search

alloy-rs / alloy

Transports, Middleware, and Networks for the Alloy project
https://alloy.rs
Apache License 2.0
653 stars 236 forks source link

[Bug] Dependency Update: derivative is Unmaintained #1660

Closed nicanorflavier closed 4 days ago

nicanorflavier commented 4 days ago

Component

other

What version of Alloy are you on?

0.6.4

Operating System

Linux

Describe the bug

Hello,

I have noticed that the alloy repository currently uses the derivative crate, which is now marked as unmaintained according to a recent cargo audit report. To ensure the stability and security of this project, I'd advise to consider replacing derivative with a maintained alternative.

Cargo Audit Report:

Crate:     derivative
Version:   2.2.0
Warning:   unmaintained
Title:     `derivative` is unmaintained; consider using an alternative
Date:      2024-06-26
ID:        RUSTSEC-2024-0388
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0388

I'd suggest exploring other maintained crates if time permits, that offer similar functionality to ensure the project's dependencies remain up-to-date and secure.

mattsse commented 4 days ago

addressed here, will be resolved once there's a new ssz release https://github.com/sigp/ethereum_ssz/pull/34