Security Vulnerability: RUSTSEC-2024-0436 in dependency paste

[github-actions]

Dependency Vulnerability Alert

Vulnerability ID: RUSTSEC-2024-0436
Package: paste

Details:
The creator of the crate paste has stated in the README.md
that this project is not longer maintained as well as archived the repository

Possible Alternative(s)

• pastey: a fork of paste and is aimed to be a drop-in replacement with additional features for paste crate
• with_builtin_macros: crate providing a superset of paste's functionality including general macro_rules! eager expansions and concat!/concat_idents! macros

cc @CodNoob100 Please update this dependency to a patched version.

[CodNoob100]

This RUSTSEC-2024-0436 vulnerability in the paste macro crate is a transitive dependency introduced by astembed via tokenizers and image. Since paste is merely an unmaintained macro expansion crate that only runs at compile-time and has no runtime exploitable risks, it is safe to ignore in production. It cannot be upgraded without forking upstream HuggingFace libraries.