You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
json-number has a dependency on lexical, which contains multiple soundness issues within its implementation. Dependabot mentions that libcorealready integrated the updated float parsing algorithm, making it possible to remove the dependency entirely.
The text was updated successfully, but these errors were encountered:
Thank you for raising this issue. I'm not using lexical to parse numbers, but to format them according to JCS rules. I'll have to find an alternative before I can get rid of it.
flavio
added a commit
to flavio/json-number
that referenced
this issue
Sep 18, 2024
Update to latest version of lexical crate, this is required to address
the following security advisories:
- lexical: RUSTSEC-2023-0055
- lexical-core (a transitive dependency of lexical): RUSTSEC-2023-0086
This fixestimothee-haudebourg#4
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Hi.
json-number
has a dependency onlexical
, which contains multiple soundness issues within its implementation. Dependabot mentions thatlibcore
already integrated the updated float parsing algorithm, making it possible to remove the dependency entirely.The text was updated successfully, but these errors were encountered: