Today I have learned something new:
cd pijul cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 615 security advisories (from /home/mpech/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (429 crate dependencies) Crate: ed25519-dalek Version: 1.0.1 Title: Double Public Key Signing Function Oracle Attack on `ed25519-dalek` Date: 2022-06-11 ID: RUSTSEC-2022-0093 URL: https://rustsec.org/advisories/RUSTSEC-2022-0093 Solution: Upgrade to >=2 Dependency tree: ed25519-dalek 1.0.1 └── libpijul 1.0.0-beta.10 ├── pijul-repository 0.0.1 │ ├── pijul-remote 1.0.0-beta.6 │ │ └── pijul 1.0.0-beta.9 │ ├── pijul-identity 0.0.1 │ │ ├── pijul-remote 1.0.0-beta.6 │ │ └── pijul 1.0.0-beta.9 │ └── pijul 1.0.0-beta.9 ├── pijul-remote 1.0.0-beta.6 ├── pijul-identity 0.0.1 └── pijul 1.0.0-beta.9 Crate: ansi_term Version: 0.12.1 Warning: unmaintained Title: ansi_term is Unmaintained Date: 2021-08-18 ID: RUSTSEC-2021-0139 URL: https://rustsec.org/advisories/RUSTSEC-2021-0139 Dependency tree: ansi_term 0.12.1 └── ptree 0.4.0 └── pijul 1.0.0-beta.9 Crate: memmap Version: 0.7.0 Warning: unmaintained Title: memmap is unmaintained Date: 2020-12-02 ID: RUSTSEC-2020-0077 URL: https://rustsec.org/advisories/RUSTSEC-2020-0077 Dependency tree: memmap 0.7.0 └── sanakirja 1.4.1 ├── pijul-remote 1.0.0-beta.6 │ └── pijul 1.0.0-beta.9 ├── pijul 1.0.0-beta.9 └── libpijul 1.0.0-beta.10 ├── pijul-repository 0.0.1 │ ├── pijul-remote 1.0.0-beta.6 │ ├── pijul-identity 0.0.1 │ │ ├── pijul-remote 1.0.0-beta.6 │ │ └── pijul 1.0.0-beta.9 │ └── pijul 1.0.0-beta.9 ├── pijul-remote 1.0.0-beta.6 ├── pijul-identity 0.0.1 └── pijul 1.0.0-beta.9 Crate: atty Version: 0.2.14 Warning: unsound Title: Potential unaligned read Date: 2021-07-04 ID: RUSTSEC-2021-0145 URL: https://rustsec.org/advisories/RUSTSEC-2021-0145 Dependency tree: atty 0.2.14 ├── ptree 0.4.0 │ └── pijul 1.0.0-beta.9 ├── pijul 1.0.0-beta.9 └── env_logger 0.8.4 ├── quickcheck 1.0.3 │ └── libpijul 1.0.0-beta.10 │ ├── pijul-repository 0.0.1 │ │ ├── pijul-remote 1.0.0-beta.6 │ │ │ └── pijul 1.0.0-beta.9 │ │ ├── pijul-identity 0.0.1 │ │ │ ├── pijul-remote 1.0.0-beta.6 │ │ │ └── pijul 1.0.0-beta.9 │ │ └── pijul 1.0.0-beta.9 │ ├── pijul-remote 1.0.0-beta.6 │ ├── pijul-identity 0.0.1 │ └── pijul 1.0.0-beta.9 ├── pijul 1.0.0-beta.9 └── libpijul 1.0.0-beta.10 error: 1 vulnerability found! warning: 3 allowed warnings found
By default and without cargo update audit founds additional two.
cargo update
Today I have learned something new: