Security Audit Report: Dependency Scanning
Date: June 11, 2026
Project: bbl_parser
Executive Summary
A security audit of the project's dependencies was performed using manual cross-referencing against the RustSec Advisory Database and cargo update --dry-run. One active vulnerability was identified in the regex crate. Multiple other dependencies are outdated and should be updated to ensure stability and security hardening before release.
1. Security Vulnerabilities
| ID |
Crate |
Current Version |
Target Version |
Severity |
Vulnerability |
| VULN-001 |
regex |
1.11.1 |
1.11.2+ |
High |
Unsound bounds check elision. A bug in version 1.11.1 allows the compiler to unsoundly elide bounds checks, potentially leading to memory safety issues. |
Recommendation
Update the regex dependency to version 1.11.2 or later immediately.
2. Outdated Dependencies (High Priority)
The following dependencies have available updates that include bug fixes, performance improvements, or security hardening.
| Crate |
Current Version |
Latest Compatible |
Status |
clap |
4.5.40 |
4.6.1 |
Update Available |
csv |
1.3.1 |
1.4.0 |
Update Available |
bitflags |
2.9.1 |
2.13.0 |
Update Available |
libc |
0.2.173 |
0.2.186 |
Update Available |
tempfile |
3.20.0 |
3.27.0 |
Update Available |
serde_json |
1.0.140 |
1.0.150 |
Update Available |
anyhow |
1.0.98 |
1.0.102 |
Update Available |
3. Audit Methodology
- Advisory Check: Manual verification against the RustSec Advisory Database.
- Version Analysis: Evaluated using
cargo update --dry-run and cargo metadata.
- Limitations: Automated tools (
cargo-audit, osv-scanner) encountered environment-specific parsing or discovery errors. Findings are based on high-fidelity manual research.
4. Remediation Plan
To resolve the identified vulnerability and update the workspace, run:
Note: Verify that regex is updated to at least 1.11.2 in Cargo.lock after running the command.
AI Generated by Gemini CLI
Security Audit Report: Dependency Scanning
Date: June 11, 2026
Project:
bbl_parserExecutive Summary
A security audit of the project's dependencies was performed using manual cross-referencing against the RustSec Advisory Database and
cargo update --dry-run. One active vulnerability was identified in theregexcrate. Multiple other dependencies are outdated and should be updated to ensure stability and security hardening before release.1. Security Vulnerabilities
regex1.11.11.11.2+Recommendation
Update the
regexdependency to version1.11.2or later immediately.2. Outdated Dependencies (High Priority)
The following dependencies have available updates that include bug fixes, performance improvements, or security hardening.
clap4.5.404.6.1csv1.3.11.4.0bitflags2.9.12.13.0libc0.2.1730.2.186tempfile3.20.03.27.0serde_json1.0.1401.0.150anyhow1.0.981.0.1023. Audit Methodology
cargo update --dry-runandcargo metadata.cargo-audit,osv-scanner) encountered environment-specific parsing or discovery errors. Findings are based on high-fidelity manual research.4. Remediation Plan
To resolve the identified vulnerability and update the workspace, run:
Note: Verify that
regexis updated to at least1.11.2inCargo.lockafter running the command.AI Generated by Gemini CLI