Forking confusing: Vulnerable Rust crate exposes uv Python packager

Forks of forks of forks, but which ones are patched?

A vulnerability in the popular Rust crate async-tar has affected the fast uv Python package manager, which uses a forked version that's now patched - but the most widely downloaded version remains unfixed....