Open XVilka opened 4 years ago
cc @dtolnay
Hi @XVilka, thanks for the PRs!
If you are interested in maintaining, I would recommend publishing your fork under a different crate name. I think the community would appreciate having a maintained fork; it doesn't have to be this repo.
We would use the fork in clap v2 if our security PR gets merged.
@pksunkara No, we wouldn't. Switching to a fork would mean that Yaml
types became different, exactly the reason we can't just bump it to yaml-rust 0.4
.
I suggested to switch to a fork of yaml-rust
clap 3.0 was because depending on something that's being maintained is way better than depending on something unmaintained.
@XVilka Are you looking forward to forking and maintaining the repo on you own? If not, I would go ahead and do that myself.
@CreepySkeleton sadly no time for this, I am already scattered among many projects.
@XVilka did you get any updates on this issue? I see that your 2 PRs ended up being merged.
Is this project still maintained? @chyh1990 @XVilka or is there a maintained fork?
@olalonde not that I am aware of. Maybe @dtolnay could suggest an alternative.
I am not aware of a maintained fork.
My (previously) maintained fork (yaml-rust-davvid` @ crates.io) has merged efforts with @Ethiraric's fork as of https://github.com/Ethiraric/yaml-rust2/pull/2.
yaml-rust
users should switch over to the actively maintained yaml-rust2
project ~ https://github.com/Ethiraric/yaml-rust2 (yaml-rust2 @ crates.io).
Use this Cargo.toml
snippet to use yaml-rust2
as a drop-in replacement for yaml-rust
:
[dependencies]
yaml-rust = { version = "0.6", package = "yaml-rust2" }
This allows you to switch to yaml-rust2
while continuing to refer to yaml_rust
in your code (e.g. use yaml_rust::YamlLoader;
will continue to work so that no Rust code changes are required).
My (previously) maintained fork (yaml-rust-davvid` @ crates.io) has merged efforts with @Ethiraric's fork as of Ethiraric#2.
yaml-rust
users should switch over to the actively maintainedyaml-rust2
project ~ https://github.com/Ethiraric/yaml-rust2 (yaml-rust2 @ crates.io).Upgrading from yaml-rust
Use this
Cargo.toml
snippet to useyaml-rust2
as a drop-in replacement foryaml-rust
:[dependencies] yaml-rust = { version = "0.6", package = "yaml-rust2" }
This allows you to switch to
yaml-rust2
while continuing to refer toyaml_rust
in your code (e.g.use yaml_rust::YamlLoader;
will continue to work so that no Rust code changes are required).
I have a direct dependency on config
v0.13 in my project, so I have a transient dependency on yaml-rust
v0.4.5.
I am using cargo deny check advisories
to check for any advisories (including unmaintained advisories) in my CI. Since yaml-rust
is unmaintained, that step in the CI fails.
I want to replace the transient dependency on yaml-rust
with yaml-rust2
v0.7.0
I have tried the following 3 things but they all fail to replace yaml-rust
.
1.
yaml-rust = { version = "0.6", package = "yaml-rust2" }
2.
[patch.'https://github.com/chyh1990/yaml-rust']
yaml-rust2 = { git = 'https://github.com/Ethiraric/yaml-rust2.git' }
3.
[patch.crates-io]
yaml-rust = { git = 'https://github.com/Ethiraric/yaml-rust2.git' }
Am I doing something wrong? My Cargo.toml is here.
It seems that you don't have time to maintain this repository. This crate is a "core" with a big count of downloads. Please consider adding more maintainers. I sent two PRs modernizing the code: