Old pgp dependency relies on crates that have been renamed or merged

Richterrettich / rpm-rs

A pure rust library for building and parsing RPM's

Other

39 stars 18 forks source link

Old pgp dependency relies on crates that have been renamed or merged #55

Closed Pi-Cla closed 2 years ago

Pi-Cla commented 2 years ago

There are warnings from cargo audit about the version of pgp this crate uses depending on various crates that had been renamed or merged, here is one of them:

Crate:     aes-soft
Version:   0.6.4
Warning:   unmaintained
Title:     `aes-soft` has been merged into the `aes` crate
Date:      2021-04-29
ID:        RUSTSEC-2021-0060
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0060
Dependency tree:
aes-soft 0.6.4
└── aes 0.6.0
    └── pgp 0.7.2
        └── rpm-rs 0.8.1

Pi-Cla commented 2 years ago

Upon further research, apparently the issue with the time crate is misleading since it is already fixed in chrono. (https://github.com/chronotope/chrono/issues/499#issuecomment-940433677) So instead I will edit this to only mention the warning about package merging.

Pi-Cla commented 2 years ago

Nvm... sorry for taking up space, even the warnings aren't meaningful upon further further investigation