Continuous integration

ci: Generate attestations using actions/attest-build-provenance #138

Sign in to view logs

GitHub Actions / Security audit succeeded Oct 11, 2024 in 0s

Security advisories found

1 unsound, 1 other

Details

Warnings

RUSTSEC-2023-0086

Multiple soundness issues

Details
Status	unsound
Package	`lexical-core`
Version	`0.8.5`
Date	2023-09-03

RUSTSEC-2024-0377 contains multiple soundness issues:

Bytes::read() allows creating instances of types with invalid bit patterns
BytesIter::read() advances iterators out of bounds
The BytesIter trait has safety invariants but is public and not marked unsafe
write_float() calls MaybeUninit::assume_init() on uninitialized data, which is is not allowed by the Rust abstract machine
radix() calls MaybeUninit::assume_init() on uninitialized data, which is is not allowed by the Rust abstract machine

Version 1.0 fixes these issues, removes the vast majority of unsafe code, and also fixes some correctness issues.

Crate `futures-util` is yanked

No extra details provided.

View more details on GitHub Actions