update readme, bump: libc to 0.2.140, paste to 1.0.12, serde_json to …

…1.0.94, serde to 1.0.157

Cargo.toml

@@ -16,11 +16,11 @@ codegen-units = 1  # use a single thread
 
 [dependencies]
 lazy_static = "1.4.0"
-libc = "0.2.137"
+libc = "0.2.140"
 libnss = "0.4"
-paste = "1.0.9"
-serde_json = "1.0.87"
-serde = { version = "1.0.147", features = ["derive"] }
+paste = "1.0.12"
+serde_json = "1.0.94"
+serde = { version = "1.0.157", features = ["derive"] }
 shlex = "1.1.0"
 
 [lib]

README.md

@@ -321,10 +321,11 @@ This NSS plugin runs commands defined in the file `/etc/libnss_shim/config.json`
 default. Ensure that this file, the commands defined inside it, and any other related resources remain inaccessible to
 other users, or the system may be vulnerable to privilege escalation attacks.
 
-Commands are not passed through a shell for execution. Although it is certainly possible to run software like `bash`
-with `libnss_shim`, using a shell is not recommended as this comes at the risk of command injection. If a shell is used
-despite this, then codes used to pass data (like `<$name>`) are recommended to be set using environment variables rather
-than arguments.
+It is recommended to pass data (like `<$name>`) using environment variables rather than arguments, except for
+testing purposes. Environment variables are generally private, whereas commands/launch args are not.
+
+Commands are not passed through a shell for execution. Although it is possible to run software like `bash`
+with `libnss_shim`, using a shell is not recommended as this comes with additional risks such as command injection.
 
 ## Useful resources
 

changelog/CHANGELOG.txt

@@ -1,4 +1,5 @@
-- Update README (clarify usage of codes
-- Update libc crate to 0.2.137
-- Update serde_json crate to 1.0.87
-- Update serde crate to 1.0.147
+- Update README (clarify usage of codes)
+- Update libc crate to 0.2.140
+- Update paste crate to 1.0.12
+- Update serde_json crate to 1.0.94
+- Update serde crate to 1.0.157