blake-mealey
commented
1 year ago FWIW, as you have already uncovered, these dependencies aren't used by the library so you should be able to safely ignore the warning if you're only using the library.
That said, we could try upgrading the dependency to get past the security advisory, or maybe there's a way to split the dependencies so they are only included with the binary. Happy to accept a PR :)
rbx_cookieas a library currently depends onclapandenv_loggereven for the library published to crates.io, with no feature flag to disable them. This is causing Lune to have duplicate dependencies on these libraries, and the old version ofclapalso depends onattywhich is deprecated and currently giving the Lune repo a security advisory warning.