fix: migrate from tokio-tar to astral-tokio-tar

tokio-tar is unmaintained and has unpatched CVE-2025-62518. More details on CVE are in <https://edera.dev/stories/tarmageddon>. tokio-tar is only used for transferring backups and worst case is that by manually inspecting a carefully crafted backup user will not see the same files as get unpacked when importing a backup.
2026-05-03 05:16:28 +03:00 · 2025-10-21 20:38:17 +00:00
parent 51b9e86d71
commit 3c93f61b4d
3 changed files with 22 additions and 43 deletions
--- a/deny.toml
+++ b/deny.toml
@@ -36,8 +36,6 @@ skip = [
     { name = "rand_chacha", version = "0.3.1" },
     { name = "rand_core", version = "0.6.4" },
     { name = "rand", version = "0.8.5" },
-     { name = "redox_syscall", version = "0.3.5" },
-     { name = "redox_syscall", version = "0.4.1" },
     { name = "rustix", version = "0.38.44" },
     { name = "serdect", version = "0.2.0" },
     { name = "spin", version = "0.9.8" },