RUSTSEC-2025-0146 `sha-rust` was removed from crates.io for malicious code

It appeared to be attempting to steal credentials from local files...

armory_cli (>=0.3.3 <=0.3.28), armory_lib (>=0.1.0 <=0.3.28) +157 more potentially affected by unknown CVE via crypto-hash (=0.3.4)

crypto-hash CARGO version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on crypto-hash and may be impacted: - armorycli =0.3.3, =0.1.0, =0.1.0, =0.1.0, =0.10.0, =0.10.0, =0.23.0, =0.1.0, =0.5.0, =0.3.10, =0.1.0, =0.2.2, =0.6.3 and more Source cve...