chore: bump sqlparser from 0.44.0 to 0.45.0 (#4408) #3832
GitHub Actions / Security audit
failed
Apr 22, 2024 in 0s
Security advisories found
1 advisory(ies), 1 unmaintained, 1 other
Details
Vulnerabilities
RUSTSEC-2024-0336
rustls::ConnectionCommon::complete_iocould fall into an infinite loop based on network input
| Details | |
|---|---|
| Package | rustls |
| Version | 0.20.9 |
| URL | GHSA-6g7w-8wpp-frhj |
| Date | 2024-04-19 |
| Patched versions | >=0.23.5,>=0.22.4, <0.23.0,>=0.21.11, <0.22.0 |
If a close_notify alert is received during a handshake, complete_io
does not terminate.
Callers which do not call complete_io are not affected.
rustls-tokio and rustls-ffi do not call complete_io
and are not affected.
rustls::Stream and rustls::StreamOwned types use
complete_io and are affected.
Warnings
RUSTSEC-2021-0153
encodingis unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | encoding |
| Version | 0.2.33 |
| URL | lifthrasiir/rust-encoding#127 |
| Date | 2021-12-05 |
Last release was on 2016-08-28. The issue inquiring as to the status of the crate has gone unanswered by the maintainer.
Possible alternatives
Loading