v1.3.12: Detect cached null bytes

emk · emk · commit 062cf6dc96a5 · 2023-08-26T15:55:09.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.3.12] - 2023-08-26
+
+### Fixed
+
+- If we find a `\0` byte in cached data, try looking it up again. Also, report an error if the Smarty API ever returns a `\0` byte.
+
 ## [1.3.11] - 2023-08-20
 
 ### Security
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "geocode-csv"
-version = "1.3.11"
+version = "1.3.12"
 authors = ["Eric Kidd <git@randomhacks.net>"]
 edition = "2018"
 
diff --git a/deny.toml b/deny.toml
@@ -13,6 +13,12 @@ ignore = [
     #"RUSTSEC-2020-0159",
     # Also `localtime_r`.
     "RUSTSEC-2020-0071",
+    # Exponential CPU usage in `webpki` could be used in a denial of service
+    # attack, but (1) we only connect to a few trusted SaaS hosts, and (2) the
+    # worst case scenario is that we run too slowly.
+    "RUSTSEC-2023-0052",
+    # Ditto, but in `rustls-webpki`.
+    "RUSTSEC-2023-0053",
 ]
 
 [licenses]
