mirror of
https://gitee.com/milvus-io/milvus.git
synced 2025-12-06 17:18:35 +08:00
aea0418713
fix: issue https://github.com/milvus-io/milvus/issues/44160 WS-2023-0223 reported for [atty-0.2.14.crate](https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!libraryDetails;uuid=9c622063-376a-446b-bece-d7f6fd096758;project=7300448;orgToken=79623fcf-07fe-42b8-90bf-513fafeb41be) CVE-2020-25576 reported for [rand_core-0.3.1.crate](https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!libraryDetails;uuid=20e2ad1b-c84c-4f18-98a9-4f27643b29ff;project=7300448;orgToken=79623fcf-07fe-42b8-90bf-513fafeb41be) [atty-0.2.14.crate](https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!libraryDetails;uuid=9c622063-376a-446b-bece-d7f6fd096758;project=7300448;orgToken=79623fcf-07fe-42b8-90bf-513fafeb41be) is a transitive dependency coming from the root libraries 'cbindgen-0.26.0.crate' and 'criterion-0.4.0.crate' [rand_core-0.3.1.crate](https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!libraryDetails;uuid=20e2ad1b-c84c-4f18-98a9-4f27643b29ff;project=7300448;orgToken=79623fcf-07fe-42b8-90bf-513fafeb41be) is also a transitive dependency coming from 'rand-0.3.23.crate' library Path to dependency file: /workspace/app/milvus/internal/core/thirdparty/tantivy/tantivy-binding/Cargo.toml For Remediation, since these vulnerabilities are transitive one, the root libraries should be updated to the latest non-vulnerable version --------- Co-authored-by: Agnes-George1 <agnes.george1@ibm.com> Co-authored-by: Abita Ann Augustine <abitaaugustine@gmail.com> Co-authored-by: gifi-siby <gifi.s@ibm.com>