simon-git: mastodonochrome (main): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Fri Feb 2 20:18:15 GMT 2024
TL;DR:
6df983e Update h2 in lockfile
Repository: https://git.tartarus.org/simon/mastodonochrome.git
On the web: https://git.tartarus.org/?p=simon/mastodonochrome.git
Branch updated: main
Committer: Simon Tatham <anakin at pobox.com>
Date: 2024-02-02 20:18:15
commit 6df983ec9c4712d5a5db4c3f450c6008673da969
web diff https://git.tartarus.org/?p=simon/mastodonochrome.git;a=commitdiff;h=6df983ec9c4712d5a5db4c3f450c6008673da969;hp=538e2ce5d705904e35539b6a04dc085c3f7eb049
Author: Ian Jackson <ijackson at chiark.greenend.org.uk>
Date: Fri Feb 2 15:10:52 2024 +0000
Update h2 in lockfile
Addresses RUSTSEC-2024-0003. (May not be relevant, but we should
update out of tidiness.)
$ nailing-cargo -o audit
nailing-cargo: out-of-tree, git, building in: `/home/ian/Rustup/Mastodonochrome/Build/mastodonochrome'
nailing-cargo: using really to run as user `rustcargo'
nailing-cargo: *WARNING* cwd is not in Cargo.nail thbough it has Cargo.toml!
nailing-cargo: nailed (0 manifests, 0 packages)
nailing-cargo: invoking: cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 595 security advisories (from /home/rustcargo/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (257 crate dependencies)
Crate: h2
Version: 0.3.22
Title: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Date: 2024-01-17
ID: RUSTSEC-2024-0003
URL: https://rustsec.org/advisories/RUSTSEC-2024-0003
Solution: Upgrade to ^0.3.24 OR >=0.4.2
Dependency tree:
h2 0.3.22
├── reqwest 0.11.23
│ └── mastodonochrome 0.1.0
└── hyper 0.14.28
├── reqwest 0.11.23
└── hyper-tls 0.5.0
└── reqwest 0.11.23
error: 1 vulnerability found!
Cargo.lock | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
More information about the tartarus-commits
mailing list