Not an IC related question more a Rust noob question.
I got a vulnerability detected and reported in a new canister I started developping but, don’t know really how to track it down nor how to solve it. The issue does not seem to originate from my code but, from a crate I am using, so a bit lost how to find which one and what is vulnerable. How do I know which dependency has the issue? Any advice would be appreciated!
❯ dfx build telemetry
Building canisters…
Checking for vulnerabilities in rust canisters.
Fetching advisory database fromhttps://github.com/RustSec/advisory-db.git
Loaded 554 security advisories (from /Users/daviddalbusco/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (112 crate dependencies)
Crate: telemetry
Version: 0.0.1
Title: misc::vec_with_size() can drop uninitialized memory if clone panics
Date: 2021-02-17
ID: RUSTSEC-2021-0046
URL: RUSTSEC-2021-0046: telemetry: misc::vec_with_size() can drop uninitialized memory if clone panics › RustSec Advisory Database
Solution: No fixed upgrade is available!
Dependency tree:
telemetry 0.0.1
.