From: Ian Jackson Date: Fri, 2 Feb 2024 15:10:52 +0000 (+0000) Subject: Update h2 in lockfile X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;h=6df983ec9c4712d5a5db4c3f450c6008673da969;p=mastodonochrome.git Update h2 in lockfile Addresses RUSTSEC-2024-0003. (May not be relevant, but we should update out of tidiness.) $ nailing-cargo -o audit nailing-cargo: out-of-tree, git, building in: `/home/ian/Rustup/Mastodonochrome/Build/mastodonochrome' nailing-cargo: using really to run as user `rustcargo' nailing-cargo: *WARNING* cwd is not in Cargo.nail thbough it has Cargo.toml! nailing-cargo: nailed (0 manifests, 0 packages) nailing-cargo: invoking: cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 595 security advisories (from /home/rustcargo/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (257 crate dependencies) Crate: h2 Version: 0.3.22 Title: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) Date: 2024-01-17 ID: RUSTSEC-2024-0003 URL: https://rustsec.org/advisories/RUSTSEC-2024-0003 Solution: Upgrade to ^0.3.24 OR >=0.4.2 Dependency tree: h2 0.3.22 ├── reqwest 0.11.23 │ └── mastodonochrome 0.1.0 └── hyper 0.14.28 ├── reqwest 0.11.23 └── hyper-tls 0.5.0 └── reqwest 0.11.23 error: 1 vulnerability found! --- diff --git a/Cargo.lock b/Cargo.lock index 1ee939b..e3714b1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -635,9 +635,9 @@ checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" [[package]] name = "h2" -version = "0.3.22" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d6250322ef6e60f93f9a2162799302cd6f68f79f6e5d85c8c16f14d1d958178" +checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9" dependencies = [ "bytes", "fnv",