[PR #1670] [FIX] Fix vulnerability in url crate #2383

New Issue

claunia · 2026-01-29T17:21:51Z

claunia commented

2026-01-29 17:21:51 +00:00

Original Pull Request: https://github.com/CCExtractor/ccextractor/pull/1670

State: closed
Merged: Yes

Fix vulnerability discovered with cargo-audit by upgrading url crate to version 2.5.4

In raising this pull request, I confirm the following (please check boxes):

I have read and understood the contributors guide.
I have checked that another pull request for this purpose does not exist.
I have considered, and confirmed that this submission will be valuable to others.
I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
I give this submission freely, and claim no ownership to its content.
I have mentioned this change in the changelog.

My familiarity with the project is as follows (check one):

I have never used CCExtractor.
I have used CCExtractor just a couple of times.
I absolutely love CCExtractor, but have not contributed previously.
I am an active contributor to CCExtractor.

Fix vulnerability discovered with cargo-audit by upgrading url crate to version 2.5.4

cargo-audit

output:

Crate:     idna
Version:   0.5.0
Title:     `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Date:      2024-12-09
ID:        RUSTSEC-2024-0421
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0421
Solution:  Upgrade to >=1.0.0
Dependency tree:
idna 0.5.0
└── url 2.5.2
    ├── lib_ccxr 0.1.0
    │   └── ccx_rust 0.1.0
    └── ccx_rust 0.1.0

**Original Pull Request:** https://github.com/CCExtractor/ccextractor/pull/1670 **State:** closed **Merged:** Yes --- * Fix vulnerability discovered with `cargo-audit` by upgrading `url` crate to version `2.5.4` **In raising this pull request, I confirm the following (please check boxes):** - [x] I have read and understood the [contributors guide](https://github.com/CCExtractor/ccextractor/blob/master/.github/CONTRIBUTING.md). - [x] I have checked that another pull request for this purpose does not exist. - [x] I have considered, and confirmed that this submission will be valuable to others. - [x] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [x] I give this submission freely, and claim no ownership to its content. - [ ] **I have mentioned this change in the [changelog](https://github.com/CCExtractor/ccextractor/blob/master/docs/CHANGES.TXT).** **My familiarity with the project is as follows (check one):** - [ ] I have never used CCExtractor. - [x] I have used CCExtractor just a couple of times. - [ ] I absolutely love CCExtractor, but have not contributed previously. - [ ] I am an active contributor to CCExtractor. --- Fix vulnerability discovered with `cargo-audit` by upgrading `url` crate to version `2.5.4` ```bash cargo-audit ``` output: ```text Crate: idna Version: 0.5.0 Title: `idna` accepts Punycode labels that do not produce any non-ASCII when decoded Date: 2024-12-09 ID: RUSTSEC-2024-0421 URL: https://rustsec.org/advisories/RUSTSEC-2024-0421 Solution: Upgrade to >=1.0.0 Dependency tree: idna 0.5.0 └── url 2.5.2 ├── lib_ccxr 0.1.0 │ └── ccx_rust 0.1.0 └── ccx_rust 0.1.0 ```

claunia added the pull-request label 2026-01-29 17:21:51 +00:00

claunia closed this issue

2026-01-29 17:21:51 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#2383