Update dependencies, to get regex >= 1.5.5
There was VUL-0 (CVE-2022-24713) discovered in regex crate.
I'm the maintainer of helvum package in openSUSE and I got this request to notice you: https://bugzilla.suse.com/show_bug.cgi?id=1196972
I tried to use cargo update -p regex --precise 1.5.5
, but there are issues with dependencies of dependencies:
error: failed to select a version for `memchr`.
... required by package `nom v6.2.1`
... which satisfies dependency `nom = "^6.1.2"` (locked to 6.2.1) of package `libspa v0.4.1`
... which satisfies dependency `spa = "^0"` (locked to 0.4.1) of package `pipewire v0.4.1`
... which satisfies dependency `pipewire = "^0.4"` (locked to 0.4.1) of package `helvum v0.3.4 (/home/etam/tmp/helvum)`
versions that meet the requirements `>=2.0, <2.4` are: 2.3.4, 2.3.3, 2.3.2, 2.3.0, 2.2.1, 2.2.0, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.0.2, 2.0.1, 2.0.0
all possible versions conflict with previously selected packages.
previously selected package `memchr v2.4.0`
... which satisfies dependency `memchr = "^2.4.0"` of package `aho-corasick v0.7.18`
... which satisfies dependency `aho-corasick = "^0.7.18"` of package `regex v1.5.5`
... which satisfies dependency `regex = "^1.0"` of package `bindgen v0.59.2`
... which satisfies dependency `bindgen = "^0.59"` (locked to 0.59.2) of package `libspa-sys v0.4.1`
... which satisfies dependency `spa_sys = "^0"` (locked to 0.4.1) of package `libspa v0.4.1`
... which satisfies dependency `spa = "^0"` (locked to 0.4.1) of package `pipewire v0.4.1`
... which satisfies dependency `pipewire = "^0.4"` (locked to 0.4.1) of package `helvum v0.3.4 (/home/etam/tmp/helvum)`
failed to select a version for `memchr` which could resolve this conflict