│ │ ├── parquet_derive_test 4.0.0-SNAPSHOT
│ │ └── parquet_derive 4.0.0-SNAPSHOT
│ │ └── parquet_derive_test 4.0.0-SNAPSHOT
│ └── arrow 4.0.0-SNAPSHOT
│ ├── parquet 4.0.0-SNAPSHOT
│ ├── arrow-integration-testing 4.0.0-SNAPSHOT
│ └── arrow-flight 4.0.0-SNAPSHOT
│ └── arrow-integration-testing 4.0.0-SNAPSHOT
└── rayon 1.5.0
error: 3 vulnerabilities found!
warning: 2 allowed warnings found
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow-rs] alamb closed issue #561: cargo audit failed
Posted by GitBox <gi...@apache.org>.
alamb closed issue #561:
URL: https://github.com/apache/arrow-rs/issues/561
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow-rs] alamb closed issue #561: cargo audit failed
Posted by GitBox <gi...@apache.org>.
alamb closed issue #561:
URL: https://github.com/apache/arrow-rs/issues/561
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow-rs] alamb closed issue #561: cargo audit failed
Posted by GitBox <gi...@apache.org>.
alamb closed issue #561:
URL: https://github.com/apache/arrow-rs/issues/561
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org