Closed filiptibell closed 1 year ago
FWIW, as you have already uncovered, these dependencies aren't used by the library so you should be able to safely ignore the warning if you're only using the library.
That said, we could try upgrading the dependency to get past the security advisory, or maybe there's a way to split the dependencies so they are only included with the binary. Happy to accept a PR :)
rbx_cookie
as a library currently depends onclap
andenv_logger
even for the library published to crates.io, with no feature flag to disable them. This is causing Lune to have duplicate dependencies on these libraries, and the old version ofclap
also depends onatty
which is deprecated and currently giving the Lune repo a security advisory warning.