chiark - git - ian - mastodonochrome.git/commit

author	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Fri, 2 Feb 2024 15:10:52 +0000 (15:10 +0000)
committer	Simon Tatham <anakin@pobox.com>
	Fri, 2 Feb 2024 20:18:04 +0000 (20:18 +0000)
commit	6df983ec9c4712d5a5db4c3f450c6008673da969
tree	ac191975f166b688af9d301f73f2175b506c2311	tree \| snapshot
parent	538e2ce5d705904e35539b6a04dc085c3f7eb049	commit \| diff

Update h2 in lockfile

Addresses RUSTSEC-2024-0003.  (May not be relevant, but we should
update out of tidiness.)

    $ nailing-cargo -o audit
    nailing-cargo: out-of-tree, git, building in: `/home/ian/Rustup/Mastodonochrome/Build/mastodonochrome'
    nailing-cargo: using really to run as user `rustcargo'
    nailing-cargo: *WARNING* cwd is not in Cargo.nail thbough it has Cargo.toml!
    nailing-cargo: nailed (0 manifests, 0 packages)
    nailing-cargo: invoking: cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
  Loaded 595 security advisories (from /home/rustcargo/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (257 crate dependencies)
    Crate:     h2
    Version:   0.3.22
    Title:     Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
    Date:      2024-01-17
    ID:        RUSTSEC-2024-0003
    URL:       https://rustsec.org/advisories/RUSTSEC-2024-0003
    Solution:  Upgrade to ^0.3.24 OR >=0.4.2
    Dependency tree:
    h2 0.3.22
    ├── reqwest 0.11.23
    │   └── mastodonochrome 0.1.0
    └── hyper 0.14.28
├── reqwest 0.11.23
└── hyper-tls 0.5.0
    └── reqwest 0.11.23

    error: 1 vulnerability found!