There is a new pull request by jcgruenhage against master on the void-packages repository https://github.com/jcgruenhage/void-packages rust-cargo-audit-0.17.4_1 https://github.com/void-linux/void-packages/pull/40520 rust-cargo-audit: update to 0.17.4. #### Testing the changes - I tested the changes in this PR: **YES** This update includes scanning of binaries (feature has been turned on by default upstream, we previously didn't ship that), so together with the recently merged #40272, this allows us to check binaries shipped by Void for rustsec advisories like so: ``` void-packages on  rust-cargo-audit-0.17.4_1 [$!?] took 3m58s ❯ cargo audit bin /usr/bin/comrak Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 469 security advisories (from /home/jcgruenhage/.cargo/advisory-db) Updating crates.io index Found 'cargo auditable' data in /usr/bin/comrak (83 dependencies) Crate: xml-rs Version: 0.8.4 Warning: unmaintained Title: xml-rs is Unmaintained Date: 2022-01-26 ID: RUSTSEC-2022-0048 URL: https://rustsec.org/advisories/RUSTSEC-2022-0048 Dependency tree: xml-rs 0.8.4 └── plist 1.3.1 └── syntect 5.0.0 └── comrak 0.15.0 warning: 1 allowed warning found in /usr/bin/comrak ``` A patch file from https://github.com/void-linux/void-packages/pull/40520.patch is attached