Result from running https://crates.io/crates/cargo-audit on:
➜ arm-risc0 git:(c138fc0) cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 897 security advisories (from /Users/michaelheuer/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (565 crate dependencies)
Crate: rsa
Version: 0.9.8
Title: Marvin Attack: potential key recovery through timing sidechannels
Date: 2023-11-22
ID: RUSTSEC-2023-0071
URL: https://rustsec.org/advisories/RUSTSEC-2023-0071
Severity: 5.9 (medium)
Solution: No fixed upgrade is available!
Dependency tree:
rsa 0.9.8
└── rzup 0.5.1
├── risc0-zkvm 3.0.3
│ └── arm 1.0.0
│ ├── arm-test-witness 1.0.0
│ │ └── arm-test-app 1.0.0
│ ├── arm-test-app 1.0.0
│ └── arm-gadgets 1.0.0
│ └── arm-test-witness 1.0.0
├── risc0-groth16 3.0.2
│ └── risc0-zkvm 3.0.3
└── risc0-build 3.0.3
└── risc0-zkvm 3.0.3
Crate: ruint
Version: 1.17.0
Title: Unsoundness of safe `reciprocal_mg10`
Date: 2025-12-22
ID: RUSTSEC-2025-0137
URL: https://rustsec.org/advisories/RUSTSEC-2025-0137
Solution: Upgrade to >=1.17.1
Dependency tree:
ruint 1.17.0
├── risc0-binfmt 3.0.2
│ ├── risc0-zkvm 3.0.3
│ │ └── arm 1.0.0
│ │ ├── arm-test-witness 1.0.0
│ │ │ └── arm-test-app 1.0.0
│ │ ├── arm-test-app 1.0.0
│ │ └── arm-gadgets 1.0.0
│ │ └── arm-test-witness 1.0.0
│ ├── risc0-groth16 3.0.2
│ │ └── risc0-zkvm 3.0.3
│ ├── risc0-circuit-rv32im 4.0.2
│ │ └── risc0-zkvm 3.0.3
│ ├── risc0-circuit-keccak 4.0.2
│ │ └── risc0-zkvm 3.0.3
│ └── risc0-build 3.0.3
│ └── risc0-zkvm 3.0.3
├── circom-witnesscalc 0.2.1
│ └── risc0-groth16 3.0.2
└── alloy-primitives 1.4.1
├── arm-gadgets 1.0.0
├── alloy-sol-types 1.4.1
│ └── arm-gadgets 1.0.0
└── alloy-json-abi 1.4.1
└── alloy-sol-types 1.4.1
Crate: tracing-subscriber
Version: 0.2.25
Title: Logging user input may result in poisoning logs with ANSI escape sequences
Date: 2025-08-29
ID: RUSTSEC-2025-0055
URL: https://rustsec.org/advisories/RUSTSEC-2025-0055
Solution: Upgrade to >=0.3.20
Dependency tree:
tracing-subscriber 0.2.25
└── ark-relations 0.5.1
├── ark-snark 0.5.1
│ └── ark-crypto-primitives 0.5.0
│ └── ark-groth16 0.5.0
│ └── risc0-groth16 3.0.2
│ └── risc0-zkvm 3.0.3
│ └── arm 1.0.0
│ ├── arm-test-witness 1.0.0
│ │ └── arm-test-app 1.0.0
│ ├── arm-test-app 1.0.0
│ └── arm-gadgets 1.0.0
│ └── arm-test-witness 1.0.0
├── ark-r1cs-std 0.5.0
│ └── ark-bn254 0.5.0
│ ├── risc0-groth16 3.0.2
│ └── circom-witnesscalc 0.2.1
│ └── risc0-groth16 3.0.2
├── ark-groth16 0.5.0
└── ark-crypto-primitives 0.5.0
Crate: atomic-polyfill
Version: 1.0.3
Warning: unmaintained
Title: atomic-polyfill is unmaintained
Date: 2023-07-11
ID: RUSTSEC-2023-0089
URL: https://rustsec.org/advisories/RUSTSEC-2023-0089
Dependency tree:
atomic-polyfill 1.0.3
└── heapless 0.7.17
└── postcard 1.1.3
├── risc0-circuit-rv32im 4.0.2
│ └── risc0-zkvm 3.0.3
│ └── arm 1.0.0
│ ├── arm-test-witness 1.0.0
│ │ └── arm-test-app 1.0.0
│ ├── arm-test-app 1.0.0
│ └── arm-gadgets 1.0.0
│ └── arm-test-witness 1.0.0
└── risc0-binfmt 3.0.2
├── risc0-zkvm 3.0.3
├── risc0-groth16 3.0.2
│ └── risc0-zkvm 3.0.3
├── risc0-circuit-rv32im 4.0.2
├── risc0-circuit-keccak 4.0.2
│ └── risc0-zkvm 3.0.3
└── risc0-build 3.0.3
└── risc0-zkvm 3.0.3
Crate: derivative
Version: 2.2.0
Warning: unmaintained
Title: `derivative` is unmaintained; consider using an alternative
Date: 2024-06-26
ID: RUSTSEC-2024-0388
URL: https://rustsec.org/advisories/RUSTSEC-2024-0388
Dependency tree:
derivative 2.2.0
├── ark-ff 0.4.2
│ └── ruint 1.17.0
│ ├── risc0-binfmt 3.0.2
│ │ ├── risc0-zkvm 3.0.3
│ │ │ └── arm 1.0.0
│ │ │ ├── arm-test-witness 1.0.0
│ │ │ │ └── arm-test-app 1.0.0
│ │ │ ├── arm-test-app 1.0.0
│ │ │ └── arm-gadgets 1.0.0
│ │ │ └── arm-test-witness 1.0.0
│ │ ├── risc0-groth16 3.0.2
│ │ │ └── risc0-zkvm 3.0.3
│ │ ├── risc0-circuit-rv32im 4.0.2
│ │ │ └── risc0-zkvm 3.0.3
│ │ ├── risc0-circuit-keccak 4.0.2
│ │ │ └── risc0-zkvm 3.0.3
│ │ └── risc0-build 3.0.3
│ │ └── risc0-zkvm 3.0.3
│ ├── circom-witnesscalc 0.2.1
│ │ └── risc0-groth16 3.0.2
│ └── alloy-primitives 1.4.1
│ ├── arm-gadgets 1.0.0
│ ├── alloy-sol-types 1.4.1
│ │ └── arm-gadgets 1.0.0
│ └── alloy-json-abi 1.4.1
│ └── alloy-sol-types 1.4.1
├── ark-ff 0.3.0
│ └── ruint 1.17.0
└── ark-crypto-primitives 0.5.0
└── ark-groth16 0.5.0
└── risc0-groth16 3.0.2
Crate: number_prefix
Version: 0.4.0
Warning: unmaintained
Title: number_prefix crate is unmaintained
Date: 2025-11-17
ID: RUSTSEC-2025-0119
URL: https://rustsec.org/advisories/RUSTSEC-2025-0119
Dependency tree:
number_prefix 0.4.0
└── indicatif 0.17.11
└── circom-witnesscalc 0.2.1
└── risc0-groth16 3.0.2
└── risc0-zkvm 3.0.3
└── arm 1.0.0
├── arm-test-witness 1.0.0
│ └── arm-test-app 1.0.0
├── arm-test-app 1.0.0
└── arm-gadgets 1.0.0
└── arm-test-witness 1.0.0
Crate: paste
Version: 1.0.15
Warning: unmaintained
Title: paste - no longer maintained
Date: 2024-10-07
ID: RUSTSEC-2024-0436
URL: https://rustsec.org/advisories/RUSTSEC-2024-0436
Dependency tree:
paste 1.0.15
├── syn-solidity 1.4.1
│ ├── alloy-sol-macro-input 1.4.1
│ │ ├── alloy-sol-macro-expander 1.4.1
│ │ │ └── alloy-sol-macro 1.4.1
│ │ │ └── alloy-sol-types 1.4.1
│ │ │ └── arm-gadgets 1.0.0
│ │ │ └── arm-test-witness 1.0.0
│ │ │ └── arm-test-app 1.0.0
│ │ └── alloy-sol-macro 1.4.1
│ └── alloy-sol-macro-expander 1.4.1
├── rrs-lib 0.1.0
│ └── risc0-zkvm 3.0.3
│ └── arm 1.0.0
│ ├── arm-test-witness 1.0.0
│ ├── arm-test-app 1.0.0
│ └── arm-gadgets 1.0.0
├── risc0-zkvm-platform 2.2.1
│ ├── risc0-zkvm 3.0.3
│ ├── risc0-zkp 3.0.2
│ │ ├── risc0-zkvm 3.0.3
│ │ ├── risc0-groth16 3.0.2
│ │ │ └── risc0-zkvm 3.0.3
│ │ ├── risc0-circuit-rv32im 4.0.2
│ │ │ └── risc0-zkvm 3.0.3
│ │ ├── risc0-circuit-recursion 4.0.2
│ │ │ ├── risc0-zkvm 3.0.3
│ │ │ └── risc0-circuit-keccak 4.0.2
│ │ │ └── risc0-zkvm 3.0.3
│ │ ├── risc0-circuit-keccak 4.0.2
│ │ ├── risc0-build 3.0.3
│ │ │ └── risc0-zkvm 3.0.3
│ │ └── risc0-binfmt 3.0.2
│ │ ├── risc0-zkvm 3.0.3
│ │ ├── risc0-groth16 3.0.2
│ │ ├── risc0-circuit-rv32im 4.0.2
│ │ ├── risc0-circuit-keccak 4.0.2
│ │ └── risc0-build 3.0.3
│ ├── risc0-zkos-v1compat 2.2.0
│ │ ├── risc0-zkvm 3.0.3
│ │ └── risc0-build 3.0.3
│ ├── risc0-build 3.0.3
│ └── risc0-binfmt 3.0.2
├── risc0-zkp 3.0.2
├── risc0-circuit-rv32im 4.0.2
├── risc0-circuit-keccak 4.0.2
├── metal 0.29.0
│ ├── risc0-zkp 3.0.2
│ └── risc0-circuit-recursion 4.0.2
├── gdbstub 0.7.7
│ ├── risc0-zkvm 3.0.3
│ ├── risc0-circuit-rv32im 4.0.2
│ └── gdbstub_arch 0.3.2
│ ├── risc0-zkvm 3.0.3
│ └── risc0-circuit-rv32im 4.0.2
├── ark-ff 0.5.0
│ ├── ruint 1.17.0
│ │ ├── risc0-binfmt 3.0.2
│ │ ├── circom-witnesscalc 0.2.1
│ │ │ └── risc0-groth16 3.0.2
│ │ └── alloy-primitives 1.4.1
│ │ ├── arm-gadgets 1.0.0
│ │ ├── alloy-sol-types 1.4.1
│ │ └── alloy-json-abi 1.4.1
│ │ └── alloy-sol-types 1.4.1
│ ├── risc0-groth16 3.0.2
│ ├── circom-witnesscalc 0.2.1
│ ├── ark-snark 0.5.1
│ │ └── ark-crypto-primitives 0.5.0
│ │ └── ark-groth16 0.5.0
│ │ └── risc0-groth16 3.0.2
│ ├── ark-relations 0.5.1
│ │ ├── ark-snark 0.5.1
│ │ ├── ark-r1cs-std 0.5.0
│ │ │ └── ark-bn254 0.5.0
│ │ │ ├── risc0-groth16 3.0.2
│ │ │ └── circom-witnesscalc 0.2.1
│ │ ├── ark-groth16 0.5.0
│ │ └── ark-crypto-primitives 0.5.0
│ ├── ark-r1cs-std 0.5.0
│ ├── ark-poly 0.5.0
│ │ ├── ark-groth16 0.5.0
│ │ └── ark-ec 0.5.0
│ │ ├── risc0-groth16 3.0.2
│ │ ├── ark-r1cs-std 0.5.0
│ │ ├── ark-groth16 0.5.0
│ │ ├── ark-crypto-primitives 0.5.0
│ │ └── ark-bn254 0.5.0
│ ├── ark-groth16 0.5.0
│ ├── ark-ec 0.5.0
│ ├── ark-crypto-primitives 0.5.0
│ └── ark-bn254 0.5.0
├── ark-ff 0.4.2
│ └── ruint 1.17.0
├── ark-ff 0.3.0
│ └── ruint 1.17.0
└── alloy-primitives 1.4.1
error: 3 vulnerabilities found!
warning: 4 allowed warnings found
Result from running https://crates.io/crates/cargo-audit on:
➜ arm-risc0 git:(c138fc0) cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 897 security advisories (from /Users/michaelheuer/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (565 crate dependencies) Crate: rsa Version: 0.9.8 Title: Marvin Attack: potential key recovery through timing sidechannels Date: 2023-11-22 ID: RUSTSEC-2023-0071 URL: https://rustsec.org/advisories/RUSTSEC-2023-0071 Severity: 5.9 (medium) Solution: No fixed upgrade is available! Dependency tree: rsa 0.9.8 └── rzup 0.5.1 ├── risc0-zkvm 3.0.3 │ └── arm 1.0.0 │ ├── arm-test-witness 1.0.0 │ │ └── arm-test-app 1.0.0 │ ├── arm-test-app 1.0.0 │ └── arm-gadgets 1.0.0 │ └── arm-test-witness 1.0.0 ├── risc0-groth16 3.0.2 │ └── risc0-zkvm 3.0.3 └── risc0-build 3.0.3 └── risc0-zkvm 3.0.3 Crate: ruint Version: 1.17.0 Title: Unsoundness of safe `reciprocal_mg10` Date: 2025-12-22 ID: RUSTSEC-2025-0137 URL: https://rustsec.org/advisories/RUSTSEC-2025-0137 Solution: Upgrade to >=1.17.1 Dependency tree: ruint 1.17.0 ├── risc0-binfmt 3.0.2 │ ├── risc0-zkvm 3.0.3 │ │ └── arm 1.0.0 │ │ ├── arm-test-witness 1.0.0 │ │ │ └── arm-test-app 1.0.0 │ │ ├── arm-test-app 1.0.0 │ │ └── arm-gadgets 1.0.0 │ │ └── arm-test-witness 1.0.0 │ ├── risc0-groth16 3.0.2 │ │ └── risc0-zkvm 3.0.3 │ ├── risc0-circuit-rv32im 4.0.2 │ │ └── risc0-zkvm 3.0.3 │ ├── risc0-circuit-keccak 4.0.2 │ │ └── risc0-zkvm 3.0.3 │ └── risc0-build 3.0.3 │ └── risc0-zkvm 3.0.3 ├── circom-witnesscalc 0.2.1 │ └── risc0-groth16 3.0.2 └── alloy-primitives 1.4.1 ├── arm-gadgets 1.0.0 ├── alloy-sol-types 1.4.1 │ └── arm-gadgets 1.0.0 └── alloy-json-abi 1.4.1 └── alloy-sol-types 1.4.1 Crate: tracing-subscriber Version: 0.2.25 Title: Logging user input may result in poisoning logs with ANSI escape sequences Date: 2025-08-29 ID: RUSTSEC-2025-0055 URL: https://rustsec.org/advisories/RUSTSEC-2025-0055 Solution: Upgrade to >=0.3.20 Dependency tree: tracing-subscriber 0.2.25 └── ark-relations 0.5.1 ├── ark-snark 0.5.1 │ └── ark-crypto-primitives 0.5.0 │ └── ark-groth16 0.5.0 │ └── risc0-groth16 3.0.2 │ └── risc0-zkvm 3.0.3 │ └── arm 1.0.0 │ ├── arm-test-witness 1.0.0 │ │ └── arm-test-app 1.0.0 │ ├── arm-test-app 1.0.0 │ └── arm-gadgets 1.0.0 │ └── arm-test-witness 1.0.0 ├── ark-r1cs-std 0.5.0 │ └── ark-bn254 0.5.0 │ ├── risc0-groth16 3.0.2 │ └── circom-witnesscalc 0.2.1 │ └── risc0-groth16 3.0.2 ├── ark-groth16 0.5.0 └── ark-crypto-primitives 0.5.0 Crate: atomic-polyfill Version: 1.0.3 Warning: unmaintained Title: atomic-polyfill is unmaintained Date: 2023-07-11 ID: RUSTSEC-2023-0089 URL: https://rustsec.org/advisories/RUSTSEC-2023-0089 Dependency tree: atomic-polyfill 1.0.3 └── heapless 0.7.17 └── postcard 1.1.3 ├── risc0-circuit-rv32im 4.0.2 │ └── risc0-zkvm 3.0.3 │ └── arm 1.0.0 │ ├── arm-test-witness 1.0.0 │ │ └── arm-test-app 1.0.0 │ ├── arm-test-app 1.0.0 │ └── arm-gadgets 1.0.0 │ └── arm-test-witness 1.0.0 └── risc0-binfmt 3.0.2 ├── risc0-zkvm 3.0.3 ├── risc0-groth16 3.0.2 │ └── risc0-zkvm 3.0.3 ├── risc0-circuit-rv32im 4.0.2 ├── risc0-circuit-keccak 4.0.2 │ └── risc0-zkvm 3.0.3 └── risc0-build 3.0.3 └── risc0-zkvm 3.0.3 Crate: derivative Version: 2.2.0 Warning: unmaintained Title: `derivative` is unmaintained; consider using an alternative Date: 2024-06-26 ID: RUSTSEC-2024-0388 URL: https://rustsec.org/advisories/RUSTSEC-2024-0388 Dependency tree: derivative 2.2.0 ├── ark-ff 0.4.2 │ └── ruint 1.17.0 │ ├── risc0-binfmt 3.0.2 │ │ ├── risc0-zkvm 3.0.3 │ │ │ └── arm 1.0.0 │ │ │ ├── arm-test-witness 1.0.0 │ │ │ │ └── arm-test-app 1.0.0 │ │ │ ├── arm-test-app 1.0.0 │ │ │ └── arm-gadgets 1.0.0 │ │ │ └── arm-test-witness 1.0.0 │ │ ├── risc0-groth16 3.0.2 │ │ │ └── risc0-zkvm 3.0.3 │ │ ├── risc0-circuit-rv32im 4.0.2 │ │ │ └── risc0-zkvm 3.0.3 │ │ ├── risc0-circuit-keccak 4.0.2 │ │ │ └── risc0-zkvm 3.0.3 │ │ └── risc0-build 3.0.3 │ │ └── risc0-zkvm 3.0.3 │ ├── circom-witnesscalc 0.2.1 │ │ └── risc0-groth16 3.0.2 │ └── alloy-primitives 1.4.1 │ ├── arm-gadgets 1.0.0 │ ├── alloy-sol-types 1.4.1 │ │ └── arm-gadgets 1.0.0 │ └── alloy-json-abi 1.4.1 │ └── alloy-sol-types 1.4.1 ├── ark-ff 0.3.0 │ └── ruint 1.17.0 └── ark-crypto-primitives 0.5.0 └── ark-groth16 0.5.0 └── risc0-groth16 3.0.2 Crate: number_prefix Version: 0.4.0 Warning: unmaintained Title: number_prefix crate is unmaintained Date: 2025-11-17 ID: RUSTSEC-2025-0119 URL: https://rustsec.org/advisories/RUSTSEC-2025-0119 Dependency tree: number_prefix 0.4.0 └── indicatif 0.17.11 └── circom-witnesscalc 0.2.1 └── risc0-groth16 3.0.2 └── risc0-zkvm 3.0.3 └── arm 1.0.0 ├── arm-test-witness 1.0.0 │ └── arm-test-app 1.0.0 ├── arm-test-app 1.0.0 └── arm-gadgets 1.0.0 └── arm-test-witness 1.0.0 Crate: paste Version: 1.0.15 Warning: unmaintained Title: paste - no longer maintained Date: 2024-10-07 ID: RUSTSEC-2024-0436 URL: https://rustsec.org/advisories/RUSTSEC-2024-0436 Dependency tree: paste 1.0.15 ├── syn-solidity 1.4.1 │ ├── alloy-sol-macro-input 1.4.1 │ │ ├── alloy-sol-macro-expander 1.4.1 │ │ │ └── alloy-sol-macro 1.4.1 │ │ │ └── alloy-sol-types 1.4.1 │ │ │ └── arm-gadgets 1.0.0 │ │ │ └── arm-test-witness 1.0.0 │ │ │ └── arm-test-app 1.0.0 │ │ └── alloy-sol-macro 1.4.1 │ └── alloy-sol-macro-expander 1.4.1 ├── rrs-lib 0.1.0 │ └── risc0-zkvm 3.0.3 │ └── arm 1.0.0 │ ├── arm-test-witness 1.0.0 │ ├── arm-test-app 1.0.0 │ └── arm-gadgets 1.0.0 ├── risc0-zkvm-platform 2.2.1 │ ├── risc0-zkvm 3.0.3 │ ├── risc0-zkp 3.0.2 │ │ ├── risc0-zkvm 3.0.3 │ │ ├── risc0-groth16 3.0.2 │ │ │ └── risc0-zkvm 3.0.3 │ │ ├── risc0-circuit-rv32im 4.0.2 │ │ │ └── risc0-zkvm 3.0.3 │ │ ├── risc0-circuit-recursion 4.0.2 │ │ │ ├── risc0-zkvm 3.0.3 │ │ │ └── risc0-circuit-keccak 4.0.2 │ │ │ └── risc0-zkvm 3.0.3 │ │ ├── risc0-circuit-keccak 4.0.2 │ │ ├── risc0-build 3.0.3 │ │ │ └── risc0-zkvm 3.0.3 │ │ └── risc0-binfmt 3.0.2 │ │ ├── risc0-zkvm 3.0.3 │ │ ├── risc0-groth16 3.0.2 │ │ ├── risc0-circuit-rv32im 4.0.2 │ │ ├── risc0-circuit-keccak 4.0.2 │ │ └── risc0-build 3.0.3 │ ├── risc0-zkos-v1compat 2.2.0 │ │ ├── risc0-zkvm 3.0.3 │ │ └── risc0-build 3.0.3 │ ├── risc0-build 3.0.3 │ └── risc0-binfmt 3.0.2 ├── risc0-zkp 3.0.2 ├── risc0-circuit-rv32im 4.0.2 ├── risc0-circuit-keccak 4.0.2 ├── metal 0.29.0 │ ├── risc0-zkp 3.0.2 │ └── risc0-circuit-recursion 4.0.2 ├── gdbstub 0.7.7 │ ├── risc0-zkvm 3.0.3 │ ├── risc0-circuit-rv32im 4.0.2 │ └── gdbstub_arch 0.3.2 │ ├── risc0-zkvm 3.0.3 │ └── risc0-circuit-rv32im 4.0.2 ├── ark-ff 0.5.0 │ ├── ruint 1.17.0 │ │ ├── risc0-binfmt 3.0.2 │ │ ├── circom-witnesscalc 0.2.1 │ │ │ └── risc0-groth16 3.0.2 │ │ └── alloy-primitives 1.4.1 │ │ ├── arm-gadgets 1.0.0 │ │ ├── alloy-sol-types 1.4.1 │ │ └── alloy-json-abi 1.4.1 │ │ └── alloy-sol-types 1.4.1 │ ├── risc0-groth16 3.0.2 │ ├── circom-witnesscalc 0.2.1 │ ├── ark-snark 0.5.1 │ │ └── ark-crypto-primitives 0.5.0 │ │ └── ark-groth16 0.5.0 │ │ └── risc0-groth16 3.0.2 │ ├── ark-relations 0.5.1 │ │ ├── ark-snark 0.5.1 │ │ ├── ark-r1cs-std 0.5.0 │ │ │ └── ark-bn254 0.5.0 │ │ │ ├── risc0-groth16 3.0.2 │ │ │ └── circom-witnesscalc 0.2.1 │ │ ├── ark-groth16 0.5.0 │ │ └── ark-crypto-primitives 0.5.0 │ ├── ark-r1cs-std 0.5.0 │ ├── ark-poly 0.5.0 │ │ ├── ark-groth16 0.5.0 │ │ └── ark-ec 0.5.0 │ │ ├── risc0-groth16 3.0.2 │ │ ├── ark-r1cs-std 0.5.0 │ │ ├── ark-groth16 0.5.0 │ │ ├── ark-crypto-primitives 0.5.0 │ │ └── ark-bn254 0.5.0 │ ├── ark-groth16 0.5.0 │ ├── ark-ec 0.5.0 │ ├── ark-crypto-primitives 0.5.0 │ └── ark-bn254 0.5.0 ├── ark-ff 0.4.2 │ └── ruint 1.17.0 ├── ark-ff 0.3.0 │ └── ruint 1.17.0 └── alloy-primitives 1.4.1 error: 3 vulnerabilities found! warning: 4 allowed warnings found