chore(deps): bump async-trait from 0.1.88 to 0.1.89 #555
GitHub Actions / Security audit
failed
Aug 19, 2025 in 1s
Security advisories found
1 advisories, 1 unmaintained, 2 other
Details
Vulnerabilities
RUSTSEC-2025-0047
Out-of-bounds access in
get_disjoint_mutdue to incorrect bounds check
| Details | |
|---|---|
| Package | slab |
| Version | 0.4.10 |
| URL | GHSA-qx2v-8332-m4fv |
| Date | 2025-08-12 |
| Patched versions | >=0.4.11 |
| Unaffected versions | <0.4.10 |
Impact
The get_disjoint_mut method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.
Patches
This has been fixed in slab v0.4.11.
Workarounds
Avoid using get_disjoint_mut with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.
References
Warnings
RUSTSEC-2024-0388
derivativeis unmaintained; consider using an alternative
| Details | |
|---|---|
| Status | unmaintained |
| Package | derivative |
| Version | 2.2.0 |
| URL | mcarton/rust-derivative#117 |
| Date | 2024-06-26 |
The derivative crate is no longer maintained.
Consider using any alternative, for instance:
Crate slab is yanked
No extra details provided.
Crate zerovec is yanked
No extra details provided.
Loading