Closed oherrala closed 3 years ago
Even while unmaintained, dirs
has a much larger set of dependent crates and no known vulnerabilities (yet). Given the wide use of the this crate and given how new the dirs-next
crate is, I'm going to stick with dirs
out of an abundance of caution for now.
dirs-next
is picking up popularity and one the owners is part of the rust-lang release team (see https://www.rust-lang.org/governance/teams/release).
I'm going to stick with
dirs
out of an abundance of caution for now.
Could this be reconsidered? @Stebalien
So, after doing a bit of research, "dirs" is not really unmaintained. However, it definitely looks like "dirs-next" has a better trajectory.
Fixes https://rustsec.org/advisories/RUSTSEC-2020-0053