From cdb02feb13b9b299c3b9dc239433306ae1792230 Mon Sep 17 00:00:00 2001 From: Dirk Stolle Date: Wed, 31 Jan 2024 02:18:40 +0100 Subject: [PATCH] Update h2 and zerocopy crates to fix vulnerabilities The following updates are performed: * update h2 to 0.3.24 to fix RUSTSEC-2024-0003 (a resource exhaustion vulnerability that may lead to denial of service), see for more information * update zerocopy to 0.7.32 to fix RUSTSEC-2023-0074 (some Ref methods are unsound), for more information see --- Cargo.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b02f9c7..233ae9f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1706,9 +1706,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.3.22" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d6250322ef6e60f93f9a2162799302cd6f68f79f6e5d85c8c16f14d1d958178" +checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9" dependencies = [ "bytes", "fnv", @@ -5919,18 +5919,18 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.30" +version = "0.7.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "306dca4455518f1f31635ec308b6b3e4eb1b11758cefafc782827d0aa7acb5c7" +checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.7.30" +version = "0.7.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be912bf68235a88fbefd1b73415cb218405958d1655b2ece9035a19920bdf6ba" +checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" dependencies = [ "proc-macro2", "quote",