xml-rpc (which is being pulled in as a transient dependency in my project) currently depends on hyper v0.10 which is outdated:

that version of hyper has several known vulnerabilities (GH reports GHSA-f3pg-qwvg-p99c, GHSA-5h46-h7hh-c6x9 and GHSA-f67m-9j94-qv9j directly on hyper) as well as unmaintained & vulnerable dependencies (GH e.g. reports GHSA-pp8r-vv2j-9j5v, GHSA-h97m-ww89-6jmq and GHSA-wcg3-cvx6-7396). this can be fixed by updating to hyper v1.