cargo audit failed #561
Description
Describe the bug
error: 3 vulnerabilities found!
warning: 2 allowed warnings found
bohu@thinkpad:~/github/rustwork/arrow-rs$ git branch
* master
bohu@thinkpad:~/github/rustwork/arrow-rs$ git log -1
commit f873d77bc77847b95921374aa66ba1d38e9cebf8 (HEAD -> master, origin/master, origin/HEAD)
bohu@thinkpad:~/github/rustwork/arrow-rs$ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 317 security advisories (from /home/bohu/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (215 crate dependencies)
Crate: flatbuffers
Version: 0.8.4
Title: `read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks
Date: 2020-04-11
ID: RUSTSEC-2020-0009
URL: https://rustsec.org/advisories/RUSTSEC-2020-0009
Solution: Upgrade to >=2.0.0
Dependency tree:
flatbuffers 0.8.4
└── arrow 4.0.0-SNAPSHOT
├── parquet 4.0.0-SNAPSHOT
│ ├── parquet_derive_test 4.0.0-SNAPSHOT
│ └── parquet_derive 4.0.0-SNAPSHOT
│ └── parquet_derive_test 4.0.0-SNAPSHOT
├── arrow-integration-testing 4.0.0-SNAPSHOT
└── arrow-flight 4.0.0-SNAPSHOT
└── arrow-integration-testing 4.0.0-SNAPSHOT
Crate: prost-types
Version: 0.7.0
Title: Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic
Date: 2021-07-08
ID: RUSTSEC-2021-0073
URL: https://rustsec.org/advisories/RUSTSEC-2021-0073
Solution: Upgrade to >=0.8.0
Dependency tree:
prost-types 0.7.0
└── prost-build 0.7.0
└── tonic-build 0.4.2
└── arrow-flight 4.0.0-SNAPSHOT
└── arrow-integration-testing 4.0.0-SNAPSHOT
Crate: tokio
Version: 1.5.0
Title: Task dropped in wrong thread when aborting `LocalSet` task
Date: 2021-07-07
ID: RUSTSEC-2021-0072
URL: https://rustsec.org/advisories/RUSTSEC-2021-0072
Solution: Upgrade to >=1.5.1, <1.6.0 OR >=1.6.3, <1.7.0 OR >=1.7.2, <1.8.0 OR >=1.8.1
Dependency tree:
tokio 1.5.0
├── tower 0.4.6
│ └── tonic 0.4.2
│ ├── arrow-integration-testing 4.0.0-SNAPSHOT
│ └── arrow-flight 4.0.0-SNAPSHOT
│ └── arrow-integration-testing 4.0.0-SNAPSHOT
├── tonic 0.4.2
├── tokio-util 0.6.6
│ ├── tower 0.4.6
│ ├── tonic 0.4.2
│ └── h2 0.3.2
│ ├── tonic 0.4.2
│ └── hyper 0.14.5
│ └── tonic 0.4.2
├── tokio-stream 0.1.5
│ ├── tower 0.4.6
│ └── tonic 0.4.2
├── hyper 0.14.5
├── h2 0.3.2
├── arrow-integration-testing 4.0.0-SNAPSHOT
└── arrow-flight 4.0.0-SNAPSHOT
Crate: term
Version: 0.5.2
Warning: unmaintained
Title: term is looking for a new maintainer
Date: 2018-11-19
ID: RUSTSEC-2018-0015
URL: https://rustsec.org/advisories/RUSTSEC-2018-0015
Dependency tree:
term 0.5.2
└── prettytable-rs 0.8.0
└── arrow 4.0.0-SNAPSHOT
├── parquet 4.0.0-SNAPSHOT
│ ├── parquet_derive_test 4.0.0-SNAPSHOT
│ └── parquet_derive 4.0.0-SNAPSHOT
│ └── parquet_derive_test 4.0.0-SNAPSHOT
├── arrow-integration-testing 4.0.0-SNAPSHOT
└── arrow-flight 4.0.0-SNAPSHOT
└── arrow-integration-testing 4.0.0-SNAPSHOT
Crate: crossbeam-epoch
Version: 0.9.3
Warning: yanked
Dependency tree:
crossbeam-epoch 0.9.3
└── crossbeam-deque 0.8.0
├── rayon-core 1.9.0
│ └── rayon 1.5.0
│ └── criterion 0.3.4
│ ├── parquet 4.0.0-SNAPSHOT
│ │ ├── parquet_derive_test 4.0.0-SNAPSHOT
│ │ └── parquet_derive 4.0.0-SNAPSHOT
│ │ └── parquet_derive_test 4.0.0-SNAPSHOT
│ └── arrow 4.0.0-SNAPSHOT
│ ├── parquet 4.0.0-SNAPSHOT
│ ├── arrow-integration-testing 4.0.0-SNAPSHOT
│ └── arrow-flight 4.0.0-SNAPSHOT
│ └── arrow-integration-testing 4.0.0-SNAPSHOT
└── rayon 1.5.0
error: 3 vulnerabilities found!
warning: 2 allowed warnings found