Memory unsafety in used crate nix

[Ganneff]

Hi

cargo-deny, a useful thing, has the error pasted below for the nix crate version that home-dir is using.
An update to something more recent would be nice.

Greetings,
Ganneff

error[A001]: Out-of-bounds write in nix::unistd::getgrouplist
│ nix 0.18.0 registry+https://github.com/rust-lang/crates.io-index
│ ---------------------------------------------------------------- security vulnerability detected
│
= ID: RUSTSEC-2021-0119
= Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0119
= On certain platforms, if a user has more than 16 groups, the
nix::unistd::getgrouplist function will call the libc getgrouplist
function with a length parameter greater than the size of the buffer it
provides, resulting in an out-of-bounds write and memory corruption.

 The libc `getgrouplist` function takes an in/out parameter `ngroups`
 specifying the size of the group buffer. When the buffer is too small to
 hold all of the reqested user's group memberships, some libc
 implementations, including glibc and Solaris libc, will modify `ngroups`
 to indicate the actual number of groups for the user, in addition to
 returning an error. The version of `nix::unistd::getgrouplist` in nix
 0.16.0 and up will resize the buffer to twice its size, but will not
 read or modify the `ngroups` variable. Thus, if the user has more than
 twice as many groups as the initial buffer size of 8, the next call to
 `getgrouplist` will then write past the end of the buffer.
 
 The issue would require editing /etc/groups to exploit, which is usually
 only editable by the root user.

= Announcement: nix-rust/nix#1541
= Solution: Upgrade to ^0.20.2 OR ^0.21.2 OR ^0.22.2 OR >=0.23.0
= nix v0.18.0
└── home-dir v0.1.0