Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update all patchlevel dependencies #959

Merged
merged 1 commit into from
Oct 25, 2024

chore(deps): update all patchlevel dependencies

ea962cf
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Merged

chore(deps): update all patchlevel dependencies #959

chore(deps): update all patchlevel dependencies
ea962cf
Select commit
Loading
Failed to load commit list.
GitHub Actions / Security audit succeeded Oct 25, 2024 in 0s

Security advisories found

1 unsound

Details

Warnings

RUSTSEC-2023-0086

Multiple soundness issues

Details
Status unsound
Package lexical-core
Version 0.8.5
Date 2023-09-03

RUSTSEC-2024-0377 contains multiple soundness issues:

  1. Bytes::read() allows creating instances of types with invalid bit patterns
  2. BytesIter::read() advances iterators out of bounds
  3. The BytesIter trait has safety invariants but is public and not marked unsafe
  4. write_float() calls MaybeUninit::assume_init() on uninitialized data, which is is not allowed by the Rust abstract machine
  5. radix() calls MaybeUninit::assume_init() on uninitialized data, which is is not allowed by the Rust abstract machine

Version 1.0 fixes these issues, removes the vast majority of unsafe code, and also fixes some correctness issues.

View more details on GitHub Actions