(address . bug-guix@gnu.org)
I noticed rust-brotli-sys bundles brotli:
The version it bundles is apparently insecure:
As mentioned at https://github.com/actix/actix-web/issues/2537, there
have been multiple PR updating it to new PR but they were abandoned, so
it appears we have to remove rust-brotli-sys entirely (in favour of
rust-brotli?) or merge one of them (or better: unbundle) things on our own.
Greetings,
Maxime.