Test #2814
Security advisories found
1 unmaintained, 1 unsound
Details
Warnings
RUSTSEC-2021-0139
ansi_term is Unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | ansi_term |
| Version | 0.12.1 |
| URL | ogham/rust-ansi-term#72 |
| Date | 2021-08-18 |
The maintainer has advised that this crate is deprecated and will not receive any maintenance.
The crate does not seem to have much dependencies and may or may not be ok to use as-is.
Last release seems to have been three years ago.
Possible Alternative(s)
The below list has not been vetted in any way and may or may not contain alternatives;
Dependency Specific Migration(s)
RUSTSEC-2023-0033
Parsing borsh messages with ZST which are not-copy/clone is unsound
| Details | |
|---|---|
| Status | unsound |
| Package | borsh |
| Version | 0.10.3 |
| URL | near/borsh-rs#19 |
| Date | 2023-04-12 |
Affected versions of borsh cause undefined behavior when zero-sized-types (ZST)
are parsed and the Copy/Clone traits are not implemented/derived.
For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy
(this can be achieved through a singleton), then accessing/writing to deserialized
data will cause a segmentation fault.
There is currently no way for borsh to read data without also providing a Rust type.
Therefore, if not ZST are used for serialization, then you are not affected by this issue.