This crate depends on anymap. Unfortunately anymap did not receive any updates for more than 3 years and all available versions are flagged in GHSA advisory with severity critical (CVE-2021-38187), triggering alerts in our GitHub deployment pipeline.

While anymap is unmaintained, there are different forks available (e.g. anymap3). I cannot give a concrete recommendation, but I think it's adviseable to replace anymap with some alternative solution.

We deactivated the default features of russcip to get around the limitation since we do not need this feature anyway.