Hey, I'm conducting the security audit from the security team perspective and I'm a bit concerned with the results of one the tools: 'osv-scanner'. It is showing a few security issues with a few of the vendored codes. I understand the vendored code could be a pain, but I wonder if there is anything we could do with regards to this report (as in: is it possible to update the crates to a newer version?). and, do you think it is feasible and sustainable to maintain those crates on top of the security issues in the future? I'm afraid we can lose track of those and end up with unnoticed security issues.
the osv-scanner report for rust-hwlib-0.9.0~ppa3: https://pastebin.canonical.com/p/VSFYMYTyNF/ how to run: $ sudo snap install osv-scanner $ osv-scanner scan --verbosity warn -r --format table . -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072561 Title: [MIR] rust-hwlib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2072561/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
