RUSTSEC-2024-0320: yaml-rust is unmaintained.

cloudflare / pingora

A library for building fast, reliable and evolvable network services.

Apache License 2.0

20.3k stars 1.1k forks source link

RUSTSEC-2024-0320: yaml-rust is unmaintained. #158

Open github-actions[bot] opened 3 months ago

github-actions[bot] commented 3 months ago

Details
Package	`yaml-rust`
Version	`0.4.5`
Warning	unmaintained
URL	https://github.com/rustsec/advisory-db/issues/1921
Patched Versions	n/a

The maintainer seems unreachable.

Many issues and pull requests have been submitted over the years without any response.

Alternatives

Consider switching to the actively maintained yaml-rust2 fork of the original project:

yaml-rust2
yaml-rust2 @ crates.io)

jamesmunns commented 3 months ago

Maybe CC #159 - I actually propose "don't handle config in pingora directly" there, could be worth discussing before making a mechanical switchover.