File tree Expand file tree Collapse file tree 1 file changed +5
-4
lines changed
Expand file tree Collapse file tree 1 file changed +5
-4
lines changed Original file line number Diff line number Diff line change 191191
192192### Changed
193193
194- - ❗ Turned feature name validation check to a hard error. The warning was
195- added in Rust 1.49. These extended characters aren't allowed on crates.io, so
196- this should only impact users of other registries, or people who don't publish
197- to a registry.
194+ - [ CVE-2023 -40030] ( https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p ) :
195+ Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports.
196+ To mitigate this, feature name validation check is now turned into a hard error.
197+ The warning was added in Rust 1.49. These extended characters aren't allowed on crates.io,
198+ so this should only impact users of other registries, or people who don't publish to a registry.
198199 [ #12291 ] ( https://github.com/rust-lang/cargo/pull/12291 )
199200- Cargo now warns when an edition 2021 package is in a virtual workspace and
200201 ` workspace.resolver ` is not set. It is recommended to set the resolver
You can’t perform that action at this time.
0 commit comments