[PR #1670] [MERGED] [FIX] Fix vulnerability in url crate #2379

New Issue

claunia · 2026-01-29T17:21:50Z

claunia commented

2026-01-29 17:21:50 +00:00

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/1670
Author: @hjrgrn
Created: 3/1/2025
Status: ✅ Merged
Merged: 3/9/2025
Merged by: @cfsmp3

Base: master ← Head: update_url_crate

📝 Commits (4)

e792915 Update url crate
00bb365 Update url crate in lib_ccxr submodule
038593b Merge branch 'master' into update_url_crate
e09b7ad Update Cargo.toml

📊 Changes

4 files changed (+727 additions, -255 deletions)

View changed files

📝 src/rust/Cargo.lock (+397 -165)
📝 src/rust/Cargo.toml (+10 -10)
📝 src/rust/lib_ccxr/Cargo.lock (+314 -74)
📝 src/rust/lib_ccxr/Cargo.toml (+6 -6)

📄 Description

Fix vulnerability discovered with cargo-audit by upgrading url crate to version 2.5.4

In raising this pull request, I confirm the following (please check boxes):

I have read and understood the contributors guide.
I have checked that another pull request for this purpose does not exist.
I have considered, and confirmed that this submission will be valuable to others.
I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
I give this submission freely, and claim no ownership to its content.
I have mentioned this change in the changelog.

My familiarity with the project is as follows (check one):

I have never used CCExtractor.
I have used CCExtractor just a couple of times.
I absolutely love CCExtractor, but have not contributed previously.
I am an active contributor to CCExtractor.

Fix vulnerability discovered with cargo-audit by upgrading url crate to version 2.5.4

cargo-audit

output:

Crate:     idna
Version:   0.5.0
Title:     `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Date:      2024-12-09
ID:        RUSTSEC-2024-0421
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0421
Solution:  Upgrade to >=1.0.0
Dependency tree:
idna 0.5.0
└── url 2.5.2
    ├── lib_ccxr 0.1.0
    │   └── ccx_rust 0.1.0
    └── ccx_rust 0.1.0

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/1670 **Author:** [@hjrgrn](https://github.com/hjrgrn) **Created:** 3/1/2025 **Status:** ✅ Merged **Merged:** 3/9/2025 **Merged by:** [@cfsmp3](https://github.com/cfsmp3) **Base:** `master` ← **Head:** `update_url_crate` --- ### 📝 Commits (4) - [`e792915`](https://github.com/CCExtractor/ccextractor/commit/e792915e6ba3dbd91a30e7631b4ff8a639826960) Update url crate - [`00bb365`](https://github.com/CCExtractor/ccextractor/commit/00bb3657aa2fd02a0857381aaef58d59ebab3dbb) Update url crate in lib_ccxr submodule - [`038593b`](https://github.com/CCExtractor/ccextractor/commit/038593b7ea61dae9a95f408296ce1911554e5ac4) Merge branch 'master' into update_url_crate - [`e09b7ad`](https://github.com/CCExtractor/ccextractor/commit/e09b7ad800084c456f6f07bae3445c53628de0fc) Update Cargo.toml ### 📊 Changes **4 files changed** (+727 additions, -255 deletions) <details> <summary>View changed files</summary> 📝 `src/rust/Cargo.lock` (+397 -165) 📝 `src/rust/Cargo.toml` (+10 -10) 📝 `src/rust/lib_ccxr/Cargo.lock` (+314 -74) 📝 `src/rust/lib_ccxr/Cargo.toml` (+6 -6) </details> ### 📄 Description * Fix vulnerability discovered with `cargo-audit` by upgrading `url` crate to version `2.5.4` **In raising this pull request, I confirm the following (please check boxes):** - [x] I have read and understood the [contributors guide](https://github.com/CCExtractor/ccextractor/blob/master/.github/CONTRIBUTING.md). - [x] I have checked that another pull request for this purpose does not exist. - [x] I have considered, and confirmed that this submission will be valuable to others. - [x] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [x] I give this submission freely, and claim no ownership to its content. - [ ] **I have mentioned this change in the [changelog](https://github.com/CCExtractor/ccextractor/blob/master/docs/CHANGES.TXT).** **My familiarity with the project is as follows (check one):** - [ ] I have never used CCExtractor. - [x] I have used CCExtractor just a couple of times. - [ ] I absolutely love CCExtractor, but have not contributed previously. - [ ] I am an active contributor to CCExtractor. --- Fix vulnerability discovered with `cargo-audit` by upgrading `url` crate to version `2.5.4` ```bash cargo-audit ``` output: ```text Crate: idna Version: 0.5.0 Title: `idna` accepts Punycode labels that do not produce any non-ASCII when decoded Date: 2024-12-09 ID: RUSTSEC-2024-0421 URL: https://rustsec.org/advisories/RUSTSEC-2024-0421 Solution: Upgrade to >=1.0.0 Dependency tree: idna 0.5.0 └── url 2.5.2 ├── lib_ccxr 0.1.0 │ └── ccx_rust 0.1.0 └── ccx_rust 0.1.0 ``` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

claunia added the pull-request label 2026-01-29 17:21:50 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#2379