Forking confusing: Vulnerable Rust crate exposes uv Python packager
Forks of forks of forks, but which ones are patched? A vulnerability in the popular Rust crate async-tar has affected the fast uv Python package manager, which uses a forked version that's now patched – but the most widely downloaded version remains unfixed.... [...]