Open
Description
http-types 2.12.0 is the latest version. The default features pull in dependencies with reported vulnerabilities.
Steps to reproduce. The cargo check will create the Cargo.lock that cargo audit uses.
git checkout tags/v2.12.0
cargo check
cargo audit
PS C:\Users\cataggar\io\http-types> cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 421 security advisories (from C:\Users\cataggar\.cargo\advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (135 crate dependencies)
Crate: aes-soft
Version: 0.6.4
Warning: unmaintained
Title: `aes-soft` has been merged into the `aes` crate
Date: 2021-04-29
ID: RUSTSEC-2021-0060
URL: https://rustsec.org/advisories/RUSTSEC-2021-0060
Dependency tree:
aes-soft 0.6.4
└── aes 0.6.0
└── aes-gcm 0.8.0
└── cookie 0.14.4
└── http-types 2.12.0
Crate: aesni
Version: 0.10.0
Warning: unmaintained
Title: `aesni` has been merged into the `aes` crate
Date: 2021-04-29
ID: RUSTSEC-2021-0059
URL: https://rustsec.org/advisories/RUSTSEC-2021-0059
Dependency tree:
aesni 0.10.0
└── aes 0.6.0
└── aes-gcm 0.8.0
└── cookie 0.14.4
└── http-types 2.12.0
Crate: cpuid-bool
Version: 0.2.0
Warning: unmaintained
Title: `cpuid-bool` has been renamed to `cpufeatures`
Date: 2021-05-06
ID: RUSTSEC-2021-0064
URL: https://rustsec.org/advisories/RUSTSEC-2021-0064
Dependency tree:
cpuid-bool 0.2.0
└── polyval 0.4.5
└── ghash 0.3.1
└── aes-gcm 0.8.0
└── cookie 0.14.4
└── http-types 2.12.0
Crate: stdweb
Version: 0.4.20
Warning: unmaintained
Title: stdweb is unmaintained
Date: 2020-05-04
ID: RUSTSEC-2020-0056
URL: https://rustsec.org/advisories/RUSTSEC-2020-0056
Dependency tree:
stdweb 0.4.20
└── time 0.2.27
└── cookie 0.14.4
└── http-types 2.12.0
warning: 4 allowed warnings found
Metadata
Metadata
Assignees
Labels
No labels