So I ran cargo audit on a project and got the following output:
error: 4 vulnerabilities found!
warning: 8 allowed warnings found
What do I do to fix these errors? The vulnerabilities are in dependencies of my dependencies, and they seem to be using an older version of a package. Is my only option to upgrade my own dependencies (which would take a non-trivial amount of work), or is there any way to tell my dependencies to use a newer version of those vulnerable packages like how npm audit fix works? I’m guessing that’s what cargo audit fix is supposed to do, but in my case it wasn’t able to fix any of the vulnerabilities.
I tried searching the web, but there was surprisingly little information on this stuff.
You can first try
cargo updateto update the dependencies as best as you can. If it doesn’t fix it, you can do a pr to those dependencies to update the subcrates