chore: bump sqlparser from 0.44.0 to 0.45.0 (#4408) #3832
GitHub Actions / Security audit
failed
Apr 22, 2024 in 0s
Security advisories found
1 advisory(ies), 1 unmaintained, 1 other
Details
Vulnerabilities
RUSTSEC-2024-0336
rustls::ConnectionCommon::complete_io
could fall into an infinite loop based on network input
Details | |
---|---|
Package | rustls |
Version | 0.20.9 |
URL | GHSA-6g7w-8wpp-frhj |
Date | 2024-04-19 |
Patched versions | >=0.23.5,>=0.22.4, <0.23.0,>=0.21.11, <0.22.0 |
If a close_notify
alert is received during a handshake, complete_io
does not terminate.
Callers which do not call complete_io
are not affected.
rustls-tokio
and rustls-ffi
do not call complete_io
and are not affected.
rustls::Stream
and rustls::StreamOwned
types use
complete_io
and are affected.
Warnings
RUSTSEC-2021-0153
encoding
is unmaintained
Details | |
---|---|
Status | unmaintained |
Package | encoding |
Version | 0.2.33 |
URL | lifthrasiir/rust-encoding#127 |
Date | 2021-12-05 |
Last release was on 2016-08-28. The issue inquiring as to the status of the crate has gone unanswered by the maintainer.
Possible alternatives
Loading