The lucet sandbox compiler used in RLBox doesn't follow the upstream development closely, and actually has been lagging for a great distance. This brings several warnings from cargo-audit due to the old dependencies, currently include:

• raw-cpuid (soundness issue, need to upgrade to >=9.0.0, currently 7.0.3)
• failure (deprecated and unmaintained)

According to the email last time I got from Shravan, it seems they are going to migrate the use to wasmtime instead of upgrading the compiler to the latest on upstream, but I couldn't find any existing bug to track this work, so I'm creating this.

Yep, we're actively working on this, and Shravan has some promising prototypes. He's going to sit down with glandium this week to chart out the path of getting stuff landed.

The Bugbug bot thinks this bug should belong to the 'Core::Security: Process Sandboxing' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Marking P1 per comment 1.