Not an IC related question more a Rust noob question.
I got a vulnerability detected and reported in a new canister I started developping but, don’t know really how to track it down nor how to solve it. The issue does not seem to originate from my code but, from a crate I am using, so a bit lost how to find which one and what is vulnerable. How do I know which dependency has the issue? Any advice would be appreciated!
❯ dfx build telemetry
Checking for vulnerabilities in rust canisters.
Fetching advisory database from
Loaded 554 security advisories (from /Users/daviddalbusco/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (112 crate dependencies)
Title: misc::vec_with_size() can drop uninitialized memory if clone panics
URL: RUSTSEC-2021-0046: telemetry: misc::vec_with_size() can drop uninitialized memory if clone panics › RustSec Advisory Database
Solution: No fixed upgrade is available!