search

boinkor-net / governor

A rate-limiting library for Rust (f.k.a. ratelimit_meter)
https://github.com/boinkor-net/governor
MIT License
579 stars 45 forks source link

cargo audit finds two addressable warnings #174

Closed jqnatividad closed 1 year ago

jqnatividad commented 1 year ago

First off, thanks for this awesome crate!

However, cargo audit finds:

Crate: mach Version: 0.3.2 Warning: unmaintained Title: mach is unmaintained Date: 2020-07-14 ID: RUSTSEC-2020-0168 URL: https://rustsec.org/advisories/RUSTSEC-2020-0168 Dependency tree: mach 0.3.2 └── quanta 0.9.3 └── governor 0.5.1

Crate: serde_cbor Version: 0.11.2 Warning: unmaintained Title: serde_cbor is unmaintained Date: 2021-08-15 ID: RUSTSEC-2021-0127 URL: https://rustsec.org/advisories/RUSTSEC-2021-0127 Dependency tree: serde_cbor 0.11.2 └── criterion 0.3.6 └── governor 0.5.1

The first warning can be handled by upgrading quanta to 0.11.

The second warning can be handled by upgrading criterion to 0.4.0.

antifuchs commented 1 year ago

Thanks for the heads-up! I was hoping I could procrastinate upgrading quanta (it's so deeply tied into governor's performance characteristics, it'll be a bit of work to make sure there are no regressions), but what can you do! I'll try updating them today.