Assigned RUSTSEC-2024-0403 to js-sandbox, RUSTSEC-2024-0404 to anstream, RUSTSEC-2024-0405 to rustyscript (#2154)

github-actions[bot] · Shnatsel · web-flow · commit 34a9f08643d1 · 2024-12-04T12:39:59.000Z
Co-authored-by: Shnatsel &lt;291257+Shnatsel@users.noreply.github.com&gt;
diff --git a/.duplicate-id-guard b/.duplicate-id-guard
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-54e570a3af4cf3373d3167584f6ba074f9a490041e0ceebf7eeeeda71c7eba9f  -
+fc3307516f0bba62f1990827568056f2ca57badabb319fa9a8b952b1e9ecda48  -
diff --git a/crates/anstream/RUSTSEC-2024-0404.md b/crates/anstream/RUSTSEC-2024-0404.md
@@ -1,6 +1,6 @@
 ```toml
 [advisory]
-id = "RUSTSEC-0000-0000"
+id = "RUSTSEC-2024-0404"
 package = "anstream"
 date = "2024-09-08"
 url = "https://github.com/rust-cli/anstyle/issues/156"
diff --git a/crates/js-sandbox/RUSTSEC-2024-0403.md b/crates/js-sandbox/RUSTSEC-2024-0403.md
@@ -1,22 +1,22 @@
-```toml
-[advisory]
-id = "RUSTSEC-0000-0000"
-package = "js-sandbox"
-date = "2024-07-18"
-url = "https://github.com/Bromeon/js-sandbox/issues/31"
-categories = ["denial-of-service"]
-
-[versions]
-patched = []
-```
-
-# op_panic in the base runtime can force a panic in the runtime's containing thread
-
-Affected versions use deno_core releases that expose `Deno.core.ops.op_panic` to the JS runtime in the base core
-
-This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing
-
-It can be fixed by stubbing out the exposed op:
-```javascript
-Deno.core.ops.op_panic = (msg) => { throw new Error(msg) };
-```
+```toml
+[advisory]
+id = "RUSTSEC-2024-0403"
+package = "js-sandbox"
+date = "2024-07-18"
+url = "https://github.com/Bromeon/js-sandbox/issues/31"
+categories = ["denial-of-service"]
+
+[versions]
+patched = []
+```
+
+# op_panic in the base runtime can force a panic in the runtime's containing thread
+
+Affected versions use deno_core releases that expose `Deno.core.ops.op_panic` to the JS runtime in the base core
+
+This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing
+
+It can be fixed by stubbing out the exposed op:
+```javascript
+Deno.core.ops.op_panic = (msg) => { throw new Error(msg) };
+```
diff --git a/crates/rustyscript/RUSTSEC-2024-0405.md b/crates/rustyscript/RUSTSEC-2024-0405.md
@@ -1,23 +1,23 @@
-```toml
-[advisory]
-id = "RUSTSEC-0000-0000"
-package = "rustyscript"
-date = "2024-07-18"
-url = "https://github.com/rscarson/rustyscript/issues/174"
-categories = ["denial-of-service"]
-
-[versions]
-patched = [">= 0.6.1"]
-unaffected = ["<= 0.3.0"]
-```
-
-# op_panic in the base runtime can force a panic in the runtime's containing thread
-
-Affected versions use deno_core releases that expose `Deno.core.ops.op_panic` to the JS runtime in the base core
-
-This function when called triggers a manual panic in the thread containing the runtime.
-
-It can be fixed by stubbing out the exposed op:
-```javascript
-Deno.core.ops.op_panic = (msg) => { throw new Error(msg) };
-```
+```toml
+[advisory]
+id = "RUSTSEC-2024-0405"
+package = "rustyscript"
+date = "2024-07-18"
+url = "https://github.com/rscarson/rustyscript/issues/174"
+categories = ["denial-of-service"]
+
+[versions]
+patched = [">= 0.6.1"]
+unaffected = ["<= 0.3.0"]
+```
+
+# op_panic in the base runtime can force a panic in the runtime's containing thread
+
+Affected versions use deno_core releases that expose `Deno.core.ops.op_panic` to the JS runtime in the base core
+
+This function when called triggers a manual panic in the thread containing the runtime.
+
+It can be fixed by stubbing out the exposed op:
+```javascript
+Deno.core.ops.op_panic = (msg) => { throw new Error(msg) };
+```
