| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
shouldn't have much impact on us, but let's be safe.
Crate: remove_dir_all
Version: 0.5.3
Title: Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)
Date: 2023-02-24
ID: RUSTSEC-2023-0018
URL: https://rustsec.org/advisories/RUSTSEC-2023-0018
Solution: Upgrade to >=0.8.0
|
|
|
|
|
|
| |
a few were vulnerable according to cargo-audit, but none of it would've
mattered for us (probably). time is still vulnerable, but that really
doesn't matter.
|
| |
|
|
|
|
|
|
| |
prompted by a cargo audit run. time works just as well and is better
maintained. web-push still uses chrono, but from the looks of things it
won't be affected.
|
|
|
|
|
|
|
|
| |
this is not so much a problem as a possible source of false security for
the readers. all secret keys we handle are serialized in some form, and
those serialization buffers are *not* zeroed out after use. zeroing our
raw buffers doesn't help much in that case, using a zero-on-free
allocator would be much more helpful.
|
|
|