Change unmaintained dirs crate to dirs-next

Stebalien / term

A Rust library for terminfo parsing and terminal colors.

https://stebalien.github.io/doc/term/term/

Apache License 2.0

178 stars 49 forks source link

Change unmaintained dirs crate to dirs-next #103

Closed oherrala closed 3 years ago

oherrala commented 3 years ago

Fixes https://rustsec.org/advisories/RUSTSEC-2020-0053

Crate:  dirs
Title:  dirs is unmaintained, use dirs-next instead
Date:   2020-10-16
URL:    https://rustsec.org/advisories/RUSTSEC-2020-0053
Dependency tree:
dirs 3.0.1
└── term 0.6.1

Stebalien commented 3 years ago

Even while unmaintained, dirs has a much larger set of dependent crates and no known vulnerabilities (yet). Given the wide use of the this crate and given how new the dirs-next crate is, I'm going to stick with dirs out of an abundance of caution for now.

paolobarbolini commented 3 years ago

dirs-next is picking up popularity and one the owners is part of the rust-lang release team (see https://www.rust-lang.org/governance/teams/release).

I'm going to stick with dirs out of an abundance of caution for now.

Could this be reconsidered? @Stebalien

Stebalien commented 3 years ago

So, after doing a bit of research, "dirs" is not really unmaintained. However, it definitely looks like "dirs-next" has a better trajectory.