Skip to content

chore: ignore RUSTSEC-2026-0194/0195 (transitive quick-xml, no fix path)#1461

Closed
wpfleger96 wants to merge 1 commit into
mainfrom
alia/deny-quick-xml-advisories
Closed

chore: ignore RUSTSEC-2026-0194/0195 (transitive quick-xml, no fix path)#1461
wpfleger96 wants to merge 1 commit into
mainfrom
alia/deny-quick-xml-advisories

Conversation

@wpfleger96

Copy link
Copy Markdown
Collaborator

Quick-xml <0.41 has unbounded allocation / O(N^2) attribute checks affecting attacker-controlled XML. Transitive via plist (pins ^0.39) and aws-creds/rust-s3 (pin ^0.38); no parent accepts 0.41 yet.

Quick-xml <0.41 has unbounded allocation / O(N^2) attribute checks that affect
attacker-controlled XML. Transitive via plist (pins ^0.39) and aws-creds/rust-s3
(pin ^0.38); no parent crate accepts the fixed 0.41 yet.

Co-authored-by: Will Pfleger <pfleger.will@gmail.com>
Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
@wpfleger96

Copy link
Copy Markdown
Collaborator Author

Superseded — main already carries RUSTSEC-2026-0194/0195 ignore entries via #1454 (a504ad6), which landed before this PR. No changes needed.

@wpfleger96 wpfleger96 closed this Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant