GHSA-f2wx-xjfw-xjv6: topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
https://github.com/advisories/GHSA-mc8h-8q98-g5hr https://github.com/XAMPPRocky/remove_dir_all/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead
tempfile v0.4.26 ships with affected remove_dir_all v0.5.3 and so blocks my deployment of v12 to openSUSE distribution because it imposes a clean cargo audit
Updating tempfile is warranted
References
- github.com/XAMPPRocky/remove_dir_all/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead
- github.com/advisories/GHSA-f2wx-xjfw-xjv6
- github.com/advisories/GHSA-mc8h-8q98-g5hr
- github.com/topgrade-rs/topgrade
- github.com/topgrade-rs/topgrade/releases/tag/v12.0.0
- github.com/topgrade-rs/topgrade/security/advisories/GHSA-f2wx-xjfw-xjv6
Code Behaviors & Features
Detect and mitigate GHSA-f2wx-xjfw-xjv6 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →