Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2022-0048: xml-rs is Unmaintained #226

Closed
github-actions bot opened this issue Aug 15, 2022 · 0 comments · Fixed by #229
Closed

RUSTSEC-2022-0048: xml-rs is Unmaintained #226

github-actions bot opened this issue Aug 15, 2022 · 0 comments · Fixed by #229
Assignees
@ilslv
Labels
k::dependencies Pull requests that update a dependency file rust Pull requests that update Rust code
Milestone
0.14.1

Comments

@github-actions
Copy link

xml-rs is Unmaintained

Details
Status unmaintained
Package xml-rs
Version 0.8.4
URL https://github.com/netvl/xml-rs/issues
Date 2022-01-26

xml-rs is a XML parser has open issues around parsing including integer
overflows / panics that may or may not be an issue with untrusted data.

Together with these open issues with Unmaintained status xml-rs
may or may not be suited to parse untrusted data.

Alternatives

See advisory page for additional details.
@tyranron tyranron added k::dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Aug 15, 2022
@tyranron tyranron added this to the 0.14.0 milestone Aug 15, 2022
@tyranron tyranron modified the milestones: 0.14.0, 0.14.1 Sep 8, 2022
@tyranron tyranron mentioned this issue Sep 9, 2022
Merged
@tyranron tyranron linked a pull request Sep 12, 2022 that will close this issue
Update junit-report requirement from 0.7 to 0.8 #229
Merged
tyranron pushed a commit that referenced this issue Sep 12, 2022
@dependabot @ilslv
Upgrade junit-report crate to 0.8 version (#229, #226)
18c2f31 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: ilslv <ilya.solovyiov@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ilslv ilslv

Labels
k::dependencies Pull requests that update a dependency file rust Pull requests that update Rust code
Projects
None yet
Milestone
0.14.1
Development

Successfully merging a pull request may close this issue.

Update junit-report requirement from 0.7 to 0.8 cucumber-rs/cucumber
2 participants
@tyranron @ilslv